How to install OpenLDAP on CentOS 7

1
10337

We like CentOS very much to be a server operating system, I think we have made that clear; it is a great system, easy to use and maintain, and you can install many specific tools to manage services within a network server. It is also compatible with the RHEL software and repository, providing a good number of applications available.

One of those important applications that can be installed in CentOS 7, oriented to server management is OpenLDAP which is an open LDAP implementation that allows us to access an orderly and distributed directory service to search for diverse information in a network environment, ie a centralized way to store contact information in an organization.

OpenLDAP has four main components:

  • slapd: autonomous LDAP daemon.
  • slurpd: standalone LDAP update replication daemon.
  • LDAP protocol support library routines
  • Utilities tools and customers.

In this tutorial we will install OpenLDAP in cents 7.

Let’s get to work

1.- Upgrading the system and installing openldap packages

As always, the first thing to do is to update the system.

:~# yum update
1.- Upgrading the system
1.- Upgrading the system

Now we proceed to install the OpenLDAP packages.

:~# yum install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel
2.- Installing openldap packages
2.- Installing openldap packages

Once the packages have been installed, we must enable and initialize the openLDAP service.

:~# systemctl enable slapd
:~# systemctl start slapd
3.- enabling slapd
3.- enabling slapd

2.- Configuring openLDAP server

First we must generate the OpenLDAP root password. That’s why we write:

:~# slappasswd -h {SSHA} -s your_password

and we’ll get something like this:

:~# {SSHA}XKrTsGmjsV0Rw1lZzLaOr7pqvZRrbv8A

Next, create the openLDAP configuration file so that it can work correctly. We write:

:~# nano conf.ldif

And we place the following content:

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=osradar,dc=local

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=angelo,dc=osradar,dc=local

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}XKrTsGmjsV0Rw1lZzLaOr7pqvZRrbv8A

From that file you must modify these three parameters at your convenience:

  • olcSuffix: Basically the suffix is your hostname. For your reference, in this tutorial the hostname is osradar.local
  • olcRootDN: This refers to the openLDAP administrator user.
  • olcRootPW: Here is the password generated above. Put yours up.
4.- Editing conf file
4.- Editing conf file

when we finish editing the file, we proceed to “upload” the configuration created to openLDAP with ldapmodify.

:~# ldapmodify -Y EXTERNAL -H ldapi:/// -f conf.ldif
5.- ldapmodify
5.- ldapmodify

3.- Configuring the openLDAP Database

Now we proceed to copy the example database and grant it permissions.

:~# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
:~# chown ldap:ldap /var/lib/ldap/*
6.- Configuring database openldap
6.- Configuring database openldap

And we add the rest of the schemas.

:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

Now we create our file named base.ldif

:~# nano base.ldif

And within this we add the following:

dn: dc=osradar,dc=local
dc: osradar
objectClass: top
objectClass: domain

dn: cn=angelo ,dc=osradar,dc=local
objectClass: organizationalRole
cn: angelo
description: LDAP Manager

dn: ou=users,dc=osradar,dc=local
objectClass: organizationalUnit
ou: Users

dn: ou=Group,dc=osradar,dc=local
objectClass: organizationalUnit
ou: Group
7.- Creating base file
7.- Creating base file

Now we must write the command to create the directory structure. In doing so we will be asked for the openldap password.

:~# ldapadd -x -W -D "cn=angelo,dc=osradar,dc=local" -f base.ldif

Of course, change the parameters to your own.

8.- building directory structure
8.- building directory structure

4.-Creating openLDAP User

now we proceed to create a user for openLDAP. An easy way to do this is to create a file for the new user, I’ll call it newuser.ldif.

:~# nano newuser.ldif

And in it we will copy the following content:

dn: uid=user,ou=users,dc=osradar,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: user
uid: user
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/user
loginShell: /bin/bash
gecos: user
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7

change what you have to change.

9.- Creating new user
9.- Creating new user

Now with the ldapadd command we proceed to create the new user.

:~# ldapadd -x -W -D "cn=angelo,dc=osradar,dc=local" -f newuser.ldif
10.- Adding the new user
10.- Adding the new user

Now we are going to give the new user a password.

:~# ldappasswd -s pass321 -W -D "cn=angelo,dc=osradar,dc=local" -x "uid=user,ou=users,dc=osradar,dc=local"
11.- Setting password to new user
11.- Setting password to new user

5.- Finals configurations

We then proceed to add the rules in the firewall so that openLDAP runs smoothly.

:~# firewall-cmd --permanent --add-service=ldap
:~# firewall-cmd --reload
12.- Enabling openldap at firewall
12.- Enabling openldap at firewall

6.- Testing the server

We verify that everything is in order:

:~# ldapsearch -x cn=user -b dc=osradar,dc=local

If the terminal displays the user information, then everything went well.

12 .- Testing the installations
12 .- Testing the installations

And that’s it, we have our OpenLDAP server up and running. We would only have to go and configure each client so that it can be logged into the server. This will depend on each GNU/LINUX distribution the client has.

Please share this article through your social networks.

1 COMMENT

  1. Great Guide!!! Thank you so much but i’ve a problem in this step2:
    ldapmodify -Y EXTERNAL -H ldapi:/// -f conf.ldif
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    ldapmodify: wrong attributeType at line 5, entry “olcDatabase={2}hdb,cn=config”

    Any suggest?

    This one it’s my conf.ldif:
    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    replace: olcSuffix
    olcSuffix: dc=ldap,dc=halldis,dc=cloud

    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    replace: olcRootDN
    olcRootDN: cn=ldapadm,dc=ldap,dc=halldis,dc=cloud

    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    replace: olcRootPW
    olcRootPW: {SSHA}gjv8Vad/wLZYL0ginSrxVPOSBL/cfWmD

LEAVE A REPLY

Please enter your comment!
Please enter your name here