Juan Garcés

Personal Blog

Instalation of OpenLdap

October 20th, 2013

Esta entrada también está disponible en: Spanish

This tutorial was created for the instalation of OpenLdap in Linux RedHat.

For make the instalation of the server we execute:


yum install openldap-servers.i386


Finished the instalation, we need to configure the file /etc/openldap/slapd.conf (we can use VIM or the editor that you like)

The first is identify the structure of our tree. In the case of we need load a new schema, we will copy the corresponding file to the directory /etc/openldap/schema/ and after, we will include this in the first lines of the file slapd.conf:


#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/NUESTRO_ESQUEMA <-------- Include hire

After, we will configure the trunk of our tree, defining the root and the password. You can defining the password in plain text or encripted way. If you need the encripted way, you can execute the command slappasswd, and after insert the password twice, this displays the encoded string.


database        bdb
suffix          "dc=domain,dc=com"   <---- Define hire your domain
rootdn          "cn=Manager,dc=domain,dc=com"     <---- Define hire your root

# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.

# rootpw         secret

rootpw       {SSHA}a2tWJtNi4MbnzS5pW5CHnDstZkKG1DjG    <---- Encripted password

# rootpw       {crypt}ijFYNcSNctBYg

Now, we will see the directory in that our ldap database is saving.


# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/lib/ldap         <---- In this directory we have our database

To prevent errors with the default data, verify that the directory is empty, don't worry, on server starts, these files are generated again.


cd /var/lib/ldap
rm -rf *

Now, we can start our server, executing: service ldap start

If you like that the OpenLdap server starts automaticaly in the server reboot, execute this: chkconfig ldap on, with this OpenLdap starts automaticaly in the server reboot.

To the end, we need initializing the tree, adding the keys (suffix and rootdn) that we defined in our configuration file. For this, we generate a new file containing the below (for example, inicia.ldif):


dn: dc=domain,dc=com
objectclass: dcObject
objectclass: organization
o: what_you_want_for_name
dc: domain

dn: cn=Manager,dc=domain,dc=com
objectclass: organizationalRole
cn: Manager

We add the keys above executing the below (replace localhost and parameters for yours):


ldapadd -x -W -D "cn=Manager,dc=domain,dc=com" -h localhost -f /root/inicia.ldif

With this we finished the instalation of our OpenLdap server. You can begin to use with any tool of administration to load and manage your tree.

Another commands:


service ldap restart
service ldap start
service ldap stop
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

Juan Garcés

Personal Blog