by

Configuring OpenLDAP on CentOS 6 (Part 1)


Step 1″ Install OpenLDAP packages

# yum install openldap openldap-servers openldap-clients

Step 2: Generate a password hash to be used as the admin password. This password hash will be used when you create the root user for your LDAP installation. For example:

[root]# slappasswd
New password : p@ssw0rd
Re-enter new password : p@ssw0rd
{SSHA}5lPFVw19zeh7LT53hQH69znzj8TuBrLv

Step 3: At /etc/openldap/ldap.conf

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

#BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

# Allow LDAPv2 client connections. This is not the default
allow bind_v2

# DO not enable referrals until AFTER you have workinf directory
# service AND an understanding of referrals
# referrals     ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database        bdb
suffix          "dc=cluster,dc=spms,dc=ntu,dc=edu,dc=sg"
rootdn          "cn=manager,dc=cluster,dc=spms,dc=ntu,dc=edu,dc=sg"

# Cleartext Passwords, especially for the rootdn, shoud
# be avoided. See slappasswd and slapd.conf for details
# Use of strong authentication ecouraged
rootpw          {SSHA}5lPFVw19zeh7LT53hQH69znzj8TuBrLv

# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/lib/ldap

# indices to be maintain for this database
index ObjectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub


#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

TLS_CACERTDIR   /etc/openldap/certs

Step 4: Start the Service

# service slapd start

Step 5: Check that the service is working.

[root@ldap init.d]# netstat -lnpt |grep 389
tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN      13513/slapd
tcp        0      0 :::389                      :::*                        LISTEN      13513/slapd

Step 6: Create LDIF file to add data

# vim /etc/openldap/base.ldif

# cluster.spms.ntu.edu.sg
dn:     dc=cluster,dc=spms,dc=ntu,dc=edu,dc=sg
dc:     cluster
objectClass: top
objectClass: domain

# People, cluster.spms.ntu.edu.sg
dn: ou=Users,dc=cluster,dc=spms,dc=ntu,dc=edu,dc=sg
ou: Users
objectClass: top
objectClass: organizationalUnit

# Groups, cluster.spms.ntu.edu.sg
dn: ou=Groups,dc=cluster,dc=spms,dc=ntu,dc=edu,dc=sg
ou: Groups
objectClass: top
objectClass: organizationalUnit

# Computers, cluster.spms.ntu.edu.sg
dn: ou=Computers,dc=cluster,dc=spms,dc=ntu,dc=edu,dc=sg
ou: Computers
objectClass: top
objectClass: organizationalUnit

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.