Oracle Linux/OpenLDAP
From r00tedvw.com wiki
(Difference between revisions)
(→Installation) |
|||
Line 1: | Line 1: | ||
[[Oracle_Linux/OpenLDAP|OpenLDAP]] | [[Oracle_Linux/OpenLDAP|OpenLDAP]] | ||
=Overview= | =Overview= | ||
− | Installed on CentOS | + | Installed on CentOS 7 |
=Installation= | =Installation= | ||
− | <nowiki>~$ sudo yum install -y openldap-clients openldap-servers</nowiki> | + | <nowiki>~$ sudo yum install -y openldap-clients openldap-servers |
+ | ~$ systemctl start slapd | ||
+ | ~$ systemctl enable slapd</nowiki> | ||
=Configuration= | =Configuration= | ||
Line 11: | Line 13: | ||
<nowiki>~$ sudo useradd ldapadmin -d /home/ldapadmin/ -G wheel | <nowiki>~$ sudo useradd ldapadmin -d /home/ldapadmin/ -G wheel | ||
~$ sudo passwd ldapadmin</nowiki> | ~$ sudo passwd ldapadmin</nowiki> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
==Setup LDAP Admin password== | ==Setup LDAP Admin password== | ||
Create a SHA hash of the desired password for the ldap admin and add it to the ldap config. The parameter may not exist in the config file, you may need to add it. | Create a SHA hash of the desired password for the ldap admin and add it to the ldap config. The parameter may not exist in the config file, you may need to add it. | ||
− | <nowiki>~$ slappasswd | + | <nowiki>~$ slappasswd -h {SSHA} -s ldappassword |
− | ~$ | + | ==Configure LDAP Server== |
+ | create db.ldif and update: | ||
+ | *SSHA password | ||
+ | *olcRootDN | ||
+ | <nowiki>~$ vim db.ldif | ||
... | ... | ||
− | olcRootPW: {SSHA} | + | dn: olcDatabase={2}hdb,cn=config |
− | + | changetype: modify | |
− | <nowiki>~$ sudo | + | replace: olcSuffix |
+ | olcSuffix: dc=itzgeek,dc=local | ||
+ | |||
+ | dn: olcDatabase={2}hdb,cn=config | ||
+ | changetype: modify | ||
+ | replace: olcRootDN | ||
+ | olcRootDN: cn=ldapadm,dc=itzgeek,dc=local | ||
+ | |||
+ | dn: olcDatabase={2}hdb,cn=config | ||
+ | changetype: modify | ||
+ | replace: olcRootPW | ||
+ | olcRootPW: {SSHA}d/thexcQUuSfe3rx3gRaEhHpNJ52N8D3</nowiki> | ||
+ | Send the configuration to the server. | ||
+ | <nowiki>~$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif</nowiki> | ||
+ | restrict the monitor access only to ldap root. Update: | ||
+ | *dn.base | ||
+ | <nowiki>~$ vim monitor.ldif | ||
... | ... | ||
− | + | dn: olcDatabase={1}monitor,cn=config | |
− | + | changetype: modify | |
− | <nowiki>~$ sudo | + | replace: olcAccess |
− | . | + | olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=itzgeek,dc=local" read by * none</nowiki> |
− | + | update the server. | |
− | + | <nowiki>~$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif</nowiki> | |
− | <nowiki>~$ | + | |
+ | ==Setup Database== | ||
+ | <nowiki>~$ sudo cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG | ||
+ | ~$ sudo chown -R ldap:ldap /var/lib/ldap | ||
+ | ~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif | ||
+ | ~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif | ||
+ | ~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif</nowiki> | ||
+ | Setup the domain information. Update: | ||
+ | *dn (x4) | ||
+ | <nowiki>~$ vim base.ldif | ||
... | ... | ||
− | + | dn: dc=itzgeek,dc=local | |
− | + | dc: itzgeek | |
− | + | objectClass: top | |
+ | objectClass: domain | ||
− | = | + | dn: cn=ldapadm ,dc=itzgeek,dc=local |
− | + | objectClass: organizationalRole | |
− | + | cn: ldapadm | |
+ | description: LDAP Manager | ||
− | + | dn: ou=People,dc=itzgeek,dc=local | |
− | + | objectClass: organizationalUnit | |
− | + | ou: People | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | = | + | dn: ou=Group,dc=itzgeek,dc=local |
− | <nowiki>~$ sudo | + | objectClass: organizationalUnit |
− | + | ou: Group</nowiki> | |
+ | Build the directory structure | ||
+ | <nowiki>~$ sudo ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f base.ldif</nowiki> |
Revision as of 00:53, 29 July 2020
OpenLDAP
Contents |
Overview
Installed on CentOS 7
Installation
~$ sudo yum install -y openldap-clients openldap-servers ~$ systemctl start slapd ~$ systemctl enable slapd
Configuration
LDAP User Account
Setup new user account for ldap admin
~$ sudo useradd ldapadmin -d /home/ldapadmin/ -G wheel ~$ sudo passwd ldapadmin
Setup LDAP Admin password
Create a SHA hash of the desired password for the ldap admin and add it to the ldap config. The parameter may not exist in the config file, you may need to add it.
~$ slappasswd -h {SSHA} -s ldappassword ==Configure LDAP Server== create db.ldif and update: *SSHA password *olcRootDN <nowiki>~$ vim db.ldif ... dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=itzgeek,dc=local dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootDN olcRootDN: cn=ldapadm,dc=itzgeek,dc=local dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootPW olcRootPW: {SSHA}d/thexcQUuSfe3rx3gRaEhHpNJ52N8D3
Send the configuration to the server.
~$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
restrict the monitor access only to ldap root. Update:
- dn.base
~$ vim monitor.ldif ... dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=itzgeek,dc=local" read by * none
update the server.
~$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
Setup Database
~$ sudo cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG ~$ sudo chown -R ldap:ldap /var/lib/ldap ~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif ~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif ~$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
Setup the domain information. Update:
- dn (x4)
~$ vim base.ldif ... dn: dc=itzgeek,dc=local dc: itzgeek objectClass: top objectClass: domain dn: cn=ldapadm ,dc=itzgeek,dc=local objectClass: organizationalRole cn: ldapadm description: LDAP Manager dn: ou=People,dc=itzgeek,dc=local objectClass: organizationalUnit ou: People dn: ou=Group,dc=itzgeek,dc=local objectClass: organizationalUnit ou: Group
Build the directory structure
~$ sudo ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f base.ldif