Skip to main content

OpenLdap Configration in RedHat Enterprise Linux 5.4


LDAP Server Configuration
LDAP Configuration in RHEL 5.4


Release:
RedHat Enterprise Linux 5.4

Problem:
LDAP Configuration in RHEL 5.4


Solution:
Assumptions:
Domain Name                : example.com
Host Name                    : server
IP Address                     : 192.168.0.199

Server Side Configuration:

1)      Install the required RPMs for LDAP server
a.       Openldap
b.       Openldap-devel
c.       Openldap-clients
d.       Openldap-servers
e.       Nss_ldap

2)      Create a dedicated directory for putting all database information, with the ownership of “ldap”. Default directory is /var/lib/ldap.
# mkdir /var/lib/ldap/example.com
# chown ldap:ldap /var/lib/ldap/example.com

3)      Create an encrypted password for LDAP “root” user and save the output, because it is needed in the “slapd.conf” file
# slappasswd

4)      Update the LDAP configuration file
# vi /etc/openldap/slapd.conf

#####################################        
# ldbm and/or bdb database definitions
#####################################  
database         ldbm
suffix           "dc=example,dc=com"
rootdn           "cn=Manager,dc=example,dc=com"
rootpw           {SSHA}+TARB6GQJ7rJvzx5f8h7fGT9r0fwDh32                          (* It is generated from "slappasswd" command)
directory        /var/lib/ldap/example.com

5)      Start the LDAP daemon to load the contents of the slapd.conf file
# service ldap start

6)      Crete a user account
# useradd –g users ldaptest
# passwd ldaptest

Note: The user’s password must be in LDAP Data Interchange Files (LDIF) format before it can be imported to the LDAP database.

7)      Extract the “ldaptest” user information from the /etc/passwd file and save it for converting to LDIF format
# grep ldaptest /etc/passwd > /etc/openldap/passwd.ldaptest

8)      If  it is freshly configured LDAP database, “root” user account also needed
# grep root /etc/passwd > /etc/openldap/passwd.root

9)      Now convert the /etc/passwd data into an LDIF format using the “migrate_passwd.pl” conversion program

# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.ladptest /etc/openldap/ldaptest.ldif

# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif

10)    Before import this LDIF files to LDAP database we need to edit this LDIF file
# vi /etc/openldap/ldaptest.ldif

dn: uid=ldaptest,ou=People,dc=example,dc=com
uid: ldaptest
cn: ldaptest
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$Z2XOYyLu$QNCNnYWqL1hh9.7S3HWEv.
shadowLastChange: 14771
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 503
gidNumber: 100
homeDirectory: /home/ldaptest

11)    In slapd.conf, “root” user have a common name (CN) of “Manager”. Add this information to the root LDIF file.
# vi /etc/openldap/root.ldif

dn: uid=root,ou=People,dc=example,dc=com
uid: root
cn: Manager
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$RyAMPQs9$LejMX5ACSu2Qe4Os6fzFa/
shadowLastChange: 14766
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root

dn: uid=operator,ou=People,dc=example,dc=com
uid: operator
cn: operator
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}*
shadowLastChange: 14711
shadowMax: 99999
shadowWarning: 7
loginShell: /sbin/nologin
uidNumber: 11
gidNumber: 0
homeDirectory: /root
gecos: operator

12)    The attributes of the “tech.in” domain defined by using the below LDIF file.
# vi /etc/openldap/example.com.ldif

dn: dc=example,dc=com
dc: example
description: Root LDAP entry for example.com
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject

dn: ou=People,dc=example,dc=com
ou: People
description: All people in organisation
objectClass: organizationalUnit

13)    Import all the three LDIF files into the database using the ldapadd command
# ldapadd –x –D “cn=Manager,dc=example,dc=com” –W –f /etc/openldap/example.com.ldif

# ldapadd –x –D “cn=Manager,dc=example,dc=com” –W –f /etc/openldap/root.ldif

# ldapadd –x –D “cn=Manager,dc=example,dc=com” –W –f /etc/openldap/ldaptest.ldif

14)    View all the LDAP database entries using the ldapsearch command
# ldapsearch –x –b ‘dc=example,dc=com’ ‘(objectclass=*)’


Client side Configuration:

15)    Install the required RPMs
a.       Openldap
b.       Openldap-clients
c.       Openldap-devel
d.       Nss_ldap

16)    LDAP clients are configured using the /etc/openldap/ldap.conf file. Mention the LDAP server IP and domain name here
#vi /etc/openldap/ldap.conf

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.
HOST    172.16.1.248
BASE    dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
~

17)    Add the LDAP server information to the client using the authconfig command
# authconfig–tui





   
Note: After this step check the “/etc/nsswitch.conf” file and ensure that, it has references to the LDAP.
   
18)    Restart the SSH daemon to re-read the modified nsswitch.conf file
# service sshd restart

19)    Create home directories for “ldaptest” user in client machine.
# mkdir /home/ldaptest
# chmod 700 /home/ldaptest
# chown ldaptest:users /home/ldaptest
# cp /etc/skel/.bash* /home/ldaptest
# chown ldaptest /home /home/ldaptest/.bash*

20)    Now login as a “ldaptest” user and check




Modifying LDAP account by “root” user:

21)   Create a script to add a user into LDAP database and place it into the “/usr/local/bin/addldapuser”
# vi /usr/local/bin/addldapuser

#!/bin/bash
grep $1 /etc/passwd > /tmp/changeldappasswd.tmp
/usr/share/openldap/migration/migrate_passwd.pl /tmp/changeldappasswd.tmp /tmp/changeldappasswd.ldif.tmp
cat /tmp/changeldappasswd.ldif.tmp | sed s/padl/tech/ > /tmp/changeldappasswd.ldif
cat /tmp/changeldappasswd.ldif | sed s/com/in/ > /tmp/changeldappasswd.ldif
ldapadd -x -D "cn=Manager,dc=example,dc=com" -W –f /tmp/changeldappasswd.ldif
rm -f /tmp/changeldappasswd.*

22)   Script to delete a LDAP user
# vi /usr/local/bin/deleteldapuser

#!/bin/bash
ldapdelete -x -W -D "cn=Manager,dc=example,dc=com" "uid=$1,ou=People,dc=example,dc=com"


23)   To modify the LDAP user  accounts use the below scripts
# vi /usr/local/bin/modifyldapuser

#!/bin/bash
grep $1 /etc/passwd > /tmp/modifyldapuser.tmp
/usr/share/openldap/migration/migrate_passwd.pl /tmp/modifyldapuser.tmp /tmp/modifyldapuser.ldif.tmp
cat /tmp/modifyldapuser.ldif.tmp | sed s/padl/tech/ >  /tmp/modifyldapuser.ldif
cat /tmp/modifyldapuser.ldif | sed s/com/in/ > /tmp/modifyldapuser.ldif
/usr/bin/ldapmodify -x -D "cn=Manager,dc=example,dc=com" -W –f /tmp/modifyldapuser.ldif
rm -f /tmp/modifyldapuser.*

24)   Make the Scripts executables using the “chmod” command
# chmod 700 /usr/local/bin/addldapuser
# chmod 700 /usr/local/bin/deleteldapuser
# chmod 700 /usr/local/bin/modifyldapuser

25)   Ldap Admin is free Win32 administration tool for LDAP directory management. This application lets you browse, search, modify, create and delete objects on LDAP server.

Comments

Post a Comment

Popular posts from this blog

Docker Container Management from Cockpit

Cockpit can manage containers via docker. This functionality is present in the Cockpit docker package. Cockpit communicates with docker via its API via the /var/run/docker.sock unix socket. The docker API is root equivalent, and on a properly configured system, only root can access the docker API. If the currently logged in user is not root then Cockpit will try to escalate the user’s privileges via Polkit or sudo before connecting to the socket. Alternatively, we can create a docker Unix group. Anyone in that docker group can then access the docker API, and gain root privileges on the system. [root@rhel8 ~] #  yum install cockpit-docker    -y  Once the package installed then "containers" section would be added in the dashboard and we can manage the containers and images from the console. We can search or pull an image from docker hub just by searching with the keyword like nginx centos.   Once the Image downloaded we can start a contai
Post a Comment
Read more

Remote Systems Management With Cockpit

The cockpit is a Red Hat Enterprise Linux web-based interface designed for managing and monitoring your local system, as well as Linux servers located in your network environment. In RHEL 8 Cockpit is the default installation candidate we can just start the service and then can start the management of machines. For RHEL7 or Fedora based machines we can follow steps to install and configure the cockpit.  Following are the few features of cockpit.  Managing services Managing user accounts Managing and monitoring system services Configuring network interfaces and firewall Reviewing system logs Managing virtual machines Creating diagnostic reports Setting kernel dump configuration Configuring SELinux Updating software Managing system subscriptions Installation of cockpit package.  [root@rhel8 ~] #  dnf   install cockpit cockpit-dashboard  -y  We need to enable the socket.  [root@rhel8 ~] #  systemctl enable --now cockpit.socket If firewall is runnin
Post a Comment
Read more

Containers Without Docker on RHEL/Fedora

Docker is perfectly doing well with the containerization. Since docker uses the Server/Client architecture to run the containers. So, even if I am a client or developer who just wants to create a docker image from Dockerfile I need to start the docker daemon which of course generates some extra overhead on the machine.  Also, a daemon that needs to run on your system, and it needs to run with root privileges which might have certain security implications. Here now the solution is available where we do not need to start the daemon to create the containers. We can create the images and push them any of the repositories and images are fully compatible to run on any of the environment.  Podman is an open-source Linux tool for working with containers. That includes containers in registries such as docker.io and quay.io. let's start with the podman to manage the containers.  Install the package  [root@rhel8 ~] # dnf install podman -y  OR [root@rhel8 ~] # yum
1 comment
Read more