LDAP Server Installation and Configuration
The LDAP server can be a little tricky when you set it up so be careful to watch file locations and spelling so that you do not cause yourself more trouble than you need. Set up a basic LDAP that is working correctly before you start with a secure method of communication, like TLS.
Lesson 4 / Lesson 6
Install with yum
yum install openldap-servers
The clients package is not needed on the server if that is all it will do is be a server. Note: The nss_ldap package, installed by default, contains libnss_ldap and pam_ldap, both which you will need for the client. The pam_ldap will help with integration of LDAP and email, SSH, FTP, Samba, etc.
Configuration of LDAP
Whenever you need to create passwords use the slappasswd application which will create an encrypted password for you. Create your user and then add the password to the LDAP user.
Create a root Password:
Re-enter new password:
For linuxtrained, if you needed to create a new password for admin user you would use slappasswd and then copy the password that was created and insert it in your /etc/openldap/slapd.conf.
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
Preparation for Starting
Before starting LDAP you must set your database type for Database #1, the suffix for your domain, set your rootdn, rootdn password and the directory location for you files. Note that linuxtrained.net is the domain that is used here.
Edit /etc/openldap/slapd.conf and make the necessary changes.
Before you can add your init.ltif you need to remove the old directories if you had old entries.
# rm -rf /var/lib/ldap/*
Create a /var/lib/ldap/DB_CONFIG file with these settings:
set_cachesize 0 15000000 1
Configure your init.ltif
Here are the three files you will need to add to get a basic setup.
ou: Linux Dot Local
cn: Joe Smith
description: This is a test of LDAP.
Here is the init.ltif File
Add the init.ltif file to LDAP system
# slapadd -l init.ldif
# slapadd -l users.ldif
# slapadd -l admin.ldif
Note that this program must be run as root, however, the server, due to security concerns, runs as the ldap user. Therefore, once you add an ldif file you must change the ownership of the /var/lib/ldap directory.
chown -R ldap:ldap /var/lib/ldap/
Now Start LDAP
service ldap start
Copyright by CyberMontana Inc.
Cannot be reproduced without written permission. Box 1262 Trout Creek, MT 59874