9/01/2010

Build LDAP Server

[1] Install and Configure OpenLDAP. Replace my domain name section [linuxbasiccommand.blogspot.com] with your domain name.

[root@ns ~]# yum -y install openldap*

# create password
[root@ns ~]# slappasswd -s password -h {MD5}
# (1) remember it
{MD5}*********************

[root@ns ~]# vi /etc/openldap/slapd.conf

# line 85: specify domain name
suffix "dc=server-linux,dc=info"

# line 86: specify domain name
rootdn "cn=Manager,dc=server-linux,dc=info"

# line 91: add password that is set in (1)
rootpw {MD5}************************

# add these lines at the bottom
access to attrs=userPassword
by self write
by dn="cn=Manager,dc=server-linux,dc=info" write
by anonymous auth
by * none

access to *
by dn="cn=Manager,dc=server-linux,dc=info" write
by self write
by * read

[root@ns ~]# vi /etc/openldap/ldap.conf

# line 15: specify domain name
URI ldap://127.0.0.1/
BASE dc=server-linux,dc=info
TLS_CACERTDIR /etc/openldap/cacerts

[root@ns ~]# vi /etc/ldap.conf

# line 20: specify domain name
base dc=server-linux,dc=info

[root@ns ~]# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@ns ~]# /etc/rc.d/init.d/ldap start
Checking configuration files for slapd: /etc/openldap/slapd.conf: line 114: rootdn is always granted unlimited privileges.
/etc/openldap/slapd.conf: line 118: rootdn is always granted unlimited privileges.
config file testing succeeded[ OK ]
Starting slapd:[ OK ]
[root@ns ~]# chkconfig ldap on

[2] Add initial information

[root@ns ~]# cd /usr/share/openldap/migration
[root@ns migration]# vi migrate_common.ph

# line 71: specify domain name
$DEFAULT_MAIL_DOMAIN = "server-linux.info";

# line 74: specify domain name
$DEFAULT_BASE = "dc=server-linux,dc=info";

[root@ns migration]# ./migrate_base.pl > base.ldif
[root@ns migration]# vi base.ldif

# edit only sections that are needed for your environment ( The follows is minimum requirement example )
dn: dc=server-linux,dc=info
dc: server-linux
objectClass: top
objectClass: domain


dn: ou=People,dc=server-linux,dc=info
ou: People
objectClass: top
objectClass: organizationalUnit


dn: ou=Group,dc=server-linux,dc=info
ou: Group
objectClass: top
objectClass: organizationalUnit


[root@ns migration]# ldapadd -x -W -D "cn=Manager,dc=server-linux,dc=info" -f base.ldif
Enter LDAP Password:# passowrd set in (1)
adding new entry "dc=server-linux,dc=info"

adding new entry "ou=People,dc=server-linux,dc=info"

adding new entry "ou=Group,dc=server-linux,dc=info"

[3] Add Existing User and Group to LDAP Server


[root@ns migration]# grep ":5[0-9][0-9]" /etc/passwd > passwd
[root@ns migration]# grep ":5[0-9][0-9]" /etc/group > group
[root@ns migration]# ./migrate_passwd.pl passwd > passwd.ldif
[root@ns migration]# ./migrate_group.pl group > group.ldif

# add user and group to LDAP Server
[root@ns migration]# ldapadd -x -W -D "cn=Manager,dc=server-linux,dc=info" -f passwd.ldif
Enter LDAP Password:

adding new entry "uid=cent,ou=People,dc=server-linux,dc=info"

[root@ns migration]# ldapadd -x -W -D "cn=Manager,dc=server-linux,dc=info" -f group.ldif
Enter LDAP Password:

adding new entry "cn=cent,ou=Group,dc=server-linux,dc=info"

[4] If you'd like to delete User or Group that is added in LDAP Server, Do as below.

[root@ns ~]# ldapdelete -x -W -D 'cn=Manager,dc=server-linux,dc=info' "uid=cent,ou=people,dc=server-linux,dc=info"
Enter LDAP Password:
[root@ns ~]# ldapdelete -x -W -D 'cn=Manager,dc=server-linux,dc=info' "cn=cent,ou=group,dc=server-linux,dc=info"
Enter LDAP Password:

[5] After building LDAP Server, Configure on clients in order to share users' accounts

[root@www ~]# yum -y install openldap-clients

[root@www ~]# setup# run config tool
(1) Select 'Authentication Configuration' and go next

(2) Check boxes like following example and go next


(3) Specify IP address and Domain name of LDAP Server like following example

[root@www ~]# shutdown -r now

www.server-linux.info login:cent# the user on LDAP server
Password:
Last login: Mon Sep 10 22:10:17 on xvc0
[cent@www ~]$# could login normally

No comments:

Post a Comment