Monday, July 18, 2011

Basic LDAP Configuration on CentOS

LDAP today is a standard for central authentication solution, it is a very complex subject with hundreds of features and configurable options. In this short tutorial I will not try to explain the concepts of LDAP but rather demonstrate a quick way of setting up & configuring LDAP server (OpenLDAP in our case) on CentOS 6 machine, so lets start:

1)Installation:
#yum -y install openldap openldap-servers openldap-clients migrationtools

2)Configure administrator password:
#slappasswd

Copy the hashed password into:
/etc/openldap/slapd.conf
Uncomment the line starts with rootpw and paste the output hashed password like this:
rootpw {SSHA}NJWxZ6g/z9tCJZWZzuPFAN4Uo1AQokU8

3)Next in the same file, set your DN:
suffix"dc=yourdomain,dc=com"
rootdn"cn=Manager,dc=yourdomain,dc=com"

Save changes and exit.

4)Open /etc/openldap/ldap.conf

... and add the following lines:
HOST 127.0.0.1
BASE dc=yourdomain,dc=com

Save changes and exit.

5)Copy the example DB file to your DIT directory:
#cp /usr/share/doc/openldap-servers-2.4.19/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

6)Make sure ldap is started on desired run-levels + start the server:
#chkconfig slapd on
#/etc/init.d/slapd start

7)Edit /usr/share/migrationtools/migrate_base.ph
Rename the following lines with your credentials:
$DEFAULT_MAIL_DOMAIN = "dc=yourdomain,dc=com";
$DEFAULT_BASE = "dc=yourdomain,dc=com";

Save the file.


8)Generate LDIF file with the previously edited perl script:
/usr/share/migrationtools/migrate_base.pl > /etc/openldap/yourdomain.ldif

9)Configure LDAP server logging in syslog configuration, open:/etc/syslog.conf



...and add the following lines:
#LDAP Logging
local4.debug          /var/log/slapd.log



Hup the syslog service:
#kill -HUP $(cat /var/run/syslog.pid)


Restart LDAP service:
#/etc/init.d/slapd restart


Basic configuration is done, let's try to add an object and make a search:

#ldapadd -x -a -W -D  "cn=Manager,dc=yourdomain,dc=com" -f /etc/openldap/yourdomain.ldif

*lots of objects being added*


Restart the service:
#/etc/init.d/slapd restart


Next, make a general search (for any objectclass):
#ldapsearch -x -b "dc=yourdomain,dc=com" "objectclass=*" 

# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: cn=Manager,dc=yourdomain,dc=com
# requesting: objectclass=*
#

# search result
search: 2
result: 0 Success

# numResponses: 1


You should be able to see all the object classes of your LDAP DB.


Well this is just the basics to  get you going, feel free to explore further...

Cheers.

No comments: