Menu

Steps to Install and Configure OpenLDAP Server and FreeRadius

Written by

OpenLDAP is an opensource implementation of Lightweight Directory Access Protocal. Read more about OpenLDAP Project. I am using CentOS 5 for configuring OpenLDAP server. Below are the steps which I have performed during configuration. This article will help you step by step to Install and Configure OpenLDAP Server.

Network Details: Below is the network details used while writing this article.

System name: openldap.example.com
System IP: 192.168.10.50
Domain Name: example.com

Step 1: Create Test Accounts

Firsty create two test user accounts in your linux system using following commnands.

# useradd ldapuser1
# useradd ldapuser2
# passwd ldapuser1
# passwd ldapuser2

Step 2: Install Requird Packages

Below is list of software required for setup openldap

  • compat-openldap
  • openldap-clients
  • openldap-devel
  • openldap-servers
  • openldap-servers-sql

Install all packages using following command.

# yum install *openldap* -y

Step 3: Setup OpenLDAP root Password

After installing openldap packages, First create OpenLDAP root user password

# slappasswd

New password:
Re-enter new password:
{SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw

Step 4:Edit Configuration File

Edit openldap configuration file with new values , use rootpw value get from slappasswd command in above step

# vi /etc/openldap/slapd.conf

database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw {SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw

Step 5:Setup LDAP Database File

Copye example LDAP database file at below location. Use given example file from openldap

# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Step 6 Start Services

Start openldap service and setup service to auto start on system boot

# service ldap start
# chkconfig ldap on

Step 7: Create Domain LDIF File

Now Create ldif (LDAP Data Interchange Format) file for your domain example.com, You can use any filename with extension ldif

# vim /etc/openldap/base.ldif

dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
dn: ou=users,dc=example,dc=com
ou: users
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

Step 8: Create Users LDIF File

After creating ldif file for your domain, Let create ldif file for all test users.

# cd /usr/share/openldap/migration/
# grep root /etc/passwd > /etc/openldap/passwd.root
# grep ldapuser1 /etc/passwd > /etc/openldap/passwd.ldapuser1
# grep ldapuser2 /etc/passwd > /etc/openldap/passwd.ldapuser2
# ./migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
# ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser1.ldif
# ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser2.ldif

Step 9: Edit Users LDIF Files

Modify all LDIF files created for users as per below given example for ldapuser1.

# vim /etc/openldap/ldapuser1.ldif

dn: uid=ldapuser1,dc=example,dc=com
uid: ldapuser1
cn: ldapuser1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: radiusprofile
description: 802.1x user
radiusFilterId: "Enterasys:version=1:policy=Enterprise User"
userPassword: {crypt}$1$rN6WLraT$9skdu7BpRUM6v7DiEhQXt1
shadowLastChange: 15419
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 612
gidNumber: 612
homeDirectory: /home/ldapuser1

Note: Make sure you have added below 3 file in ldif for integrating radius-ldap authentication

  • objectClass: radiusprofile
  • description: 802.1x user
  • radiusFilterId: “Enterasys:version=1:policy=Enterprise User”

Step 10: Import All Data

Import all Data from configuration files to LDAP database
Importing base.ldif:

# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/base.ldif

Enter LDAP Password:
adding new entry "dc=example,dc=com"
adding new entry "ou=users,dc=example,dc=com"
adding new entry "ou=Group,dc=example,dc=com"

Importing root.ldif:

# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/root.ldif

Enter LDAP Password:
adding new entry "uid=root,ou=users,dc=example,dc=com"
adding new entry "uid=operator,ou=users,dc=example,dc=com"

Importing ldapuser1.ldif:

# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser1.ldif

Enter LDAP Password:
adding new entry "uid=ldapuser1,ou=users,dc=example,dc=com"

Importing ldapuser2.ldif:

# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser2.ldif

Enter LDAP Password:
adding new entry "uid=ldapuser2,ou=users,dc=example,dc=com"

Step 11: Restart LDAP Service

Stop and Start LDAP service using following command.

# /etc/init.d/ldap stop
# /etc/init.d/ldap start

Step 12: Test Your Setup

You setup has been completed, Lets test your ldap server using ldapsearch

# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

Congratulation’s Your ldap setup has been completed. Read our next article Setup FreeRadius Authentication with OpenLDAP

Rahul
Rahul
Connect on Facebook Connect on Twitter

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

11 Comments

  1. Avatar avinesh Reply to avinesh
    November 1, 2017 at 5:09 am

    How to change DN attribute in openldap-2.4.39

    from dn: uid=66003310,ou=users,dc=hcl,dc=com
    to dn: employeeNumber=66003310,ou=users,dc=hcl,dc=com

  2. Avatar paul Reply to paul
    August 5, 2017 at 5:23 pm

    Hi

    Do you have a guide for DS389 as I’m using that and not openLDAP?

  3. Avatar Konrad Reply to Konrad
    March 11, 2015 at 12:16 pm

    Hello,
    At the outset congratulate the good stuff. I had to fix a few things about LDAP but it worked, even Apache works :).
    I have another question. I would like to use RADIUS and LDAP to verify access to the network with 802.1x protocol. Can I count on your help?

  4. Avatar Leonard Reply to Leonard
    January 3, 2015 at 1:37 pm

    This is a great and concise guide. Can you please update it for the latest versions of openldap where /etc/openldap/slapd.conf does not exist?

    Thank you,
    Leonard

  5. Avatar Saitej Reply to Saitej
    November 9, 2014 at 6:37 am

    ldapadd -x -W -D “cn=Manager,dc=yahoo,dc=com” -f /root/base.ldif
    Enter LDAP Password:
    ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)

    How to solve this issue please help
    thanks in advance…

  6. Avatar sivaram Reply to sivaram
    June 25, 2014 at 4:14 am

    can you please post
    how to configure client as well

  7. Avatar vinay kumar Reply to vinay
    May 28, 2014 at 8:32 am

    While using

    # ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/base.ldif

    I am getting this error

    ldapadd: invalid option — x
    usage: ldapadd [options]
    list of operations are read from stdin or
    from the file with -f file option.

  8. Avatar likelinux Reply to likelinux
    April 4, 2014 at 10:26 am

    Hello,

    How can I add certificate authentication in both server and ldap client ?

  9. Avatar Priyank Reply to Priyank
    September 30, 2013 at 9:36 pm

    Hi Rahul,

    AFter running this command # ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/base.ldif

    I am getting ldap_blind: Invalid credentials (49).

    Please let me know how can I solve this

Leave a Reply

Copyright © 2013-2020 TecAdmin.net. All Rights Reserved. This site uses cookies. By using this website you agree with our term and services