== OpenLDAP Server and client Configuration File ==
=== OpenLDAP Server Configuration directory ===
Please note that the following procedure only works for CentOS Linux starting from <font color='red'>version 7.0</font>.
* Top of the configure directory for the OpenLDAP server slapd: /etc/openldap/slapd.d/cn=config
-rw-------. 1 ldap ldap 609 Dec 16 2015 olcDatabase={2}hdb.ldif
</pre>
* Some notes:** cn=schema - contains the schema to be loaded by the slapd server.
** olcDatabase={2}hdb.ldif - the main configuration for the OpenLDAP server's database.* Initial contents
in the "cn=schema" directory:<pre> [root@localhost cn=schema]# ls -l
total 40
-rw-------. 1 ldap ldap 15578 Dec 16 2015 cn={0}core.ldif
</pre>
Standalone OpenLDAP server configuration * Initial contents in the "olcDatabase={2}hdb.ldif" file:<pre>[root@localhost cn=config]#cat olcDatabase\=\{2\}hdb.ldif # You should setAUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.# CRC32 2e34fa34dn: olcDatabase={2}hdbobjectClass: olcDatabaseConfigobjectClass: olcHdbConfigolcDatabase: {2}hdbolcDbDirectory: /var/lib/modify the following directivesldap### rootdn olcSuffix: dc=my- DN of the LDAP server administrator accountdomain,dc=com### rootpw olcRootDN: cn=Manager,dc=my- password for the administrator accountdomain,dc=comolcDbIndex: objectClass eq,presolcDbIndex: ou,cn,mail,surname,givenname eq,pres,substructuralObjectClass: olcHdbConfig### database entryUUID: 356a18aa-384e-1035-958d- what back end database to use25b49e5bf54ecreatorsName: cn=configcreateTimestamp: 20151216143659ZentryCSN: 20151216143659.541486Z#000000#000# suffix - 000000modifiersName: cn=configmodifyTimestamp: 20151216143659Z</pre> To use OpenLDAP directory to host Linux user accounts, you need to import three more existing schema: cosine, nis, and inetorgperson for the slapd server. You also need to update the DN of following fields in the "olcDatabase={2}hdb.ldif" file:* olcSuffix - update to reflect your base directory on the LDAP servercontext (or naming context)### directory * olcRootDN - where update to put match your naming context* olcRootPW - add password for authenticating the databaseDirectory Server Manager (i.e. olcRootDN) ==Start slapd and add additional schema = =After installing the openldap-servers rpm package, you should be able to start the OpenLDAP client configuration ===server slapd with the following command:<pre>systemctl start slapd.service</pre> To configure your system to start slapd.server at system boot, run the following command:<pre>systemctl enable slapd.service</pre> You can now import the three required schema:<pre>ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldifldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldifldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/inetorgperson.ldif</pre> # Check the directory content in "/etc/openldap/ldapslapd.confd/cn=config/cn=schema"<pre>[root@localhost cn=config]## This is the configuration file for the ls -l cn\=schematotal 40-rw-------. 1 ldap ldap clients15578 Dec 16 2015 cn={0}core. The following are ldif-rw-------. 1 ldap ldap client programs11455 Nov 22 18:34 cn={1}cosine.ldif### ldapadd-rw-------. 1 ldap ldap 6587 Nov 22 18:35 cn={2}nis.ldif### ldapcompare-rw-------. 1 ldap ldap 2949 Nov 22 18:35 cn={3}inetorgperson.ldif### ldapdelete</pre>### ldapmodify### ldapmodrdn==Check current "naming context" of the OpenLDAP directory ==### ldappasswd<pre>##[root@localhost cn=config]# ldapsearch-x -b '' -s base namingContexts#extended LDIF## ldapwhoamiLDAPv3#base <> with scope baseObject# You could set/modify the following directivesfilter:(objectclass=*)#requesting: namingContexts # # BASEdn:namingContexts: dc=my-domain,dc=com #search resultsearch: 2result: 0 Success #numResponses: 2# URLnumEntries: 1# </etc/ldappre> == Changing the "naming context" i.e.confolcSuffix, and update the olcRootDN and olcRootPW==## This is Create the configuration following LDIF file for the LDAP nameservice switch library and the LDAP PAM modulename it "newbase.ldif:<pre>## You could setcutomize domain namedn: olcDatabase={2}hdb,cn=configchangetype: modifyreplace: olcSuffixolcSuffix: dc=ops535,dc=com dn: olcDatabase={2}hdb,cn=configchangetype: modifyreplace: olcRootDNolcRootDN: cn=Manager,dc=ops535,dc=com dn: olcDatabase={2}hdb,cn=configchangetype: modifyadd: olcRootPWolcRootPW: {SSHA}1Di4Suea6ojE2bFxJhLDScjQyQ97GSef</modify pre> Run the following directivescommand to preform the update:### base<pre>### host ldapmodify -Y EXTERNAL -H ldapi:/// - IP or hostname f newbase.ldif</pre> Check the content of the LDAP serverfile /etc/openldap/slapd. If you use hostname, it must be resolvable without using LDAPd/cn=config/olcDatabase={2}hdb. Multiple hosts may be specified, each separated by a spaceldif to confirm.
== Important LDAP Commands and Sample LDIF files ==
* Base LDIF filefor the base entry* LDIF file for new POSIX User account fileaccounts
* ldapadd, ldapsearch, ldapdelete command
# numResponses: 2
# numEntries: 1
== OpenLDAP client configuration ==
# /etc/openldap/ldap.conf
## This is the configuration file for the ldap clients. The following are ldap client programs:
### ldapadd
### ldapcompare
### ldapdelete
### ldapmodify
### ldapmodrdn
### ldappasswd
### ldapsearch
### ldapwhoami
## You could set/modify the following directives:
### BASE
### URL
# /etc/ldap.conf
## This is the configuration file for the LDAP nameservice switch library and the LDAP PAM module
## You could set/modify the following directives:
### base
### host - IP or hostname of the LDAP server. If you use hostname, it must be resolvable without using LDAP. Multiple hosts may be specified, each separated by a space.
== Using OpenLDAD for Apache Basic Authentication ==
[http://www.oracle.com/technology/documentation/berkeley-db/db/ref/toc.html Berkeley DB Reference Guide (Version: 4.6.21) ]
[[Category:OPS535]]
<b>OID</b>
* [http://www.iana.org/assignments/enterprise-numbers/enterprise-numbers Private Enterprise OID registry]
