932
edits
Changes
m
→Investigation 2: Setup and Configure OpenLdap Client: - Dealing with centos 8 not including ldap
==Pre-Requisites==
The pre-lab must be complete so that your virtual machines share access to a private network.
Due to Centos 8 no longer including support for LDAP, this lab will have to be performed on Centos 7 VMs. Install 2 new VMs in your virtual networks using a minimal installation of Centos 7, giving them hostnames and addresses appropriate to your domain and network numbers. In this lab they will be referred to as vm4 (for the ldap server), and vm5 (for the client).
==Investigation 1: OpenLDAP Server Setup and Configuration==
{{Admon/important|Warning|Make a backup before you start this lab. It is very difficult to recover this service if you make a mistake in configuration.}}Perform the following steps on vm1a new vm (we'll call it vm4) installed using Centos 7:
<ol>
<li>Install the following packages
cn=schema
cn=schema.ldif
olcDatabase={0}config.ldifolcDatabaseldifolcDatabase={1}monitor.ldif
olcDatabase={-1}frontend.ldif
olcDatabase={2}hdb.ldif
<li>Start the ldap service ('''slapd'''), and ensure that it will automatically start when your machine boots.
Check the status of the service and ensure that it started without error before continuing.</li>
<li>Use the ldap add command to add the cosine, nis, and inetorgperson schemata to your server'''in that order'''.
Use the authentication type '''EXTERNAL''', and '''ldapi:///''' as the host.</li>
<li>List the schema directory again. This time you should see the core schema, along with the three schemata you just added.</li>
# numEntries: 5
</source></li>
<li>Create an ldif file called group.ldif that will add an organizational unit with the dn distinguished name '''ou=Group, dc=ops535, dc=com'''.
It will act as an organizer for group information.</li>
<li>Use the /etc/group file and migrate_group.pl to create an ldif file that will add the group entries for ldapuser1 and ldapuser2 to your database.</li>
<li>Add the group entries for ldapuser1 and ldapuser2 to your database.
Use ldapsearch to confirm that they have been added.</li>
<li>Modify your firewall to allow incoming ldap traffic from your internal zone. Makew Make sure that this change persists past reboot.</li></ol>ou
==Investigation 2: Setup and Configure OpenLdap Client==
Perform the following steps on vm2your other centos 7 vm (I will call it vm5):
<ol>
<li>Install the following packages
<li>Prior to making any changes to how your machines handle login information, use the authconfig
--savebackup command to save your current configuration into /root/ldap/backup.</li>
<li>Use the authconfig command to configure your vm to use vm1 vm4 as the ldap server.
Note that you will to enable ldap authentication, identify the ldap server, and the base distinguished name in a single command.</li>
<li>Check the name service switch configuration file /etc/nsswitch.conf to confirm that LDAP is
# numEntries: 1
</source>
<li>Logout of the client machine, then log back in using the ldapuser1 account.< You will notice you get an error message about not being able to find /li><li>Repeat steps 1 through 6 home/ldapuser1. Normally, we would be remotely mounting home directories, so that even though it doesn't exist on vm3vm5, the machine would be mounting it from a server where it does exist.</li>
</ol>
==Investigation 3: Update LDAP Configuration==
<ol><li>Add the following user accounts to your LDAP server:<br/>user name: your seneca id – password: pick your own<br/>rchan – password: ops535<br/>
seneca – password: ops535</li>
<li>Run the ldapsearch command for each user, and confirm that their information is correct</li>
<li>Consult the man page on ldapdelete to find out how to remove an LDAP user. Delete ldapuser2.</li>
</ol>
==Completing the Lab==
