Steps to Install and Configure OpenLDAP Server and FreeRadius

    By 3 Mins Read

    OpenLDAP is an opensource implementation of Lightweight Directory Access Protocal. Read more about OpenLDAP Project. I am using CentOS 5 for configuring OpenLDAP server. Below are the steps which I have performed during configuration. This article will help you step by step to Install and Configure OpenLDAP Server.

    Advertisement

    Network Details: Below is the network details used while writing this article.

    System name: openldap.example.com
System IP: 192.168.10.50
Domain Name: example.com

    Step 1: Create Test Accounts

    Firsty create two test user accounts in your linux system using following commnands.

    # useradd ldapuser1
# useradd ldapuser2
# passwd ldapuser1
# passwd ldapuser2

    Step 2: Install Requird Packages

    Below is list of software required for setup openldap

    • compat-openldap
    • openldap-clients
    • openldap-devel
    • openldap-servers
    • openldap-servers-sql

    Install all packages using following command.

    # yum install *openldap* -y

    Step 3: Setup OpenLDAP root Password

    After installing openldap packages, First create OpenLDAP root user password

    # slappasswd

New password:
Re-enter new password:
{SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw

    Step 4:Edit Configuration File

    Edit openldap configuration file with new values , use rootpw value get from slappasswd command in above step

    # vi /etc/openldap/slapd.conf

    database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw {SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw

    Step 5:Setup LDAP Database File

    Copye example LDAP database file at below location. Use given example file from openldap

    # cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

    Step 6 Start Services

    Start openldap service and setup service to auto start on system boot

    # service ldap start
# chkconfig ldap on

    Step 7: Create Domain LDIF File

    Now Create ldif (LDAP Data Interchange Format) file for your domain example.com, You can use any filename with extension ldif

    # vim /etc/openldap/base.ldif

    dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
dn: ou=users,dc=example,dc=com
ou: users
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

    Step 8: Create Users LDIF File

    After creating ldif file for your domain, Let create ldif file for all test users.

    # cd /usr/share/openldap/migration/
# grep root /etc/passwd > /etc/openldap/passwd.root
# grep ldapuser1 /etc/passwd > /etc/openldap/passwd.ldapuser1
# grep ldapuser2 /etc/passwd > /etc/openldap/passwd.ldapuser2
# ./migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
# ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser1.ldif
# ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser2.ldif

    Step 9: Edit Users LDIF Files

    Modify all LDIF files created for users as per below given example for ldapuser1.

    # vim /etc/openldap/ldapuser1.ldif

    dn: uid=ldapuser1,dc=example,dc=com
uid: ldapuser1
cn: ldapuser1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: radiusprofile
description: 802.1x user
radiusFilterId: "Enterasys:version=1:policy=Enterprise User"
userPassword: {crypt}$1$rN6WLraT$9skdu7BpRUM6v7DiEhQXt1
shadowLastChange: 15419
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 612
gidNumber: 612
homeDirectory: /home/ldapuser1

    Note: Make sure you have added below 3 file in ldif for integrating radius-ldap authentication

    • objectClass: radiusprofile
    • description: 802.1x user
    • radiusFilterId: “Enterasys:version=1:policy=Enterprise User”

    Step 10: Import All Data

    Import all Data from configuration files to LDAP database
    Importing base.ldif:

    # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/base.ldif

    Enter LDAP Password:
adding new entry "dc=example,dc=com"
adding new entry "ou=users,dc=example,dc=com"
adding new entry "ou=Group,dc=example,dc=com"

    Importing root.ldif:

    # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/root.ldif

    Enter LDAP Password:
adding new entry "uid=root,ou=users,dc=example,dc=com"
adding new entry "uid=operator,ou=users,dc=example,dc=com"

    Importing ldapuser1.ldif:

    # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser1.ldif

    Enter LDAP Password:
adding new entry "uid=ldapuser1,ou=users,dc=example,dc=com"

    Importing ldapuser2.ldif:

    # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser2.ldif

    Enter LDAP Password:
adding new entry "uid=ldapuser2,ou=users,dc=example,dc=com"

    Step 11: Restart LDAP Service

    Stop and Start LDAP service using following command.

    # /etc/init.d/ldap stop
# /etc/init.d/ldap start

    Step 12: Test Your Setup

    You setup has been completed, Lets test your ldap server using ldapsearch

    # ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

    Congratulation’s Your ldap setup has been completed. Read our next article Setup FreeRadius Authentication with OpenLDAP

    Share.

    Related Posts

    View 11 Comments

    11 Comments

    1. avinesh on

      How to change DN attribute in openldap-2.4.39

      from dn: uid=66003310,ou=users,dc=hcl,dc=com
      to dn: employeeNumber=66003310,ou=users,dc=hcl,dc=com

      Reply
    3. Konrad on

      Hello,
      At the outset congratulate the good stuff. I had to fix a few things about LDAP but it worked, even Apache works :).
      I have another question. I would like to use RADIUS and LDAP to verify access to the network with 802.1x protocol. Can I count on your help?

      Reply
    4. Leonard on

      This is a great and concise guide. Can you please update it for the latest versions of openldap where /etc/openldap/slapd.conf does not exist?

      Thank you,
      Leonard

      Reply
    5. Saitej on

      ldapadd -x -W -D “cn=Manager,dc=yahoo,dc=com” -f /root/base.ldif
      Enter LDAP Password:
      ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)

      How to solve this issue please help
      thanks in advance…

      Reply
    7. vinay kumar on

      While using

      # ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/base.ldif

      I am getting this error

      ldapadd: invalid option — x
      usage: ldapadd [options]
      list of operations are read from stdin or
      from the file with -f file option.

      Reply
    9. Priyank on

      Hi Rahul,

      AFter running this command # ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/base.ldif

      I am getting ldap_blind: Invalid credentials (49).

      Please let me know how can I solve this

      Reply

    Leave A Reply