Steps to Install and Configure OpenLDAP Server and FreeRadius

OpenLDAP is an opensource implementation of Lightweight Directory Access Protocal. Read more about OpenLDAP Project. I am using CentOS 5 for configuring OpenLDAP server. Below are the steps which I have performed during configuration. This article will help you step by step to Install and Configure OpenLDAP Server.

Network Details: Below is the network details used while writing this article.

System name: openldap.example.com
System IP: 192.168.10.50
Domain Name: example.com

Step 1: Create Test Accounts

Firsty create two test user accounts in your linux system using following commnands.

# useradd ldapuser1
# useradd ldapuser2
# passwd ldapuser1
# passwd ldapuser2

Step 2: Install Requird Packages

Below is list of software required for setup openldap

compat-openldap
openldap-clients
openldap-devel
openldap-servers
openldap-servers-sql

Install all packages using following command.

# yum install *openldap* -y

Step 3: Setup OpenLDAP root Password

After installing openldap packages, First create OpenLDAP root user password

# slappasswd

New password:
Re-enter new password:
{SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw

Step 4:Edit Configuration File

Edit openldap configuration file with new values , use rootpw value get from slappasswd command in above step

# vi /etc/openldap/slapd.conf

database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw {SSHA}BONOBgJZNZc3A+UFq3fcjRn2YHsZVkXw

Step 5:Setup LDAP Database File

Copye example LDAP database file at below location. Use given example file from openldap

# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Step 6 Start Services

Start openldap service and setup service to auto start on system boot

# service ldap start
# chkconfig ldap on

Step 7: Create Domain LDIF File

Now Create ldif (LDAP Data Interchange Format) file for your domain example.com, You can use any filename with extension ldif

# vim /etc/openldap/base.ldif

dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
dn: ou=users,dc=example,dc=com
ou: users
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

Step 8: Create Users LDIF File

After creating ldif file for your domain, Let create ldif file for all test users.

# cd /usr/share/openldap/migration/
# grep root /etc/passwd > /etc/openldap/passwd.root
# grep ldapuser1 /etc/passwd > /etc/openldap/passwd.ldapuser1
# grep ldapuser2 /etc/passwd > /etc/openldap/passwd.ldapuser2
# ./migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
# ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser1.ldif
# ./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser2.ldif

Step 9: Edit Users LDIF Files

Modify all LDIF files created for users as per below given example for ldapuser1.

# vim /etc/openldap/ldapuser1.ldif

dn: uid=ldapuser1,dc=example,dc=com
uid: ldapuser1
cn: ldapuser1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: radiusprofile
description: 802.1x user
radiusFilterId: "Enterasys:version=1:policy=Enterprise User"
userPassword: {crypt}$1$rN6WLraT$9skdu7BpRUM6v7DiEhQXt1
shadowLastChange: 15419
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 612
gidNumber: 612
homeDirectory: /home/ldapuser1

Note: Make sure you have added below 3 file in ldif for integrating radius-ldap authentication

objectClass: radiusprofile
description: 802.1x user
radiusFilterId: “Enterasys:version=1:policy=Enterprise User”

Step 10: Import All Data

Import all Data from configuration files to LDAP database
Importing base.ldif:

# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/base.ldif

Enter LDAP Password:
adding new entry "dc=example,dc=com"
adding new entry "ou=users,dc=example,dc=com"
adding new entry "ou=Group,dc=example,dc=com"

Importing root.ldif:

# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/root.ldif

Enter LDAP Password:
adding new entry "uid=root,ou=users,dc=example,dc=com"
adding new entry "uid=operator,ou=users,dc=example,dc=com"

Importing ldapuser1.ldif:

# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser1.ldif

Enter LDAP Password:
adding new entry "uid=ldapuser1,ou=users,dc=example,dc=com"

Importing ldapuser2.ldif:

# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapuser2.ldif

Enter LDAP Password:
adding new entry "uid=ldapuser2,ou=users,dc=example,dc=com"

Step 11: Restart LDAP Service

Stop and Start LDAP service using following command.

# /etc/init.d/ldap stop
# /etc/init.d/ldap start

Step 12: Test Your Setup

You setup has been completed, Lets test your ldap server using ldapsearch

# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

Congratulation’s Your ldap setup has been completed. Read our next article Setup FreeRadius Authentication with OpenLDAP

11 Comments

avinesh on November 1, 2017 5:09 am
How to change DN attribute in openldap-2.4.39
from dn: uid=66003310,ou=users,dc=hcl,dc=com
to dn: employeeNumber=66003310,ou=users,dc=hcl,dc=com
- Atik on May 13, 2018 2:43 pm
  its great
paul on August 5, 2017 5:23 pm
Hi
Do you have a guide for DS389 as I’m using that and not openLDAP?
Konrad on March 11, 2015 12:16 pm
Hello,
At the outset congratulate the good stuff. I had to fix a few things about LDAP but it worked, even Apache works :).
I have another question. I would like to use RADIUS and LDAP to verify access to the network with 802.1x protocol. Can I count on your help?
Leonard on January 3, 2015 1:37 pm
This is a great and concise guide. Can you please update it for the latest versions of openldap where /etc/openldap/slapd.conf does not exist?
Thank you,
Leonard
Saitej on November 9, 2014 6:37 am
ldapadd -x -W -D “cn=Manager,dc=yahoo,dc=com” -f /root/base.ldif
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)
How to solve this issue please help
thanks in advance…
sivaram on June 25, 2014 4:14 am
can you please post
how to configure client as well
vinay kumar on May 28, 2014 8:32 am
While using
# ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/base.ldif
I am getting this error
ldapadd: invalid option — x
usage: ldapadd [options]
list of operations are read from stdin or
from the file with -f file option.
likelinux on April 4, 2014 10:26 am
Hello,
How can I add certificate authentication in both server and ldap client ?
Priyank on September 30, 2013 9:36 pm
Hi Rahul,
AFter running this command # ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/base.ldif
I am getting ldap_blind: Invalid credentials (49).
Please let me know how can I solve this
- Rahul on October 1, 2013 4:37 am
  Hi Priyank,
  Make sure you are using same password used with “slappasswd” command in step #3.