Friday, 2 September 2016

LDAP configuration in centos 7

ldap set in centos 7::
===============

My virtual servers  with IP's as follows::
Server IP : 192.168.1.1
Client IP : 192.168.1.2

Please follow the steps below as follows in server and client for ldap configuration.

Server Configuration on 192.168.1.1
==========================
yum -y install *openldap* migrationtools
slappasswd
New password:
Re-enter new password:{SSHA}Gks7qu7ndsmwopjsfgbwr4b452b2b1n2K91T5rwt9ns0dfg
olcRootDN: cn=Manager,dc=linuxgeeknotes,dc=in


Ldap configutaion files are located at  /etc/openldap/slapd.d/
Edit the file as follows::
# vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
olcSuffix: dc=linuxgeeknotes,dc=in
olcRootDN: cn=Manager,dc=linuxgeeknotes,dc=in
olcRootPW: {SSHA}bHSiwuPJEypHS6zHSE2Uy7M69sQjmkPL
olcTLSCertificateFile: /etc/certs/linuxgeeknotescert.pem
olcTLSCertificateKeyFile: /etc/certs/linuxgeeknoteskey.pem

 Now edit the file 
# vi /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif
Edit the line starting with "olcAccess"
dn.base="cn=Manager,dc=linuxgeeknotes,dc=in" read by * none

 Check the configuration using the command
slaptest -u
systemctl start slapd

 systemctl enable slapd

 Configuring ldap database

 # cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# chown -R ldap:ldap /var/lib/ldap/

 Generate ldap certificate
# openssl req -new -x509 -nodes -out /etc/certs/linuxgeeknotescert.pem -keyout /etc/certs/linuxgeeknoteskey.pem -days 365

 Create  object in ldap
Edit the file as follows::
# vi  /usr/share/migrationtools/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "linuxgeeknotes.in";
$DEFAULT_BASE = "dc=linuxgeeknotes,dc=in";
$EXTENDED_SCHEMA = 1;

 Create base.ldif file as follows.
# vi  /root/base.ldif

 dn: dc=linuxgeeknotes,dc=in
objectClass: top
objectClass: dcObject
objectclass: organization
o: linuxgeeknotes in
dc: linuxgeeknotes

 dn: cn=Manager,dc=linuxgeeknotes,dc=in
objectClass: organizationalRole
cn: Manager
description: Directory Manager

 dn: ou=People,dc=linuxgeeknotes,dc=in
objectClass: organizationalUnit
ou: People

 dn: ou=Group,dc=linuxgeeknotes,dc=in
objectClass: organizationalUnit
ou: Group

 Create users on the server.
# useradd lduser1
useradd lduser2
set password for both the users
grep ":10[0-9][0-9]" /etc/passwd > /root/passwd
grep ":10[0-9][0-9]" /etc/group > /root/group

 # ./usr/share/migrationtools/migrate_passwd.pl  /root/passwd  /root/users.ldif
# ./usr/share/migrationtools/migrate_group.pl /root/group /root/groups.ldif

 # ldapadd -x -W -D "cn=Manager,dc=linuxgeeknotes,dc=in" -f /root/base.ldif
# ldapadd -x -W -D "cn=Manager,dc=linuxgeeknotes,dc=in" -f /root/users.ldif
# ldapadd -x -W -D "cn=Manager,dc=linuxgeeknotes,dc=in" -f /root/groups.ldif

  # ldapsearch -x cn=lduser1 -b dc=linuxgeeknotes,dc=in

 Mounting ldap users home directories
# vi /etc/exports
/home *(rw,sync)
# yum -y install rpcbind nfs-utils
# systemctl start rpcbind
# systemctl start nfs
# systemctl enable rpcbind
# systemctl enable nfs
LDAP Client Configuration in 192.168.1.2
================================
# yum install -y openldap-clients nss-pam-ldapd
# authconfig-tui
1. Put '*' Mark on "Use LDAP"
2. Put '*' Mark on "Use LDAP Authentication"
3. Select "Next" and Enter.
4. Enter the server field as "ldap://192.168.1.1/"
5. Enter the Base DN Field as "dc=linuxgeeknotes,dc=in"
6. Select "OK" and Enter

You will be able to see the ldap user details using the command.
# getent passwd lduser1

Mount server home directory 
192.168.1.1:/home   /home   auto  defaults 0 0
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)