Steps to Install and Configure OpenLDAP Server and FreeRadius

Last updated February 13, 2013 by
Uncategorized , , ,

OpenLDAP is an opensource implementation of Lightweight Directory Access Protocal. Read more about OpenLDAP Project. I am using CentOS 5 for configuring OpenLDAP server. Below are the steps which I have performed during configuration. This article will help you step by step to Install and Configure OpenLDAP Server.

Network Details: Below is the network details used while writing this article.

System name: openldap.example.com
System IP: 192.168.10.50
Domain Name: example.com

Step 1: Create Test Accounts

Firsty create two test user accounts in your linux system using following commnands.

# useradd ldapuser1
# useradd ldapuser2
# passwd ldapuser1
# passwd ldapuser2

Step 2: Install Requird Packages

Below is list of software required for setup openldap

  • compat-openldap
  • openldap-clients
  • openldap-devel
  • openldap-servers
  • openldap-servers-sql

Install all packages using following command.

# yum install *openldap* -y

Step 3: Setup OpenLDAP root Password

After installing openldap packages, First create OpenLDAP root user password

# slappasswd

New password:
Re-enter new password:
{SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw

Step 4:Edit Configuration File

Edit openldap configuration file with new values , use rootpw value get from slappasswd command in above step

# vi /etc/openldap/slapd.conf

database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw {SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw

Step 5:Setup LDAP Database File

Copye example LDAP database file at below location. Use given example file from openldap

# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Step 6 Start Services

Start openldap service and setup service to auto start on system boot

# service ldap start
# chkconfig ldap on

Step 7: Create Domain LDIF File

Now Create ldif (LDAP Data Interchange Format) file for your domain example.com, You can use any filename with extension ldif

# vim /etc/openldap/base.ldif

dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
dn: ou=users,dc=example,dc=com
ou: users
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

Step 8: Create Users LDIF File

After creating ldif file for your domain, Let create ldif file for all test users.

# cd /usr/share/openldap/migration/
# grep root /etc/passwd > /etc/openldap/passwd.root
# grep ldapuser1 /etc/passwd > /etc/openldap/passwd.ldapuser1
# grep ldapuser2 /etc/passwd > /etc/openldap/passwd.ldapuser2
# ./migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
# ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser1.ldif
# ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser2.ldif

Step 9: Edit Users LDIF Files

Modify all LDIF files created for users as per below given example for ldapuser1.

# vim /etc/openldap/ldapuser1.ldif

dn: uid=ldapuser1,dc=example,dc=com
uid: ldapuser1
cn: ldapuser1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: radiusprofile
description: 802.1x user
radiusFilterId: "Enterasys:version=1:policy=Enterprise User"
userPassword: {crypt}$1$rN6WLraT$9skdu7BpRUM6v7DiEhQXt1
shadowLastChange: 15419
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 612
gidNumber: 612
homeDirectory: /home/ldapuser1

Note: Make sure you have added below 3 file in ldif for integrating radius-ldap authentication

  • objectClass: radiusprofile
  • description: 802.1x user
  • radiusFilterId: “Enterasys:version=1:policy=Enterprise User”

Step 10: Import All Data

Import all Data from configuration files to LDAP database
Importing base.ldif:

# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/base.ldif

Enter LDAP Password:
adding new entry "dc=example,dc=com"
adding new entry "ou=users,dc=example,dc=com"
adding new entry "ou=Group,dc=example,dc=com"

Importing root.ldif:

# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/root.ldif

Enter LDAP Password:
adding new entry "uid=root,ou=users,dc=example,dc=com"
adding new entry "uid=operator,ou=users,dc=example,dc=com"

Importing ldapuser1.ldif:

# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser1.ldif

Enter LDAP Password:
adding new entry "uid=ldapuser1,ou=users,dc=example,dc=com"

Importing ldapuser2.ldif:

# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser2.ldif

Enter LDAP Password:
adding new entry "uid=ldapuser2,ou=users,dc=example,dc=com"

Step 11: Restart LDAP Service

Stop and Start LDAP service using following command.

# /etc/init.d/ldap stop
# /etc/init.d/ldap start

Step 12: Test Your Setup

You setup has been completed, Lets test your ldap server using ldapsearch

# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

Congratulation’s Your ldap setup has been completed. Read our next article Setup FreeRadius Authentication with OpenLDAP

Rahul K.
Rahul K.
Connect on Facebook Connect on Twitter Connect on Google+

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

11 Comments

  1. avinesh Reply to avinesh
    November 1, 2017 at 5:09 am

    How to change DN attribute in openldap-2.4.39

    from dn: uid=66003310,ou=users,dc=hcl,dc=com
    to dn: employeeNumber=66003310,ou=users,dc=hcl,dc=com

  2. paul Reply to paul
    August 5, 2017 at 5:23 pm

    Hi

    Do you have a guide for DS389 as I’m using that and not openLDAP?

  3. Konrad Reply to Konrad
    March 11, 2015 at 12:16 pm

    Hello,
    At the outset congratulate the good stuff. I had to fix a few things about LDAP but it worked, even Apache works :).
    I have another question. I would like to use RADIUS and LDAP to verify access to the network with 802.1x protocol. Can I count on your help?

  4. Leonard Reply to Leonard
    January 3, 2015 at 1:37 pm

    This is a great and concise guide. Can you please update it for the latest versions of openldap where /etc/openldap/slapd.conf does not exist?

    Thank you,
    Leonard

  5. Saitej Reply to Saitej
    November 9, 2014 at 6:37 am

    ldapadd -x -W -D “cn=Manager,dc=yahoo,dc=com” -f /root/base.ldif
    Enter LDAP Password:
    ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)

    How to solve this issue please help
    thanks in advance…

  6. sivaram Reply to sivaram
    June 25, 2014 at 4:14 am

    can you please post
    how to configure client as well

  7. vinay kumar Reply to vinay
    May 28, 2014 at 8:32 am

    While using

    # ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/base.ldif

    I am getting this error

    ldapadd: invalid option — x
    usage: ldapadd [options]
    list of operations are read from stdin or
    from the file with -f file option.

  8. likelinux Reply to likelinux
    April 4, 2014 at 10:26 am

    Hello,

    How can I add certificate authentication in both server and ldap client ?

  9. Priyank Reply to Priyank
    September 30, 2013 at 9:36 pm

    Hi Rahul,

    AFter running this command # ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/base.ldif

    I am getting ldap_blind: Invalid credentials (49).

    Please let me know how can I solve this

Leave a Reply

All rights reserved. © 2013-2018 TecAdmin.net. This site uses cookies. By using this website you agree our term and services