Linux Administration, Interview Question, Tips And Tricks: what is Open Ldap and how to configure it?

Open LDAP:

LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. LDAP is defined in RFC2251 "The Lightweight Directory Access Protocol (v3).

In simple Words "LDAP is a protocol for managing related information from a centralized location through the use of a file and directory hierarchy. It functions in a similar way to a relational database in certain ways, and can be used to organize and store any kind of information. LDAP is commonly used for centralized authentication."

How Does Open LDAP Work:

An LDAP client connects to an LDAP server and asks it a question. The server responds with the answer, or with a pointer to where the client can get more information (typically, another LDAP server). No matter what LDAP server a client connects to, it sees the same view of the directory; a name presented to one LDAP server references the same entry it would at another LDAP server. This is an important feature of a global directory service, like LDAP.

OpenLDAP Installation and Configuration:

I'm using the following Network Details:

System name: ldap.example.com
System IP: 192.168.0.254
Domain Name: example.com

Use the following steps:

1. Add user accounts for testing the ldap server :

#useradd ldapuser1

#passwd ldapuser1

#useradd ldapuser2

#passwd ldapuser2

2. Install packages of ldap:

#yum install openldap* -y

following packages installed by this command:

compat-openldap.i386 0:2.1.30-6.4E

openldap-clients.i386 0:2.2.13-6.4E

openldap-devel.i386 0:2.2.13-6.4E

openldap-servers.i386 0:2.2.13-6.4E

openldap-servers-sql.i386 0:2.2.13-6.4E

3. Create ldap root user password after installing the open ldap packages:

#slappasswd

New password:

Re-enter new password:

{SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW

4. Update /etc/openldap/slapd.conf for the root password:

#vim /etc/openldap/slapd.conf

database bdb

suffix "dc=example,dc=com"

rootdn "cn=Manager,dc=example,dc=com"

rootpw {SSHA}cWB1VzxDXZLf6F4pwvyNvApBQ8G/DltW
save & exit.

5. Migrate local users to LDAP:

# grep root /etc/passwd > /etc/openldap/passwd.root

# grep test1 /etc/passwd > /etc/openldap/passwd.test1

# grep test2 /etc/passwd > /etc/openldap/passwd.test2

Note: Repeat the same for the rest of users

6. Update default settings on file /usr/share/openldap/migration/migrate_common.ph :

DEFAULT_MAIL_DOMAIN = “example.com”;

DEFAULT_BASE = “dc=example,dc=com”;

7. Start ldap service:
#service ldap restart
#chkconfig ldap on

8. Create ldif file for domain (example.com). using .ldif extension with file (for example: test.ldif):
#vim /etc/openldap/test.ldif

                    dn: dc=example,dc=com
                 dc: example
                 objectClass: top
                 objectClass: domain
                 dn: ou=users,dc=example,dc=com
                 ou: users
                 objectClass: top
                 objectClass: organizationalUnit
                 dn: ou=Group,dc=example,dc=com
                 ou: Group
                 objectClass: top
                 objectClass: organizationalUnit

save & exit.

9. Create ldif file for all test users:

#cd /usr/share/openldap/migration/
#grep root /etc/passwd > /etc/openldap/passwd.root
#grep ldapuser1 /etc/passwd > /etc/openldap/passwd.ldapuser1
#grep ldapuser2 /etc/passwd > /etc/openldap/passwd.ldapuser2
#./migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
#./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser1.ldif
#./migrate_passwd.pl /etc/openldap/passwd.ldapuser1 /etc/openldap/ldapuser2.ldif

10. Modify all users ldif file like this:
# vim /etc/openldap/ldapuser1.ldif

                   dn: uid=ldapuser1,dc=example,dc=com
                   uid: ldapuser1
                   cn: ldapuser1
                   objectClass: account
                   objectClass: posixAccount
                   objectClass: top
                   objectClass: shadowAccount
                   objectClass: radiusprofile  
                   description: 802.1x user
                   radiusFilterId: "Enterasys:version=1:policy=Enterprise User"
                   userPassword: {crypt}$1$rN6WLraT$9skdu7BpRUM6v7DiEhQXt1
                   shadowLastChange: 15419
                   shadowMin: 0
                   shadowMax: 99999
                   shadowWarning: 7 
                   loginShell: /bin/bash
                   uidNumber: 612
                   gidNumber: 612
                   homeDirectory: /home/ldapuser1

11. Import all users in to the LDAP:

Add the Domain ldif file

#ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/test.ldif

Enter LDAP Password:

adding new entry “dc=example,dc=com”

adding new entry “ou=People, dc=example,dc=com”

Add the users:

#ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/root.ldif

Enter LDAP Password:

adding new entry “uid=root,ou=People,dc=example,dc=com”

adding new entry “uid=operator,ou=People,dc=example,dc=com”

#ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/ldapuser1.ldif

Enter LDAP Password:

adding new entry “uid=ldapuser1,ou=People,dc=example,dc=com”

#ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f /etc/openldap/ldapuser2.ldif

Enter LDAP Password:

adding new entry “uid=ldapuser2,ou=People,dc=example,dc=com”

Note: Repeat the same for the rest of users.

12. Reastart the ldap service:

#service ldap restart

#chkconfig ldap on

13. Test Ldap Server:

#ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

Linux Administration, Interview Question, Tips And Tricks

Labels

Wednesday, January 7, 2015

what is Open Ldap and how to configure it?

Open LDAP:

OpenLDAP Installation and Configuration:

Use the following steps:

No comments:

Post a Comment