Open main menu

CDOT Wiki β

Changes

NAD810 LDAP LAB

455 bytes added, 14:31, 16 November 2016
LDAP server using OpenLDAP
The OpenLDAP software package is an Open Source and Free implementation of the Lightweight Directory Access Protocol (LDAP). It is gaining wide acceptance as the directory access method of the Internet and also with corporate intranets.
In this lab, you set the instruction is for setting up and configure an LDAP server with the base context of "dc=nad810,dc=com". Replace this with your own base context. After setting up the OpenLDAP server and , you need to configure the LDAP clients to use the user account information stored in the LDAP server to perform user authenicationon the client machine. You can use the OpenLDAP client/server to replace your NIS client/server for network user authentication.
<b>Notes: OpenLDAP Use TCP port 389 for regular communication and port 636 for encrypted transactions</b> You need to have these ports opened on your firewall.
* openldap-servers
* nss_ldap
* migrationtools (for Fedora 10)Sample nsswitch configuration file for LDAP: /usr/share/doc/nss_ldap-220/nsswitch_ldap 
===OpenLDAP Server configuration Summary===
#Create an OpenLDAP database
#Create an OpenLDAP “root” password and edit the OpenLDAP main database configuration file /etc/openldap/slapd.confd/cn=config/olcDatabase={2}hdb.ldif#Start the OpenLDAP server daemon- slapd.service#Create an a base LDIF file for importing to the OpenLDAP database#Create a user account LDIF file for importing to the OpenLDAP database#Import an the LDIF file files into the OpenLDAP database
====OpenLDAP Server configuration details:====
(1) Create an /verify the directory for OpenLDAP databasefiles<pre> mkdir /var/lib/ldap/ chown ldap.ldap /var/lib/ldap chmod 700 /var/lib/ldap</pre>The directory listing of /var/lib/ldap should be:
<pre>
mkdir [root@localhost cn=config]# ls -ldZ /var/lib/ldap/nad810.com chown ldapdrwx------.ldap /var/lib/ldap/nad810.comsystem_u:object_r:slapd_db_t:s0 chmod 700 /var/lib/ldap/nad810.com
</pre>
(2)Create an Configure the OpenLDAP “root” user and password and edit by editing the OpenLDAP server's main database configuration file “/etc/openldap/slapd.conf”d/cn=config/olcDatabase={2}hdb.ldif”
Only the LDAP's “rootdn” user can create, import, and export data into a LDAP database. You can use the slappasswd command to create a the password and use put it in the LDAP server database configuration filementioned above:
<pre>
slappasswd
New password: [nad810secret]
Re-enter new password: [nad810secret]
{SSHA}3NVLOWwqIMka3OyIYLyGrrkirD0pU0Qx FavfvViq/edEw8x4TV6y7w1L2llXzZzz <-- Copy this to the slapdolcDatabase={2}hdb.conf ldif file
</pre>
Add/Modify the slapdolcDatabase={2}hdb.conf ldif file to show have the following (ldbm only supported up to Openldap 2.3, Openldap 2.4 only suppport bdb): <pre> database bdb suffix “dc olcSuffix: dc=nad810,dc=com”com rootdn “cn olcRootDN: cn=Manager,dc=nad810,dc=com”com rootpw olcRootPW: {SSHA}3NVLOWwqIMka3OyIYLyGrrkirD0pU0QxFavfvViq/edEw8x4TV6y7w1L2llXzZzz directory </var/lib/ldap/nad810pre>Do not change other lines.com password-hash {CRYPT}
(3) Start the OpenLDAP server daemonslapd.service<pre> systemctl start slapd.service</pre>
service ldap start To verify that the service OpenLDAP server daemon is running and working, try the following query command:
<pre>
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
</pre>
You should get something similar to the following:
  <pre>
# extended LDIF
#
# numResponses: 2
# numEntries: 1
</pre>
(4)Create an LDIF file for importing to the OpenLDAP database
ldapsearch -x 'uid=ldapuser'
 
= To Complete the Lab =
1,760
edits