dc=org
|
dc=tum-fedora7
|
ou=People
___/ \___
/ ---------- \
uid=root uid=test1
#####################################################################
Step-by-step OpenLDAP Installation and Configuration
Reference : http://howtoforge.com/linux_openldap_setup_server_client
Domain name: tum-fedora7.org
#####################################################################
Step #1. Requirements
compat-openldap
openldap-clients
openldap-devel
openldap-servers
openldap-servers-sql
#yum -y install *openldap*
Step #2. Start the service
# chkconfig --levels 235 ldap on
# service ldap start
Step #3. Create LDAP root user password
[root@ldap ~]# slappasswd
New password:
Re-enter new password:
{SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
[root@ldap ~]#
Step #4. Update /etc/openldap/slapd.conf for the root password
[root@ldap ~]# vi /etc/openldap/slapd.conf
#68 database bdb
#69 suffix "dc=tum-fedora7,dc=org"
#70 rootdn "cn=Manager,dc=tum-fedora7,dc=org"
#71 rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
Step #5. Apply Changes
# service ldap restart
Step #6. Create test users
[root@ldap ~]# useradd test1
[root@ldap ~]# passwd test1
Changing password for user test1.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@ldap ~]# useradd test2
[root@ldap ~]# passwd test2
Changing password for user test2.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@ldap ~]#
Step #7. Migrate local users to LDAP
[root@ldap ~]# grep root /etc/passwd > /etc/openldap/passwd.root
[root@ldap ~]# grep test1 /etc/passwd > /etc/openldap/passwd.test1
[root@ldap ~]# grep test2 /etc/passwd > /etc/openldap/passwd.test2
Step #8. Update default settings on file /usr/share/openldap/migration/migrate_common.ph
#71 $DEFAULT_MAIL_DOMAIN = "tum-fedora7.org";
#74 $DEFAULT_BASE = "dc=tum-fedora7,dc=org";
Step #9. Convert passwd.file to ldif (LDAP Data Interchange Format) file
[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test1 /etc/openldap/test1.ldif
[root@ldap ~]# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.test2 /etc/openldap/test2.ldif
Step #10. Update root.ldif file for the "Manager" of LDAP Server
[root@ldap ~]# vi /etc/openldap/root.ldif
#1 dn: uid=root,ou=People,dc=tum-fedora7,dc=org
#2 uid: root
#3 cn: Manager
#4 objectClass: account
Step #11. Create a domain ldif file (/etc/openldap/tum-fedora7.org.ldif)
[root@ldap ~]# cat /etc/openldap/tum-fedora7.org.ldif
dn: dc=tum-fedora7,dc=org
dc: tum-fedora7
description: LDAP Admin
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=People, dc=tum-fedora7,dc=org
ou: People
description: Users of tum-fedora7
objectClass: organizationalUnit
Step #12. Import all users in to the LDAP
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=tum-fedora7,dc=org" -W -f /etc/openldap/tum-fedora7.org.ldif
Enter LDAP Password:
adding new entry "dc=tum-fedora7,dc=org"
adding new entry "ou=People, dc=tum-fedora7,dc=org"
[root@ldap ~]#
Add the users:
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=tum-fedora7,dc=org" -W -f /etc/openldap/root.ldif
Enter LDAP Password:
adding new entry "uid=root,ou=People,dc=tum-fedora7,dc=org"
adding new entry "uid=operator,ou=People,dc=tum-fedora7,dc=org"
[root@ldap ~]#
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=tum-fedora7,dc=org" -W -f /etc/openldap/test1.ldif
Enter LDAP Password:
adding new entry "uid=test1,ou=People,dc=tum-fedora7,dc=org"
[root@ldap ~]#
[root@ldap ~]# ldapadd -x -D "cn=Manager,dc=tum-fedora7,dc=org" -W -f /etc/openldap/test2.ldif
Enter LDAP Password:
adding new entry "uid=test2,ou=People,dc=tum-fedora7,dc=org"
[root@ldap ~]#
Step #13. Apply Changes
[root@ldap ~]# service ldap restart
Step #14. Test LDAP Server
It prints all the user information:
[root@ldap ~]# ldapsearch -x -b 'dc=tum-fedora7,dc=org' '(objectclass=*)'
##########################################################################
Step-by-step OpenLDAP Installation and Configuration of Client System
##########################################################################
LDAP Client Configuration
Step #1. Installation
[root@ldapclient ~]# yum install authconfig
Step #2. Run the command
[root@ldapclient ~]# authconfig
Step #3. Settings
[*] Use LDAP [*] Use LDAP Authentication
[Both should be checked]
Click "Next".
[ ] Use TLS
Server: ldap.tum-fedora7.org
Base DN: dc=tum-fedora7,dc=org
Click "Ok" to confirm.
Note: Use your domain name instead of tum-fedora7.org.
##############################
I copied all of my groups that I wanted in ldap from /etc/groups to /etc/openldap/groups.txt and then ran:
/usr/share/openldap/migration/migrate_groups.pl /etc/openldap/groups.txt /etc/openldap/groups.ldif
After I imported users, and groups, I used phpldapadmin to import shadow passwords. I opened /etc/shadow and copied the password field:
username:$1$0oDpBoKc$qw6grPT4jqgfqkc5Kzd/G.:_____:_:_____:_:::
as {crypt}$1$0oDpBoKc$qw6grPT4jqgfqkc5Kzd/G.
And selected clear in the drop down so it would not try to re-encrypt (mangle) the password.
#############################
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Create log file for openLDAP
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
1.Add the following entry in /etc/syslog.conf
# Log OpenLDAP
local4.* -/var/log/openldap.all
2.Reload the syslog configuration
/etc/init.d/ldap reload
3.You probably want to open a console and keep dumping the log messages:
#tail -f /var/log/openldap.all
########################
Others command
#ldapsearch -x 'objectclass=*'
#cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
#############################
#Configuration for FirePass #
#############################
Authentication
Host: 192.168.1.100
Port: 389
Use SSL connection: not select
Protocol version: 3
Follow referrals: not select
Lookup user's DN using template:
User DN template: uid=%logon%,ou=People,dc=tum-fedora7,dc=org
No comments:
Post a Comment