Oracle Linux/OpenLDAP

From r00tedvw.com wiki
Jump to: navigation, search

OpenLDAP

Contents

Overview

Installed on CentOS 6

Installation

~$ sudo yum install -y openldap-clients openldap-servers

Configuration

LDAP User Account

Setup new user account for ldap admin

~$ sudo useradd ldapadmin -d /home/ldapadmin/ -G wheel
~$ sudo passwd ldapadmin

Set as LDAP Admin

Set new admin as LDAP admin

~$ sudo vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif
...
olcRootDN: cn=ldapadmin,dc=my-domain,dc=com

Setup LDAP Admin password

Create a SHA hash of the desired password for the ldap admin and add it to the ldap config. The parameter may not exist in the config file, you may need to add it.

~$ slappasswd
~$ sudo vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif
...
olcRootPW: {SSHA}1pgok6qWn24lpBkVreTDboTr81rg4QC6

Setup Domain

~$ sudo vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif
...
olcSuffix: dc=localhost,dc=localdomain

Make sure you also update the olcRootDN to match your new domain

~$ sudo vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif
...
olcRootDN: cn=ldapadmin,dc=localhost,dc=localdomain

Finally make sure you update the ldap admin and domain in olcDatabase\=\{1\}monitor.ldif as well.

~$ sudo vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif
...
olcAccess: {0}to *  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=exter
 nal,cn=auth" read  by dn.base="cn=ldapadmin,dc=localhost,dc=localdomain" read  by * n
 one

Startup

~$ sudo service slapd start
~$ sudo service slapd status

Setup LDAP DN entry

create a tmp file to import the needed data, then import and check.

~$ printf "dn: dc=localhost,dc=localdomain\nobjectClass: dcObject\nobjectClass: organization\ndc: localhost\no: localhost" > /tmp/localdomain.ldif

Import the data

~$ sudo ldapadd -f /tmp/localhost.ldif -D cn=ldapadmin,dc=localhost,dc=localdomain -w [email protected]

verify

~$ ldapsearch -x -LLL -b dc=localhost,dc=localdomain

Allow iptables

~$ sudo iptables -A INPUT -p tcp --dport 389 -j ACCEPT -m comment --comment "allow ldap"
~$ sudo iptables -A INPUT -p tcp --dport 636 -j ACCEPT -m comment --comment "allow ldaps" 
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Ubuntu
Oracle Linux
AWS
Windows
OpenVPN
Grafana
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
MetaSploit
Zoneminder
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Toolbox