Installing OpenLDAP

Gini Gini Follow · 2 mins read
Installing OpenLDAP
Share this

Install LDAP Server

Install Packages

yum install *openldap* -y

Start Service

# systemctl start slapd
# systemctl enable slapd

enable firewall port

# firewall-cmd --add-service=ldap 

Configure LDAP Server

Update admin password

# slappasswd
New password: 
Re-enter new password:

create an LDIF file (ldaprootpasswd.ldif) which is used to add an entry to the LDAP directory.

# vim ldaprootpasswd.ldif

# cat ldaprootpasswd.ldif 
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}8hG0fZ8xxDE8tcp2
  • olcDatabase: indicates a specific database instance name and can be typically found inside /etc/openldap/slapd.d/cn=config.
  • cn=config: indicates global config options.
  • PASSWORD: is the hashed string obtained while creating the administrative user.

Add entry from file

# ldapadd -Y EXTERNAL -H ldapi:/// -f ldaprootpasswd.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifying entry "olcDatabase={0}config,cn=config"

Configure LDAP DB

Copy Sample DB

# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# chown -R ldap:ldap /var/lib/ldap/DB_CONFIG 
# systemctl restart slapd

import some basic LDAP schemas from the /etc/openldap/schema directory as follows.

$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif 
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

Add domain info

# cat ldapdomain.ldif 

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=Manager,dc=lab,dc=com" read by * none

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=lab,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=lab,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}8hG0fZ8xxDE8tcp2

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
  dn="cn=Manager,dc=lab,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=lab,dc=com" write by * read

Update DB

# ldapmodify -Y EXTERNAL -H ldapi:/// -f ldapdomain.ldif 

Create baseldapdomain.ldif with more details

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: example com
dc: example

dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=example,dc=com
objectClass: organizationalUnit
ou: Group 


# ldapadd -Y EXTERNAL -x -D cn=Manager,dc=example,dc=com -W -f baseldapdomain.ldif

Configure Client using SSSD

## Install packages
yum install sssd sssd-client

## Configure System
authconfig --enablesssd --enablesssdauth --ldapserver="<ldapserver>" --ldapbasedn="<ldap-base-dn>" --enableldaptls --update

## eg:
authconfig --enablesssd --enablesssdauth --ldapserver="" --ldapbasedn="ou=Users,o=5ffd6b642482a16659721d5c,dc=jumpcloud,dc=com" --enableldaptls --update



Written by Gini Follow
Backpacker, Foodie, Techie

Latest Stories

How to attend Red Hat Remote Exam ? Every details you need to know

In August 2020, Red Hat announced the availability of Remote exams for students and the entire Learning community were so happy, yes we can attend Red Hat exams from our home or offic...

In redhat, Nov 09, 2020
How to Import Existing VMWare VM’s into Terraform

Terraform is an amazing tool for your infrastructure automation. Everything about your infrastructure can be write as code and maintain by team; means your infrastructure is transpare...

In terraform, Nov 04, 2020
Connecting Ansible Tower to Git Server with Self Signed Certificates

So many questioned me when I mention git server in an Ansible Tower environment; and later I realized that, most of them are keeping their projects inside Ansible Tower !!!

In Ansible, Oct 12, 2020
HashiCorp Certified Terraform Associate – Learning & Exam Tips

I started using Terraform somewhere in 2018, but very limited usage as I thought it is just another tool for provisioning infrastructure and other services – or a variant of Vagrant; ...

In terraform, Sep 18, 2020
How to Pass CKA & CKAD Exams ? 10 Tips for Kubernetes Exams

Here see the best tips for Kubernetes Exams - Certified Kubernetes Administrator (CKA) & Certified Kubernetes Application Developer (CKAD).

In kubernetes, Aug 15, 2020