Oracle Linux/OpenLDAP
From r00tedvw.com wiki
OpenLDAP
Contents |
Overview
Installed on CentOS 6
Installation
~$ sudo yum install -y openldap-clients openldap-servers
Configuration
LDAP User Account
Setup new user account for ldap admin
~$ sudo useradd ldapadmin -d /home/ldapadmin/ -G wheel ~$ sudo passwd ldapadmin
Set as LDAP Admin
Set new admin as LDAP admin
~$ sudo vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif ... olcRootDN: cn=ldapadmin,dc=my-domain,dc=com
Setup LDAP Admin password
Create a SHA hash of the desired password for the ldap admin and add it to the ldap config. The parameter may not exist in the config file, you may need to add it.
~$ slappasswd ~$ sudo vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif ... olcRootPW: {SSHA}1pgok6qWn24lpBkVreTDboTr81rg4QC6
Setup Domain
~$ sudo vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif ... olcSuffix: dc=localhost,dc=localdomain
Make sure you also update the olcRootDN
to match your new domain
~$ sudo vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif ... olcRootDN: cn=ldapadmin,dc=localhost,dc=localdomain
Finally make sure you update the ldap admin and domain in olcDatabase\=\{1\}monitor.ldif
as well.
~$ sudo vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif ... olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=exter nal,cn=auth" read by dn.base="cn=ldapadmin,dc=localhost,dc=localdomain" read by * n one
Startup
~$ sudo service slapd start ~$ sudo service slapd status
Setup LDAP DN entry
create a tmp file to import the needed data, then import and check.
~$ printf "dn: dc=localhost,dc=localdomain\nobjectClass: dcObject\nobjectClass: organization\ndc: localhost\no: localhost" > /tmp/localdomain.ldif
Import the data
~$ sudo ldapadd -f /tmp/localhost.ldif -D cn=ldapadmin,dc=localhost,dc=localdomain -w p@ssw0rd
verify
~$ ldapsearch -x -LLL -b dc=localhost,dc=localdomain
Allow iptables
~$ sudo iptables -A INPUT -p tcp --dport 389 -j ACCEPT -m comment --comment "allow ldap" ~$ sudo iptables -A INPUT -p tcp --dport 636 -j ACCEPT -m comment --comment "allow ldaps"