際際滷

際際滷Share a Scribd company logo

Ldap configuration documentation

Shree Niraula
Shree Niraula

This document provides instructions for configuring an LDAP server with the following key steps: 1. Install required LDAP packages and create a root password. 2. Configure the LDAP configuration file and import a base LDIF file. 3. Create Unix test accounts, convert their passwords to LDIF files, and import the LDIF files into the LDAP database.

1 of 11
LDAP Configuration Documentation Installation Guide 01. Network Details: Below is the network details used while writing this article. System name: openldap.example.com System IP: 192.168.10.50 Domain Name: example.com Step 1: Create Test Accounts Firsty create two test user accounts in your linux system using following commnands. # useradd ldapuser1 # useradd ldapuser2 # passwd ldapuser1 # passwd ldapuser2 Step 2: Install Requird Packages Below is list of software required for setup openldap compat-openldap openldap-clients openldap-devel openldap-servers openldap-servers-sql Install all packages using following command. # yum install *openldap* -y
Step 3: Setup OpenLDAP root Password After installing openldap packages, First create OpenLDAP root user password # slappasswd New password: Re-enter new password: {SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw Step 4:Edit Configuration File Edit openldap configuration file with new values , use rootpw value get from slappasswd command in above step # vi /etc/openldap/slapd.conf database bdb suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw {SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw Step 5:Setup LDAP Database File Copye example LDAP database file at below location. Use given example file from openldap # cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG Step 6 Start Services Start openldap service and setup service to auto start on system boot
# service ldap start # chkconfig ldap on Step 7: Create Domain LDIF File Now Create ldif (LDAP Data Interchange Format) file for your domain example.com, You can use any filename with extension ldif # vim /etc/openldap/base.ldif dn: dc=example,dc=com dc: example objectClass: top objectClass: domain dn: ou=users,dc=example,dc=com ou: users objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=example,dc=com ou: Group objectClass: top objectClass: organizationalUnit Step 8: Create Users LDIF File After creating ldif file for your domain, Let create ldif file for all test users. # cd /usr/share/openldap/migration/
# grep root /etc/passwd > /etc/openldap/passwd.root # grep ldapuser1 /etc/passwd > /etc/openldap/passwd.ldapuser1 # grep ldapuser2 /etc/passwd > /etc/openldap/passwd.ldapuser2 # ./migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif # ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser1.ldif # ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser2.ldif Step 9: Edit Users LDIF Files Modify all LDIF files created for users as per below given example for ldapuser1. # vim /etc/openldap/ldapuser1.ldif dn: uid=ldapuser1,dc=example,dc=com uid: ldapuser1 cn: ldapuser1 objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: radiusprofile description: 802.1x user radiusFilterId: "Enterasys:version=1:policy=Enterprise User" userPassword: {crypt}$1$rN6WLraT$9skdu7BpRUM6v7DiEhQXt1
shadowLastChange: 15419 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 612 gidNumber: 612 homeDirectory: /home/ldapuser1 Note: Make sure you have added below 3 file in ldif for integrating radius-ldap authentication objectClass: radiusprofile description: 802.1x user radiusFilterId: Enterasys:version=1:policy=Enterprise User Step 10: Import All Data Import all Data from configuration files to LDAP database Importing base.ldif: # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/base.ldif Enter LDAP Password: adding new entry "dc=example,dc=com" adding new entry "ou=users,dc=example,dc=com" adding new entry "ou=Group,dc=example,dc=com" Importing root.ldif: # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/root.ldif
Enter LDAP Password: adding new entry "uid=root,ou=users,dc=example,dc=com" adding new entry "uid=operator,ou=users,dc=example,dc=com" Importing ldapuser1.ldif: # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser1.ldif Enter LDAP Password: adding new entry "uid=ldapuser1,ou=users,dc=example,dc=com" Importing ldapuser2.ldif: # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser2.ldif Enter LDAP Password: adding new entry "uid=ldapuser2,ou=users,dc=example,dc=com" Step 11: Restart LDAP Service Stop and Start LDAP service using following command. # /etc/init.d/ldap stop # /etc/init.d/ldap start Step 12: Test Your Setup You setup has been completed, Lets test your ldap server using ldapsearch # ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
Congratulations your ldap setup has been completed. Installation Guide 01 Completed
Installation Guide 02 Start Step by Step Installation and Configuration OpenLDAP Server Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E System name: ldap.shree.com Domain name: shree.com System IP: 192.168.1.212 Note: Use your domain name and IP instead of adminmart. Easy steps for adding users: 1. Create unix user 2. Create unix user's ldap passwd file 3. Convert passwd.file to ldif file 4. Add ldap file to LDAP Directory using ldapadd Step #1. Requirements compat-openldap.i386 0:2.1.30-6.4E openldap-clients.i386 0:2.2.13-6.4E openldap-devel.i386 0:2.2.13-6.4E openldap-servers.i386 0:2.2.13-6.4E openldap-servers-sql.i386 0:2.2.13-6.4E You can install them using the command: yum install *openldap* -y Step #2. Start the service [root@ldap ~]# chkconfig --levels 235 ldap on [root@ldap ~]# service ldap start Step #3. Create LDAP root user password [root@ldap ~]# slappasswd New password: Re-enter new password: {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW [root@ldap ~]# Step #4. Update /etc/openldap/slapd.conf for the root password [root@ldap ~]# vi /etc/openldap/slapd.conf #68 database bdb #69 suffix "dc=adminmart,dc=com"
#70 rootdn "cn=Manager,dc=adminmart,dc=com" #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW Step #5. Apply Changes [root@ldap ~]# service ldap restart Step #6. Create test users [root@ldap ~]# useradd test1 [root@ldap ~]# passwd test1 Changing password for user test1. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@ldap ~]# useradd test2 [root@ldap ~]# passwd test2 Changing password for user test2. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@ldap ~]# Note: Repeat the same for the rest of users Step #7. Migrate local users to LDAP [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1 [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2 Note: Repeat the same for the rest of users Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph #71 $DEFAULT_MAIL_DOMAIN = "shree.com"; #74 $DEFAULT_BASE = "dc=adminmart,dc=com"; Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif
Note: Repeat the same for the rest of users Step #10. Update root.ldif file for the "Manager" of LDAP Server [root@ldap ~]# vi /etc/openldap/root.ldif #1 dn: uid=root,ou=People,dc=adminmart,dc=com #2 uid: root #3 cn: Manager #4 objectClass: account Step #11. Create a domain ldif file (/etc/openldap/shree.com.ldif) [root@ldap ~]# cat /etc/openldap/shree.com.ldif dn: dc=adminmart,dc=com dc: adminmart description: LDAP Admin objectClass: dcObject objectClass: organizationalUnit ou: rootobject dn: ou=People, dc=adminmart,dc=com ou: People description: Users of adminmart objectClass: organizationalUnit Step #12. Import all users in to the LDAP Add the Domain ldif file [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W - f /etc/openldap/shree.com.ldif Enter LDAP Password: adding new entry "dc=adminmart,dc=com" adding new entry "ou=People, dc=adminmart,dc=com" [root@ldap ~]# Add the users: [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W - f /etc/openldap/root.ldif
Enter LDAP Password: adding new entry "uid=root,ou=People,dc=adminmart,dc=com" adding new entry "uid=operator,ou=People,dc=adminmart,dc=com" [root@ldap ~]# [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W - f /etc/openldap/test1.ldif Enter LDAP Password: adding new entry "uid=test1,ou=People,dc=adminmart,dc=com" [root@ldap ~]# [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W - f /etc/openldap/test2.ldif Enter LDAP Password: adding new entry "uid=test2,ou=People,dc=adminmart,dc=com" [root@ldap ~]# Note: Repeat the same for the rest of users Step #13. Apply Changes [root@ldap ~]# service ldap restart Step #14. Test LDAP Server It prints all the user information: [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)' Installation Guide 02 Completed Shree H. Niraula sriniraula@gmail.com

More Related Content

Ldap configuration documentation

  • 1. LDAP Configuration Documentation Installation Guide 01. Network Details: Below is the network details used while writing this article. System name: openldap.example.com System IP: 192.168.10.50 Domain Name: example.com Step 1: Create Test Accounts Firsty create two test user accounts in your linux system using following commnands. # useradd ldapuser1 # useradd ldapuser2 # passwd ldapuser1 # passwd ldapuser2 Step 2: Install Requird Packages Below is list of software required for setup openldap compat-openldap openldap-clients openldap-devel openldap-servers openldap-servers-sql Install all packages using following command. # yum install *openldap* -y
  • 2. Step 3: Setup OpenLDAP root Password After installing openldap packages, First create OpenLDAP root user password # slappasswd New password: Re-enter new password: {SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw Step 4:Edit Configuration File Edit openldap configuration file with new values , use rootpw value get from slappasswd command in above step # vi /etc/openldap/slapd.conf database bdb suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw {SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw Step 5:Setup LDAP Database File Copye example LDAP database file at below location. Use given example file from openldap # cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG Step 6 Start Services Start openldap service and setup service to auto start on system boot
  • 3. # service ldap start # chkconfig ldap on Step 7: Create Domain LDIF File Now Create ldif (LDAP Data Interchange Format) file for your domain example.com, You can use any filename with extension ldif # vim /etc/openldap/base.ldif dn: dc=example,dc=com dc: example objectClass: top objectClass: domain dn: ou=users,dc=example,dc=com ou: users objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=example,dc=com ou: Group objectClass: top objectClass: organizationalUnit Step 8: Create Users LDIF File After creating ldif file for your domain, Let create ldif file for all test users. # cd /usr/share/openldap/migration/
  • 4. # grep root /etc/passwd > /etc/openldap/passwd.root # grep ldapuser1 /etc/passwd > /etc/openldap/passwd.ldapuser1 # grep ldapuser2 /etc/passwd > /etc/openldap/passwd.ldapuser2 # ./migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif # ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser1.ldif # ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser2.ldif Step 9: Edit Users LDIF Files Modify all LDIF files created for users as per below given example for ldapuser1. # vim /etc/openldap/ldapuser1.ldif dn: uid=ldapuser1,dc=example,dc=com uid: ldapuser1 cn: ldapuser1 objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount objectClass: radiusprofile description: 802.1x user radiusFilterId: "Enterasys:version=1:policy=Enterprise User" userPassword: {crypt}$1$rN6WLraT$9skdu7BpRUM6v7DiEhQXt1
  • 5. shadowLastChange: 15419 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 612 gidNumber: 612 homeDirectory: /home/ldapuser1 Note: Make sure you have added below 3 file in ldif for integrating radius-ldap authentication objectClass: radiusprofile description: 802.1x user radiusFilterId: Enterasys:version=1:policy=Enterprise User Step 10: Import All Data Import all Data from configuration files to LDAP database Importing base.ldif: # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/base.ldif Enter LDAP Password: adding new entry "dc=example,dc=com" adding new entry "ou=users,dc=example,dc=com" adding new entry "ou=Group,dc=example,dc=com" Importing root.ldif: # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/root.ldif
  • 6. Enter LDAP Password: adding new entry "uid=root,ou=users,dc=example,dc=com" adding new entry "uid=operator,ou=users,dc=example,dc=com" Importing ldapuser1.ldif: # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser1.ldif Enter LDAP Password: adding new entry "uid=ldapuser1,ou=users,dc=example,dc=com" Importing ldapuser2.ldif: # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser2.ldif Enter LDAP Password: adding new entry "uid=ldapuser2,ou=users,dc=example,dc=com" Step 11: Restart LDAP Service Stop and Start LDAP service using following command. # /etc/init.d/ldap stop # /etc/init.d/ldap start Step 12: Test Your Setup You setup has been completed, Lets test your ldap server using ldapsearch # ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
  • 7. Congratulations your ldap setup has been completed. Installation Guide 01 Completed
  • 8. Installation Guide 02 Start Step by Step Installation and Configuration OpenLDAP Server Software: OS-Cent OS 4.4, openldap 2.2.13-6.4E System name: ldap.shree.com Domain name: shree.com System IP: 192.168.1.212 Note: Use your domain name and IP instead of adminmart. Easy steps for adding users: 1. Create unix user 2. Create unix user's ldap passwd file 3. Convert passwd.file to ldif file 4. Add ldap file to LDAP Directory using ldapadd Step #1. Requirements compat-openldap.i386 0:2.1.30-6.4E openldap-clients.i386 0:2.2.13-6.4E openldap-devel.i386 0:2.2.13-6.4E openldap-servers.i386 0:2.2.13-6.4E openldap-servers-sql.i386 0:2.2.13-6.4E You can install them using the command: yum install *openldap* -y Step #2. Start the service [root@ldap ~]# chkconfig --levels 235 ldap on [root@ldap ~]# service ldap start Step #3. Create LDAP root user password [root@ldap ~]# slappasswd New password: Re-enter new password: {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW [root@ldap ~]# Step #4. Update /etc/openldap/slapd.conf for the root password [root@ldap ~]# vi /etc/openldap/slapd.conf #68 database bdb #69 suffix "dc=adminmart,dc=com"
  • 9. #70 rootdn "cn=Manager,dc=adminmart,dc=com" #71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW Step #5. Apply Changes [root@ldap ~]# service ldap restart Step #6. Create test users [root@ldap ~]# useradd test1 [root@ldap ~]# passwd test1 Changing password for user test1. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@ldap ~]# useradd test2 [root@ldap ~]# passwd test2 Changing password for user test2. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@ldap ~]# Note: Repeat the same for the rest of users Step #7. Migrate local users to LDAP [root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root [root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1 [root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2 Note: Repeat the same for the rest of users Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph #71 $DEFAULT_MAIL_DOMAIN = "shree.com"; #74 $DEFAULT_BASE = "dc=adminmart,dc=com"; Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif [root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif
  • 10. Note: Repeat the same for the rest of users Step #10. Update root.ldif file for the "Manager" of LDAP Server [root@ldap ~]# vi /etc/openldap/root.ldif #1 dn: uid=root,ou=People,dc=adminmart,dc=com #2 uid: root #3 cn: Manager #4 objectClass: account Step #11. Create a domain ldif file (/etc/openldap/shree.com.ldif) [root@ldap ~]# cat /etc/openldap/shree.com.ldif dn: dc=adminmart,dc=com dc: adminmart description: LDAP Admin objectClass: dcObject objectClass: organizationalUnit ou: rootobject dn: ou=People, dc=adminmart,dc=com ou: People description: Users of adminmart objectClass: organizationalUnit Step #12. Import all users in to the LDAP Add the Domain ldif file [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W - f /etc/openldap/shree.com.ldif Enter LDAP Password: adding new entry "dc=adminmart,dc=com" adding new entry "ou=People, dc=adminmart,dc=com" [root@ldap ~]# Add the users: [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W - f /etc/openldap/root.ldif
  • 11. Enter LDAP Password: adding new entry "uid=root,ou=People,dc=adminmart,dc=com" adding new entry "uid=operator,ou=People,dc=adminmart,dc=com" [root@ldap ~]# [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W - f /etc/openldap/test1.ldif Enter LDAP Password: adding new entry "uid=test1,ou=People,dc=adminmart,dc=com" [root@ldap ~]# [root@ldap ~]# ldapadd -x -D "cn=Manager,dc=adminmart,dc=com" -W - f /etc/openldap/test2.ldif Enter LDAP Password: adding new entry "uid=test2,ou=People,dc=adminmart,dc=com" [root@ldap ~]# Note: Repeat the same for the rest of users Step #13. Apply Changes [root@ldap ~]# service ldap restart Step #14. Test LDAP Server It prints all the user information: [root@ldap ~]# ldapsearch -x -b 'dc=adminmart,dc=com' '(objectclass=*)' Installation Guide 02 Completed Shree H. Niraula sriniraula@gmail.com