Linux Tutorials - Herong's Tutorial Examples - v5.45, by Herong Yang
Configure OpenLDAP Server on CentOS
This section provides a tutorial example on how to configure OpenLDAP server on a CentOS 6 computer to build a simple local directory service.
How To configure OpenLDAP Server on CentOS Systems? If just want to use OpenLDAP Server to provide a directory service in a local environment, you can just perform the following minimum configuration changes: add a password and update the domain name.
1. Generate a password for the server to use the simple authentication.
herong$ sudo slappasswd New password : TopSecret Re-enter new password : TopSecret {SSHA}vescG6gBtDeoqeqzILqQrXPDd4EmVKJ2
2. Add the password in the second database configuration. Watch out for those special characters used in configuration files and directories.
[root]# cd /etc/openldap/slapd.d/cn\=config [root]# vi olcDatabase\=\{2\}bdb.ldif olcRootDN: cn=Manager,dc=my-domain,dc=com olcRootPW: {SSHA}vescG6gBtDeoqeqzILqQrXPDd4EmVKJ2
3. Update the domain name in the second database configuration.
[root]# vi olcDatabase\=\{2\}bdb.ldif olcSuffix: dc=herongyang,dc=com ... olcRootDN: cn=Manager,dc=herongyang,dc=com
4. Update the domain name in the monitor database configuration.
[root]# vi olcDatabase\=\{1\}monitor.ldif ... olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=herongyang,dc=com" read by * none
5. Restart the server. Checksum warnings are not important.
herong$ sudo service slapd restart Stopping slapd: [ OK ] Checking configuration files for slapd: [WARNING] 60593fc5 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif" 60593fc5 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif" config file testing succeeded Starting slapd: [ OK ]
6. Dump the directory database to verify changes. No entries as expected.
herong$ sudo slapcat -s "dc=herongyang,dc=com"
7. Create a "person" entry for the domain in a LDIF file. See next tutorials on the LDIF file format.
herong$ vi herong.ldif dn: cn=Herong Yang,dc=herongyang,dc=com objectclass: person cn: Herong Yang sn: Yang
8. Add entry file to the domain. The command failed unexpected. I will try to add it with the client command "ldapadd" later.
herong$ vi herong.ldif herong$ sudo slapadd -b "dc=herongyang,dc=com" -l herong.ldif 60599e28 bdb_db_open: database "dc=herongyang,dc=com": database already in use. slap_startup failed
By the way, the password is only needed when managing LDAP databases remotely with client tools.
9. Make sure that the OpenLDAP server is listening on the default port 389. See the last line in the output.
herong$ sudo nmap -sT -O localhost PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 389/tcp open ldap
10. Make sure that port 389 is open to remote computer.
Now my OpenLDAP server is ready with an empty database with the following information for remote clients.
Table of Contents
Cockpit - Web Portal for Administrator
SELinux - Security-Enhanced Linux
SSH Protocol and ssh/scp Commands
Software Package Manager on CentOS - DNF and YUM
vsftpd - Very Secure FTP Daemon
►LDAP (Lightweight Directory Access Protocol)
Install OpenLDAP Server on CentOS
►Configure OpenLDAP Server on CentOS
Hierarchical Structure of LDAP Entries
Install OpenLDAP Server on CentOS 8
Configure Mozilla Thunderbird to Use LDAP
LDAP Attributes Mapping in Mozilla Thunderbird