gns3,

Installing OpenLDAP

Gini Gini Follow · 2 mins read
Installing OpenLDAP
Share this

Install LDAP Server

Install Packages

yum install *openldap* -y

Start Service

# systemctl start slapd
# systemctl enable slapd

enable firewall port

# firewall-cmd --add-service=ldap 

Configure LDAP Server

Update admin password

# slappasswd
New password: 
Re-enter new password:
{SSHA}8hG0fZ8xxDE8tcp2g0YAhurCy3qIZI+I

create an LDIF file (ldaprootpasswd.ldif) which is used to add an entry to the LDAP directory.

# vim ldaprootpasswd.ldif

# cat ldaprootpasswd.ldif 
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}8hG0fZ8xxDE8tcp2
  • olcDatabase: indicates a specific database instance name and can be typically found inside /etc/openldap/slapd.d/cn=config.
  • cn=config: indicates global config options.
  • PASSWORD: is the hashed string obtained while creating the administrative user.

Add entry from file

# ldapadd -Y EXTERNAL -H ldapi:/// -f ldaprootpasswd.ldif 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={0}config,cn=config"

Configure LDAP DB

Copy Sample DB

# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# chown -R ldap:ldap /var/lib/ldap/DB_CONFIG 
# systemctl restart slapd

import some basic LDAP schemas from the /etc/openldap/schema directory as follows.

$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif 
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

Add domain info

# cat ldapdomain.ldif 

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=Manager,dc=lab,dc=com" read by * none

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=lab,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=lab,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}8hG0fZ8xxDE8tcp2

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
  dn="cn=Manager,dc=lab,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=lab,dc=com" write by * read

Update DB

# ldapmodify -Y EXTERNAL -H ldapi:/// -f ldapdomain.ldif 

Create baseldapdomain.ldif with more details

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: example com
dc: example

dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=example,dc=com
objectClass: organizationalUnit
ou: Group 

and

# ldapadd -Y EXTERNAL -x -D cn=Manager,dc=example,dc=com -W -f baseldapdomain.ldif

Configure Client using SSSD

## Install packages
yum install sssd sssd-client

## Configure System
authconfig --enablesssd --enablesssdauth --ldapserver="<ldapserver>" --ldapbasedn="<ldap-base-dn>" --enableldaptls --update

## eg:
authconfig --enablesssd --enablesssdauth --ldapserver="ldap.jumpcloud.com" --ldapbasedn="ou=Users,o=5ffd6b642482a16659721d5c,dc=jumpcloud,dc=com" --enableldaptls --update

Appendix

Reference https://www.tecmint.com/install-openldap-server-for-centralized-authentication/

Gini
Written by Gini Follow
Backpacker, Foodie, Techie

Latest Stories

How To Get Hands-On Experience in AWS

Every Time you have the same situation, you know the technology and maybe you are already a certified professional in that technology, but you are not getting enough hands-on on that ...

In AWS, Jan 04, 2021
Getting Started with Ansible Collections

Ansible Collection is a great way of getting content contributions from various Ansible Developers. Earlier there was a tagline for Ansible – “Batteries included”, but now the battery...

In redhat, ansible, Dec 22, 2020
Configure Your Windows Host to be Managed by Ansible

I was talking to my friend about Ansible automation and how we are implementing automated solutions for cloud and on-premise infrastructure. Then he told me that, his team is looking ...

In redhat, ansible, Dec 01, 2020
Remove nodes from Kubespray Managed Kubernetes Cluster

Kubespray is a combination of Ansible and Kubernetes and you can use Kubespray for deploying production ready Kubernetes clusters. You can manage full-lifecycle of Kubernetes clusters...

In containers, kubernetes, Nov 30, 2020
Adding new nodes to Kubespray Managed Kubernetes Cluster

Kubespray is a combination of Ansible and Kubernetes and you can use Kubespray for deploying production ready Kubernetes clusters. Learn how to add new nodes in a Kubernetes cluster u...

In containers, kubernetes, Nov 27, 2020

Featured