OpenLDAP

Overview

Installed on CentOS 6

Installation

~$ sudo yum install -y openldap openldap-clients openldap-servers

Configuration

LDAP User Account

Setup new user account for ldap admin

~$ sudo useradd ldapadmin -d /home/ldapadmin/ -G wheel
~$ sudo passwd ldapadmin

Set as LDAP Admin

Set new admin as LDAP admin

~$ sudo vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif
...
olcRootDN: cn=ldapadmin,dc=my-domain,dc=com

Setup LDAP Admin password

Create a SHA hash of the desired password for the ldap admin and add it to the ldap config. The parameter may not exist in the config file, you may need to add it.

~$ slappasswd
~$ sudo vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif
...
olcRootPW: {SSHA}1pgok6qWn24lpBkVreTDboTr81rg4QC6

Setup Domain

~$ sudo vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif
...
olcSuffix: dc=localhost,dc=localdomain

Make sure you also update the olcRootDN to match your new domain

~$ sudo vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif
...
olcRootDN: cn=ldapadmin,dc=localhost,dc=localdomain

Finally make sure you update the ldap admin and domain in olcDatabase\=\{1\}monitor.ldif as well.

~$ sudo vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif
...
olcAccess: {0}to *  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=exter
 nal,cn=auth" read  by dn.base="cn=ldapadmin,dc=localhost,dc=localdomain" read  by * n
 one

Startup

~$ sudo service slapd start
~$ sudo service slapd status

Setup LDAP DN entry

create a tmp file to import the needed data, then import and check.

~$ printf "dn: dc=localhost,dc=localdomain\nobjectClass: dcObject\nobjectClass: organization\ndc: localhost\no: localhost" > /tmp/localdomain.ldif

Import the data

~$ sudo ldapadd -f /tmp/localhost.ldif -D cn=ldapadmin,dc=localhost,dc=localdomain -w p@ssw0rd

verify

~$ ldapsearch -x -LLL -b dc=localhost,dc=localdomain