LDAP Server Install

 LDAP Server Installation and Configuration

The LDAP server can be a little tricky when you set it up so be careful to watch file locations and spelling so that you do not cause yourself more trouble than you need.  Set up a basic LDAP that is working correctly before you start with a secure method of communication, like TLS.

Lesson 4 / Lesson 6

Install with yum
yum install openldap-servers

The clients package is not needed on the server if that is all it will do is be a server.  Note: The nss_ldap package, installed by default,  contains libnss_ldap and pam_ldap, both which you will need for the client.  The pam_ldap will help with integration of LDAP and email, SSH, FTP, Samba, etc.

Configuration of LDAP
Whenever you need to create passwords use the slappasswd application which will create an encrypted password for you.  Create your user and then add the password to the LDAP user.

Create a root Password:
 slappasswd
New password:
Re-enter new password:
{SSHA}qFOeJuRxMW6PBy+xSLhkyzdYKAUFcbfj

For linuxtrained, if you needed to create a new password for admin user you would use slappasswd and then copy the password that was created and insert it in your /etc/openldap/slapd.conf.
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn          "cn=admin,dc=linux,dc=local"
rootpw          {SSHA}k1wLLf+cCUArjAt2BuFGe6OYdSiayIZd

Preparation for Starting
Before starting LDAP you must set your database type for Database #1, the suffix for your domain, set your rootdn, rootdn password  and the directory location for you files.  Note that linuxtrained.net is the domain that is used here.
Edit /etc/openldap/slapd.conf and make the necessary changes.

database       bdb
suffix          "dc=linuxt,dc=local"
rootdn          "cn=admin,dc=linuxt,dc=local"
rootpw          {SSHA}k1wLLf+cCUArjAt2BuFGe6OYdSiayIZd
directory       "/var/lib/ldap"


Before you can add your init.ltif you need to remove the old directories if you had old entries.
# rm -rf /var/lib/ldap/*

Create a /var/lib/ldap/DB_CONFIG file with these settings:

set_cachesize 0 15000000 1
set_lg_regionmax 262144
set_lg_bsize 2097152
set_flags DB_LOG_AUTOREMOVE

Configure your init.ltif
Here are the three files you will need to add to get a basic setup.

init.ldif
 
dn: dc=linux,dc=local
dc: linux
objectClass:dcObject
objectClass: organizationalUnit
ou: Linux Dot Local
 
dn: ou=People,dc=linux,dc=local
ou: People
objectClass: organizationalUnit
 
usrs.ldif
 
dn: uid=joe,ou=people,dc=linux,dc=local
objectClass: inetOrgPerson
cn: Joe Smith
sn: Smith
uid: joe
userPassword: linux99
telephoneNumber: 123-222-0033
homePhone: 124-131-2256
mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
description: This is a test of LDAP.
 
 
admin.ldif
dn:  cn=admin,ou=people,dc=linux,dc=local
objectclass:  person
cn:  admin
sn:  admin
userPassword: linux99
Here is the init.ltif File


Add the init.ltif file to LDAP system
# slapadd -l init.ldif

# slapadd -l users.ldif

# slapadd -l admin.ldif

Note that this program must be run as root, however, the server, due to security concerns, runs as the ldap user.  Therefore, once you add an ldif file you must change the ownership of the /var/lib/ldap directory.

Change Permissions
chown -R ldap:ldap /var/lib/ldap/

Now Start LDAP
service ldap start