OpenLDAP on CentOS 5.5

Posted on Wed 30 June 2010 by Pavlo Khmel

1. Names

dn - Distinguished Names
cn - Common Name
dc - domain component
ou - organizational unit
uid - user id

2. Install OpenLDAP

2.1. Install packages

yum install openldap-servers openldap-clients

2.2. Generate password

slappasswd -s khmel.org
{SSHA}leBzbyRDzbzQ2uQHe6juEo5FjxjRE0b7

2.3. Change /etc/openldap/slapd.conf

database bdb
suffix "dc=phn,dc=org,dc=ua,dc=local"
rootdn "cn=Manager,dc=phn,dc=org,dc=ua,dc=local"
rootpw {SSHA}leBzbyRDzbzQ2uQHe6juEo5FjxjRE0b7

2.4. copy file

cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

2.5. Start LDAP service

service ldap start

2.6. Create LDIF file (! empty line before second "dn" is important) /etc/openldap/phn.org.ua.local.ldif

dn: dc=phn,dc=org,dc=ua,dc=local
objectClass: dcObject
dc: phn
objectclass: organizationalUnit
ou: rootobject

dn: ou=People, dc=phn,dc=org,dc=ua,dc=local
objectClass: organizationalUnit
ou: People

2.7. Import config

ldapadd -x -D "cn=Manager,dc=phn,dc=org,dc=ua,dc=local" -W -f /etc/openldap/phn.org.ua.local.ldif

Test

slapcat
dn: dc=phn,dc=org,dc=ua,dc=local
objectClass: dcObject
objectClass: organizationalUnit
dc: phn
...

2.8. Create local user phn

useradd phn
passwd phn

2.9. Import user phn

2.9.1. Change /usr/share/openldap/migration/migrate_common.ph

$DEFAULT_MAIL_DOMAIN = "phn.org.ua.local";
$DEFAULT_BASE = "dc=phn,dc=org,dc=ua,dc=local";

2.9.2. Generate LDIF file for new user

grep phn /etc/passwd > /etc/openldap/passwd.phn
/usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.phn /etc/openldap/phn.ldif

2.9.3. Import

$ ldapadd -x -D "cn=Manager,dc=phn,dc=org,dc=ua,dc=local" -W -f /etc/openldap/phn.ldif
Enter LDAP Password:
adding new entry "uid=phn,ou=People,dc=phn,dc=org,dc=ua,dc=local"

2.10. restart service LDAP

service ldap start

2.11. Check

slapcat

3. Install LDAP client

3.1. Install package

yum install openldap-clients

3.2. Change 7 lines in 3 files

/etc/nsswitch.conf

passwd: files ldap
shadow: files ldap
group: files ldap

/etc/ldap.conf

host 192.168.0.106
base dc=phn,dc=org,dc=ua,dc=local

/etc/openldap/ldap.conf

BASE dc=phn,dc=org,dc=ua,dc=local
URI ldap://192.168.0.106/

192.168.0.106 is LDAP server

3.3. Check

ldapsearch -x -b 'dc=phn,dc=org,dc=ua,dc=local' '(objectclass=*)'