OpenLDAP is an opensource implementation of Lightweight Directory Access Protocal. Read more about OpenLDAP Project. I am using CentOS 5 for configuring OpenLDAP server. Below are the steps which I have performed during configuration. This article will help you step by step to Install and Configure OpenLDAP Server.
Network Details: Below is the network details used while writing this article.
System name:openldap.example.com System IP:192.168.10.50 Domain Name:example.com
Step 1: Create Test Accounts
Firsty create two test user accounts in your linux system using following commnands.
# useradd ldapuser1 # useradd ldapuser2 # passwd ldapuser1 # passwd ldapuser2
Step 2: Install Requird Packages
Below is list of software required for setup openldap
- compat-openldap
- openldap-clients
- openldap-devel
- openldap-servers
- openldap-servers-sql
Install all packages using following command.
# yum install *openldap* -y
Step 3: Setup OpenLDAP root Password
After installing openldap packages, First create OpenLDAP root user password
# slappasswd
New password:
Re-enter new password:
{SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw
Step 4:Edit Configuration File
Edit openldap configuration file with new values , use rootpw value get from slappasswd command in above step
# vi /etc/openldap/slapd.conf
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw {SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw
Step 5:Setup LDAP Database File
Copye example LDAP database file at below location. Use given example file from openldap
# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
Step 6 Start Services
Start openldap service and setup service to auto start on system boot
# service ldap start # chkconfig ldap on
Step 7: Create Domain LDIF File
Now Create ldif (LDAP Data Interchange Format) file for your domain
# vim /etc/openldap/base.ldif
dn: dc=example,dc=com dc: example objectClass: top objectClass: domain dn: ou=users,dc=example,dc=com ou: users objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=example,dc=com ou: Group objectClass: top objectClass: organizationalUnit
Step 8: Create Users LDIF File
After creating ldif file for your domain, Let create ldif file for all test users.
# cd /usr/share/openldap/migration/ # grep root /etc/passwd > /etc/openldap/passwd.root # grep ldapuser1 /etc/passwd > /etc/openldap/passwd.ldapuser1 # grep ldapuser2 /etc/passwd > /etc/openldap/passwd.ldapuser2 # ./migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif # ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser1.ldif # ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser2.ldif
Step 9: Edit Users LDIF Files
Modify all LDIF files created for users as per below given example for ldapuser1.
# vim /etc/openldap/ldapuser1.ldif
dn: uid=ldapuser1,dc=example,dc=com
uid: ldapuser1
cn: ldapuser1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: radiusprofile
description: 802.1x user
radiusFilterId: "Enterasys:version=1:policy=Enterprise User"
userPassword: {crypt}$1$rN6WLraT$9skdu7BpRUM6v7DiEhQXt1
shadowLastChange: 15419
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 612
gidNumber: 612
homeDirectory: /home/ldapuser1
Note: Make sure you have added below 3 file in ldif for integrating radius-ldap authentication
- objectClass: radiusprofile
- description: 802.1x user
- radiusFilterId: “Enterasys:version=1:policy=Enterprise User”
Step 10: Import All Data
Import all Data from configuration files to LDAP database
Importing base.ldif:
# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/base.ldif
Enter LDAP Password: adding new entry "dc=example,dc=com" adding new entry "ou=users,dc=example,dc=com" adding new entry "ou=Group,dc=example,dc=com"
Importing root.ldif:
# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/root.ldif
Enter LDAP Password: adding new entry "uid=root,ou=users,dc=example,dc=com" adding new entry "uid=operator,ou=users,dc=example,dc=com"
Importing ldapuser1.ldif:
# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser1.ldif
Enter LDAP Password: adding new entry "uid=ldapuser1,ou=users,dc=example,dc=com"
Importing ldapuser2.ldif:
# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser2.ldif
Enter LDAP Password: adding new entry "uid=ldapuser2,ou=users,dc=example,dc=com"
Step 11: Restart LDAP Service
Stop and Start LDAP service using following command.
# /etc/init.d/ldap stop # /etc/init.d/ldap start
Step 12: Test Your Setup
You setup has been completed, Lets test your ldap server using ldapsearch
# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
Hello,
At the outset congratulate the good stuff. I had to fix a few things about LDAP but it worked, even Apache works :).
I have another question. I would like to use RADIUS and LDAP to verify access to the network with 802.1x protocol. Can I count on your help?
This is a great and concise guide. Can you please update it for the latest versions of openldap where /etc/openldap/slapd.conf does not exist?
Thank you,
Leonard
ldapadd -x -W -D “cn=Manager,dc=yahoo,dc=com” -f /root/base.ldif
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)
How to solve this issue please help
thanks in advance…
can you please post
how to configure client as well
While using
# ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/base.ldif
I am getting this error
ldapadd: invalid option — x
usage: ldapadd [options]
list of operations are read from stdin or
from the file with -f file option.
Hello,
How can I add certificate authentication in both server and ldap client ?
Hi Rahul,
AFter running this command # ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/base.ldif
I am getting ldap_blind: Invalid credentials (49).
Please let me know how can I solve this
Hi Priyank,
Make sure you are using same password used with “slappasswd” command in step #3.