HOW TO CONFIGURE LDAP SERVER

First we need to make sure that these required LDAP Server RPMs are installed on our LDAP server such as openldap-2.3.27-5.

Other required LDAP Server RPMS

openldap-clients-2.3.27-5

openldap-devel-2.3.27-5

nss_ldap-253-3

openldap-servers-2.3.27-5

compat-openldap-2.3.27_2.2.29-5

Required LDAP RPMS for Client Machine

We will have to make sure that the following packages are installed on our LDAP client.

openldap-2.3.27-5

openldap-devel-2.3.27-5

openldap-clients-2.3.27-5

nss_ldap-253-3

Configuring The LDAP Server

While we are going to configure LDAP Server, for this we must create an LDAP database and into which we can import the /etc/passwd file.

Here are the steps by step procedure:

1.       Create a Database Directory

In Redhat Enterprise Linux, LDAP by default use  /var/lib/ldap directory to put all the databases. For the example, create a dedicated mydomain.com directory, which should be owned by the user ldap. No need to create ldap user, because this user always created during the RPM installation.

# mkdir /var/lib/ldap/mydomain.com

# chown ldap:ldap /var/lib/ldap/mydomain.com

2.       Create an LDAP "root" password

Only the LDAP root user can create, import data, and export data into an LDAP database. Encrypted password is required for root user. We can create it with the slappasswd command and paste the result in the LDAP configuration file.

# slappasswd

New password:

Re-enter new password:

{SSHA}v4qLq/qy01w9my60LLX9BvfNUrRhOjQZ

3.       Create a Test Account Named ldapuser

Here we are creating a ldapuser account for testing purpose, using this command.

# useradd -g users ldapuser

# passwd ldapuser

Changing password for user ldapuser.

New password: 

Retype new password: 

passwd: all authentication tokens updated successfully.

4.       Edit the slapd.conf file

The LDAP server's daemon is named slapd and its configuration file is named /etc/openldap/slapd.conf. Update it with:

• A database of the default type bdb using the domain suffix mydomain.com made up of domain components (DCs) mydomain and com.
• The root user with a common name (CN), or nickname, of Manager who, as expected, is part of the mydomain and com DCs.
• The encrypted version of the LDAP root password as well as the location of the LDAP database.

The configuration file syntax to configure LDAP is:

database        bdb

suffix          "dc=mydomain,dc=com"

rootdn          "cn=Manager,dc=mydomain,dc=com"

rootpw          secret

rootpw          {SSHA}v4qLq/qy01w9my60LLX9BvfNUrRhOjQZ

directory       /var/lib/ldap/mydomain.com

5.       Create Your LDAP Database

This process involves migrating our system’s authentication files to the LDAP database which we will need to create. Here’s what we need to do:

1. Update our file location database with the updated command.  

# updatedb

2. Locate migrate_common.ph file. Here we can see it is located in the /usr/share/openldap/migration/ directory.

# locate migrate_common.ph

Output :     /usr/share/openldap/migration/migrate_common.ph

3. We have to edit this file and replace all instances of the string “padl” with the string “mydomain”. Padl is the website used by some of the LDAP development team. We need our domain to be “mydomain” instead so it matches our /etc/openldap/slapd.conf file. The migrate_common.ph file will be used later by the migration script.

4. Copy the DB_CONFIG.example starter file to our ldap database directory of /var/lib/ldap/mydomain.com.

# cp /etc/openldap/DB_CONFIG.example  /var/lib/ldap/mydomain.com/DB_CONFIG

5. Now we have to migrate our system authentication files using the migrate_all_offline.sh script that should reside in the same directory as the migrate_common.ph file.

# /usr/share/openldap/migration/migrate_all_offline.sh

Creating naming context entries...

Migrating groups...

Migrating hosts...

...

...

...

Preparing LDAP database...

=> bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair already exists (-30996)

=> bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996) slapadd: could not add entry dn="cn=raid-am,ou=Services,dc=mydomain,dc=com"(line=16432): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996) Migration failed: saving failed LDIF to /tmp/nis.ldif.E14499

6. LDAP would not start unless the files in the database directory are owned by the ldap user. Use the chown command to do this.

# chown -R ldap:ldap /var/lib/ldap/mydomain.com

7. Start LDAP and make sure it should start on reboot.

# service ldap start

Starting slapd: [  OK  ]

# chkconfig ldap on

Now we are ready to go forward! As our database has been created.

Test the LDAP database

For the testing purpose, we can view all the LDAP database entries at the same time with the ldapsearch command; this is a good test to make sure that we have all the correct functionality.

# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

OUTPUT should be like this 

# echo, Services, mydomain.com

dn: cn=echo,ou=Services,dc=mydomain,dc=com

objectClass: ipService

objectClass: top

ipServicePort: 4

ipServiceProtocol: ddp

cn: echo

# rje, Services, mydomain.com

dn: cn=rje,ou=Services,dc=mydomain,dc=com

objectClass: ipService

objectClass: top

ipServicePort: 5

ipServiceProtocol: udp

ipServiceProtocol: tcp

cn: rje

# test, People, mydomain.com

dn: uid=test,ou=People, dc=mydomain,dc=com

uid: test

cn: test

objectClass: account

objectClass: posixAccount

objectClass: top

objectClass: shadowAccount

userPassword:: e2NyeXB0fSQxJFJpbFZJbGh3JHlVWk5KOFZwWER4cjl4enNPUTZwaTE=

shadowLastChange: 14268

shadowMax: 99999

shadowWarning: 7

loginShell: /bin/bash

uidNumber: 503

gidNumber: 503

homeDirectory: /home/test

# search result

search: 2

result: 0 Success

# numResponses: 323

# numEntries: 322

THIS IS NOT A COMPLETE RESULT OUTPUT, ITS ONLY A PART OF OUTPUT