Configure OpenLDAP Server on CentOS

This section provides a tutorial example on how to configure OpenLDAP server on a CentOS 6 computer to build a simple local directory service.

How To configure OpenLDAP Server on CentOS Systems? If just want to use OpenLDAP Server to provide a directory service in a local environment, you can just perform the following minimum configuration changes: add a password and update the domain name.

1. Generate a password for the server to use the simple authentication.

herong$ sudo slappasswd

New password : TopSecret
Re-enter new password : TopSecret

2. Add the password in the second database configuration. Watch out for those special characters used in configuration files and directories.

[root]# cd /etc/openldap/slapd.d/cn\=config

[root]# vi olcDatabase\=\{2\}bdb.ldif
olcRootDN: cn=Manager,dc=my-domain,dc=com
olcRootPW: {SSHA}vescG6gBtDeoqeqzILqQrXPDd4EmVKJ2

3. Update the domain name in the second database configuration.

[root]# vi olcDatabase\=\{2\}bdb.ldif
olcSuffix: dc=herongyang,dc=com
olcRootDN: cn=Manager,dc=herongyang,dc=com

4. Update the domain name in the monitor database configuration.

[root]# vi olcDatabase\=\{1\}monitor.ldif
olcAccess: {0}to * by
  read by dn.base="cn=Manager,dc=herongyang,dc=com" read by * none

5. Restart the server. Checksum warnings are not important.

herong$ sudo service slapd restart

Stopping slapd:                                            [  OK  ]

Checking configuration files for slapd:                    [WARNING]
60593fc5 ldif_read_file: checksum error on
60593fc5 ldif_read_file: checksum error on
config file testing succeeded
Starting slapd:                                            [  OK  ]

6. Dump the directory database to verify changes. No entries as expected.

herong$ sudo slapcat -s "dc=herongyang,dc=com"

7. Create a "person" entry for the domain in a LDIF file. See next tutorials on the LDIF file format.

herong$ vi herong.ldif

dn: cn=Herong Yang,dc=herongyang,dc=com
objectclass: person
cn: Herong Yang
sn: Yang

8. Add entry file to the domain. The command failed unexpected. I will try to add it with the client command "ldapadd" later.

herong$ vi herong.ldif
herong$ sudo slapadd -b "dc=herongyang,dc=com" -l herong.ldif

60599e28 bdb_db_open: database "dc=herongyang,dc=com":
  database already in use.
slap_startup failed

By the way, the password is only needed when managing LDAP databases remotely with client tools.

9. Make sure that the OpenLDAP server is listening on the default port 389. See the last line in the output.

herong$ sudo nmap -sT -O localhost

22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
111/tcp  open  rpcbind
389/tcp  open  ldap

10. Make sure that port 389 is open to remote computer.

Now my OpenLDAP server is ready with an empty database with the following information for remote clients.

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Files and Directories

 Users and Groups

 File Systems

 Block Devices and Partitions

 LVM (Logical Volume Manager)

 Installing CentOS

 SELinux - Security-Enhanced Linux

 Network Connection on CentOS

 Internet Networking Tools

 SSH Protocol and ssh/scp Commands

 Software Package Manager on CentOS - DNF and YUM

 vsftpd - Very Secure FTP Daemon

LDAP (Lightweight Directory Access Protocol)

 What Is LDAP

 What Is OpenLDAP

 Install OpenLDAP Server on CentOS

Configure OpenLDAP Server on CentOS

 Use OpenLDAP Client Tools

 Delete or Modify LDAP Entries

 LDIF File Format

 Hierarchical Structure of LDAP Entries

 Install OpenLDAP Server on CentOS 8

 Configure Mozilla Thunderbird to Use LDAP

 LDAP Attributes Mapping in Mozilla Thunderbird

 Configure Apple iPhone to Use LDAP

 Administrative Tasks


 Full Version in PDF/EPUB