Changes

== OpenLDAP Server and client Configuration File = == OpenLDAP Server Configuration directory ==Please note that the following procedure only works for CentOS Linux up to starting from <font color='red'>version 67.0</font>. * Top of the configure directory for the OpenLDAP server slapd: /etc/openldap/slapd.d/cn=config<pre>[root@localhost cn=schema]# ls -l /etc/openldap/slapd.confd/cn\=configtotal 20drwxr-x---. 2 ldap ldap 104 Nov 22 18:35 cn=schema-rw-------. 1 ldap ldap 378 Dec 16 2015 cn=schema.ldif-rw-------. 1 ldap ldap 513 Dec 16 2015 olcDatabase={0}config.ldif-rw-------. 1 ldap ldap 443 Dec 16 2015 olcDatabase={-1}frontend.ldif-rw-------. 1 ldap ldap 562 Dec 16 2015 olcDatabase={1}monitor.ldif-rw-------. 1 ldap ldap 609 Dec 16 2015 olcDatabase={2}hdb.ldif</pre>* Some notes:** cn=schema - contains the schema to be loaded by the slapd server. ## Standalone ** olcDatabase={2}hdb.ldif - the main configuration for the OpenLDAP server configuration file's database.* Initial contents in the "cn=schema" directory:<pre>[root@localhost cn=schema]## You should setls -ltotal 40-rw-------. 1 ldap ldap 15578 Dec 16 2015 cn={0}core.ldif</modify pre>* Initial contents in the following directives"olcDatabase={2}hdb.ldif" file:<pre>[root@localhost cn=config]#cat olcDatabase\=\{2\}hdb.ldif #AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.# rootdn CRC32 2e34fa34dn: olcDatabase={2}hdbobjectClass: olcDatabaseConfigobjectClass: olcHdbConfigolcDatabase: {2}hdbolcDbDirectory: /var/lib/ldapolcSuffix: dc=my-domain,dc=comolcRootDN: cn=Manager,dc=my- DN of the LDAP server administrator accountdomain,dc=comolcDbIndex: objectClass eq,presolcDbIndex: ou,cn,mail,surname,givenname eq,pres,substructuralObjectClass: olcHdbConfigentryUUID: 356a18aa-384e-1035-958d-25b49e5bf54ecreatorsName: cn=configcreateTimestamp: 20151216143659ZentryCSN: 20151216143659.541486Z#000000#000# rootpw - password 000000modifiersName: cn=configmodifyTimestamp: 20151216143659Z</pre> To use OpenLDAP directory to host Linux user accounts, you need to import three more existing schema: cosine, nis, and inetorgperson for the administrator accountslapd server. You also need to update the following fields in the "olcDatabase={2}hdb.ldif" file:### database * olcSuffix - update to reflect your base context (or naming context)* olcRootDN - what back end database update to usematch your naming context### suffix * olcRootPW - add password for authenticating the DN of Directory Server Manager (i.e. olcRootDN) == Start slapd and add additional schema ==After installing the base directory on openldap-servers rpm package, you should be able to start the LDAP OpenLDAP serverslapd with the following command:<pre>systemctl start slapd.service</pre> ### directory - where To configure your system to put start slapd.server at system boot, run the following command:<pre>systemctl enable slapd.service</pre> You can now import the databasethree required schema:<pre>ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldifldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldifldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/inetorgperson.ldif</pre> # Check the directory content in "/etc/openldap/ldapslapd.confd/cn=config/cn=schema"<pre>[root@localhost cn=config]## This is the configuration file for the ls -l cn\=schematotal 40-rw-------. 1 ldap ldap clients15578 Dec 16 2015 cn={0}core. The following are ldif-rw-------. 1 ldap ldap client programs11455 Nov 22 18:34 cn={1}cosine.ldif### ldapadd-rw-------. 1 ldap ldap 6587 Nov 22 18:35 cn={2}nis.ldif### ldapcompare-rw-------. 1 ldap ldap 2949 Nov 22 18:35 cn={3}inetorgperson.ldif### ldapdelete</pre>### ldapmodify### ldapmodrdn==Check current "naming context" of the OpenLDAP directory ==### ldappasswd<pre>##[root@localhost cn=config]# ldapsearch-x -b '' -s base namingContexts#extended LDIF## ldapwhoamiLDAPv3#base <> with scope baseObject# You could set/modify the following directivesfilter:(objectclass=*)#requesting: namingContexts # # BASEdn:namingContexts: dc=my-domain,dc=com #search resultsearch: 2result: 0 Success #numResponses: 2# URLnumEntries: 1# </etc/ldappre> == Changing the "naming context" i.e.confolcSuffix, and update the olcRootDN and olcRootPW==## This is Create the configuration following LDIF file for the LDAP nameservice switch library and the LDAP PAM modulename it "newbase.ldif:<pre>## You could setcutomize domain namedn: olcDatabase={2}hdb,cn=configchangetype: modifyreplace: olcSuffixolcSuffix: dc=ops535,dc=com dn: olcDatabase={2}hdb,cn=configchangetype: modifyreplace: olcRootDNolcRootDN: cn=Manager,dc=ops535,dc=com dn: olcDatabase={2}hdb,cn=configchangetype: modifyadd: olcRootPWolcRootPW: {SSHA}1Di4Suea6ojE2bFxJhLDScjQyQ97GSef</modify pre> Run the following directivescommand to preform the update:### base<pre>### host ldapmodify -Y EXTERNAL -H ldapi:/// - IP or hostname f newbase.ldif</pre> Check the content of the LDAP serverfile /etc/openldap/slapd. If you use hostname, it must be resolvable without using LDAPd/cn=config/olcDatabase={2}hdb. Multiple hosts may be specified, each separated by a spaceldif to confirm.

* Base LDIF filefor the base entry* LDIF file for new POSIX User account fileaccounts