Contents

How to install LDAP on CentOS 7

How to install LDAP on CentOS 7
How to install LDAP on CentOS 7
In this tutorial, we will teach you how to install LDAP on CentOS 7. Check out Our Best

What is LDAP client

LDAP is short for Lightweight Directory Access Protocol, it is an open, vendor-neutral, industry standard application protocol which helps access and maintains any distributed directory information services over an Internet Protocol (IP) network. LDAP is used to store any type of information and it is generally used as one component of a centralized authentication system.  

Installing LDAP on CentOS 7

Installing and configuring an OpenLDAP server on CentOS 7 is a simple task, follow the instructions below and you should get it installed in less than 10 minutes.

Step 1: Updating the System

Before you start installing any new software, you need to update your system packages to the latest available versions.
# yum update
 

Step 2: Installing OpenLDAP

Now, you have to install the packages OpenLDAP needs for its functionality.
# yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel

 
Next, you need to initiate and enable it on boot.
# systemctl start slapd.service

# systemctl enable slapd.service
  Execute the ‘slappasswd’ command to set a LDAP root password and save the output since we will be requiring it to configure OpenLDAP.
# slappasswd
 

Configuring OpenLDAP server

You can now start configuring the OpenLDAP server. First, create a couple of LDIF files and then execute the ‘ldapmodify’ command to deploy the configuration to the server. The files are going to be stored in ‘/etc/openldap/slapd.d’ which should not be modified manually.

OlcSuffix Variable

The ‘db.ldif’ file is going to update the ‘olcSuffix’ variable and will append the distinguished name to queries which will be passed to the backend database. After this, it will configure the domain name and your LDAP server to provide account information as well as updating the ‘olcRootDN’ variable which specifies the root distinguished name user which will have administrator access to the LDAP server.

Main Domain

Our domain is going to be ‘field.dreamvps.com‘ and written within the ‘dbldif’ file. It should be like this: ‘dc=field,dc=dreamvps,dc=com’ and our root distinguished name is ‘cn=ldapadm,dc=field,dc=dreamvps,dc=com’.

Step 3: Configuring OpenLDAP

Create the ‘db.ldif’ file with nano or a text editor of your preference and enter in the content below in.
# nano db.ldif

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcSuffix

olcSuffix: dc=field,dc=dreamvps,dc=com



dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootDN

olcRootDN: cn=ldapadm,dc=field,dc=dreamvps,dc=com



dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootPW

olcRootPW: hashed_output_from_the_slappasswd_command
  Next, deploy the configuration with ldapmodify.
# ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
  Now restrict monitor access only to the ldapadm user.
# nano monitor.ldif



dn: olcDatabase={1}monitor,cn=config

changetype: modify

replace: olcAccess

olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=field,dc=dreamvps,dc=com" read by * none
  Deploy the configuration change once more.
# ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
  You have to generate a certificate and a private key so that you can communicate securely with the OPenLDAP server.  Run the following command to do it.
openssl req -new -x509 -nodes -out \

/etc/openldap/certs/myldap.field.dreamvps.com.cert \

-keyout /etc/openldap/certs/myldap.field.dreamvps.com.key \

-days 365
  Now change the owner and group permissions so OpenLDAP is able to read the files.
# chown -R ldap:ldap /etc/openldap/certs
  Next, you will have to create ‘certs.ldif’ to configure OpenLDAP to use the LDAPS protocol.
# nano certs.ldif



dn: cn=config

changetype: modify

replace: olcTLSCertificateFile

olcTLSCertificateFile: /etc/openldap/certs/myldap.field.dreamvps.com.cert



dn: cn=config

changetype: modify

replace: olcTLSCertificateKeyFile

olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.field.dreamvps.com.key
  We may now deploy the configuration again.
# ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif
  Now try out the configuration by executing the command below.
# slaptest -u
 

Step 4: Setting up the OpenLDAP database

You may now set up the LDAP database, begin by copying the sample database configuration file to ‘/var/lib/ldap’ and replacing the file permissions.
# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

# chown -R ldap:ldap /var/lib/ldap
  Append the LDAP schemas.
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
  Now make the ‘base.ldif’ file for your domain.
# nano base.ldif



dn: dc=field,dc=dreamvps,dc=com

dc: field

objectClass: top

objectClass: domain



dn: cn=ldapadm,dc=field,dc=dreamvps,dc=com

objectClass: organizationalRole

cn: ldapadm

description: LDAP Manager



dn: ou=People,dc=field,dc=dreamvps,dc=com

objectClass: organizationalUnit

ou: People



dn: ou=Group,dc=field,dc=dreamvps,dc=com

objectClass: organizationalUnit

ou: Group
  You now need to deploy those configuration changes to the OpenLDAP by using the ldapadm user:
# ldapadd -x -W -D "cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com" -f base.ldif
  Put in the root password once prompted. If you want to add users, it is simpler to append them using a GUI; we suggest using Apache Directory Studio or JXplorer for this. This is it, LDAP should now be installed on your CentOS 7 VPS. And one more thing Also, here are a few hand-picked guides that must read next:
  1. How to install SquirrelMail on CentOS 7
  2. How to Rebuild a Corrupted RPM Database in CentOS
 
Updated on 11 Sep 2018
0 Comments
Add a comment
Login for Comment