1,760
edits
Changes
→More Resources
Please note that the following procedure only works for CentOS Linux starting from <font color='red'>version 7.0</font>.
* Top of the configure directory for the OpenLDAP server slapd: /etc/openldap/slapd.d/cn=config
-rw-------. 1 ldap ldap 15578 Dec 16 2015 cn={0}core.ldif
</pre>
* Initial contents in the "oldDatabaseolcDatabase={2}hdb.ldif" file:
<pre>
[root@localhost cn=config]# cat olcDatabase\=\{2\}hdb.ldif
</pre>
To use OpenLDAP directory to host Linux user accountaccounts, you need to import three more existing schema: cosine, nis, and inetorgperson for the slapd server. You also need to update the following fields in the "olcDatabase={2}hdb.ldif" file:
* olcSuffix - update to reflect your base context (or naming context)
* olcRootDN - update to match your naming context
* olcRootPW - add password for authenticating the Directory Server Manager (for i.e. olcRootDN)
== Start slapd and add additional schema ==
After installing the openldap-servers rpm package, you should be able to start the OpenLDAP server slapd with the following command:
<pre>
</pre>
=== Check current "naming context" of the OpenLDAP client configuration directory ==<pre>[root@localhost cn=config]# ldapsearch -x -b '' -s base namingContexts# /etc/openldap/ldap.confextended LDIF## This is the configuration file for the ldap clients. The following are ldap client programs:LDAPv3#base <> with scope baseObject#filter: (objectclass=*)# ldapaddrequesting: namingContexts ### ldapcompare ### ldapdelete### ldapmodifydn:### ldapmodrdnnamingContexts: dc=my-domain,dc=com### ldappasswd### ldapsearchsearch result### ldapwhoamisearch: 2## You could set/modify the following directivesresult:0 Success ### BASEnumResponses: 2### URLnumEntries: 1# </etc/ldappre> == Changing the "naming context" i.e.confolcSuffix, and update the olcRootDN and olcRootPW==## This is Create the configuration following LDIF file for the LDAP nameservice switch library and the LDAP PAM modulename it "newbase.ldif:<pre>## You could setcutomize domain namedn: olcDatabase={2}hdb,cn=configchangetype: modifyreplace: olcSuffixolcSuffix: dc=ops535,dc=com dn: olcDatabase={2}hdb,cn=configchangetype: modifyreplace: olcRootDNolcRootDN: cn=Manager,dc=ops535,dc=com dn: olcDatabase={2}hdb,cn=configchangetype: modifyadd: olcRootPWolcRootPW: {SSHA}1Di4Suea6ojE2bFxJhLDScjQyQ97GSef</modify pre> Run the following directivescommand to preform the update:### base<pre>### host ldapmodify -Y EXTERNAL -H ldapi:/// - IP or hostname f newbase.ldif</pre> Check the content of the LDAP serverfile /etc/openldap/slapd. If you use hostname, it must be resolvable without using LDAPd/cn=config/olcDatabase={2}hdb. Multiple hosts may be specified, each separated by a spaceldif to confirm.
== Important LDAP Commands and Sample LDIF files ==
* Base LDIF filefor the base entry* LDIF file for new POSIX User account fileaccounts
* ldapadd, ldapsearch, ldapdelete command
# numResponses: 2
# numEntries: 1
== OpenLDAP client configuration ==
# /etc/openldap/ldap.conf
## This is the configuration file for the ldap clients. The following are ldap client programs:
### ldapadd
### ldapcompare
### ldapdelete
### ldapmodify
### ldapmodrdn
### ldappasswd
### ldapsearch
### ldapwhoami
## You could set/modify the following directives:
### BASE
### URL
# /etc/ldap.conf
## This is the configuration file for the LDAP nameservice switch library and the LDAP PAM module
## You could set/modify the following directives:
### base
### host - IP or hostname of the LDAP server. If you use hostname, it must be resolvable without using LDAP. Multiple hosts may be specified, each separated by a space.
== Using OpenLDAD for Apache Basic Authentication ==
[http://www.oracle.com/technology/documentation/berkeley-db/db/ref/toc.html Berkeley DB Reference Guide (Version: 4.6.21) ]
[[Category:OPS535]]
<b>OID</b>
* [http://www.iana.org/assignments/enterprise-numbers/enterprise-numbers Private Enterprise OID registry]
