Step 1″ Install OpenLDAP packages
# yum install openldap openldap-servers openldap-clients
Step 2: Generate a password hash to be used as the admin password. This password hash will be used when you create the root user for your LDAP installation. For example:
[root]# slappasswd New password : p@ssw0rd Re-enter new password : p@ssw0rd {SSHA}5lPFVw19zeh7LT53hQH69znzj8TuBrLv
Step 3: At /etc/openldap/ldap.conf
# # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 # Allow LDAPv2 client connections. This is not the default allow bind_v2 # DO not enable referrals until AFTER you have workinf directory # service AND an understanding of referrals # referrals ldap://root.openldap.org pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args ####################################################################### # ldbm and/or bdb database definitions ####################################################################### database bdb suffix "dc=cluster,dc=spms,dc=ntu,dc=edu,dc=sg" rootdn "cn=manager,dc=cluster,dc=spms,dc=ntu,dc=edu,dc=sg" # Cleartext Passwords, especially for the rootdn, shoud # be avoided. See slappasswd and slapd.conf for details # Use of strong authentication ecouraged rootpw {SSHA}5lPFVw19zeh7LT53hQH69znzj8TuBrLv # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap # indices to be maintain for this database index ObjectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CACERTDIR /etc/openldap/certs
Step 4: Start the Service
# service slapd start
Step 5: Check that the service is working.
[root@ldap init.d]# netstat -lnpt |grep 389 tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 13513/slapd tcp 0 0 :::389 :::* LISTEN 13513/slapd
Step 6: Create LDIF file to add data
# vim /etc/openldap/base.ldif # cluster.spms.ntu.edu.sg dn: dc=cluster,dc=spms,dc=ntu,dc=edu,dc=sg dc: cluster objectClass: top objectClass: domain # People, cluster.spms.ntu.edu.sg dn: ou=Users,dc=cluster,dc=spms,dc=ntu,dc=edu,dc=sg ou: Users objectClass: top objectClass: organizationalUnit # Groups, cluster.spms.ntu.edu.sg dn: ou=Groups,dc=cluster,dc=spms,dc=ntu,dc=edu,dc=sg ou: Groups objectClass: top objectClass: organizationalUnit # Computers, cluster.spms.ntu.edu.sg dn: ou=Computers,dc=cluster,dc=spms,dc=ntu,dc=edu,dc=sg ou: Computers objectClass: top objectClass: organizationalUnit