Contents

How to install LDAP on CentOS 7

11 Sep 2018 0 29  0
How to install LDAP on CentOS 7
How to install LDAP on CentOS 7

In this tutorial, we will teach you how to install LDAP on CentOS 7.

Check out Our Best

What is LDAP client

LDAP is short for Lightweight Directory Access Protocol, it is an open, vendor-neutral, industry standard application protocol which helps access and maintains any distributed directory information services over an Internet Protocol (IP) network.

LDAP is used to store any type of information and it is generally used as one component of a centralized authentication system.

 

Installing LDAP on CentOS 7

Installing and configuring an OpenLDAP server on CentOS 7 is a simple task, follow the instructions below and you should get it installed in less than 10 minutes.

Step 1: Updating the System

Before you start installing any new software, you need to update your system packages to the latest available versions.

# yum update

 

Step 2: Installing OpenLDAP

Now, you have to install the packages OpenLDAP needs for its functionality.

# yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel

 

Next, you need to initiate and enable it on boot.

# systemctl start slapd.service

# systemctl enable slapd.service

 

Execute the ‘slappasswd’ command to set a LDAP root password and save the output since we will be requiring it to configure OpenLDAP.

# slappasswd

 

Configuring OpenLDAP server

You can now start configuring the OpenLDAP server. First, create a couple of LDIF files and then execute the ‘ldapmodify’ command to deploy the configuration to the server. The files are going to be stored in ‘/etc/openldap/slapd.d’ which should not be modified manually.

OlcSuffix Variable

The ‘db.ldif’ file is going to update the ‘olcSuffix’ variable and will append the distinguished name to queries which will be passed to the backend database. After this, it will configure the domain name and your LDAP server to provide account information as well as updating the ‘olcRootDN’ variable which specifies the root distinguished name user which will have administrator access to the LDAP server.

Main Domain

Our domain is going to be ‘field.dreamvps.com‘ and written within the ‘dbldif’ file. It should be like this: ‘dc=field,dc=dreamvps,dc=com’ and our root distinguished name is ‘cn=ldapadm,dc=field,dc=dreamvps,dc=com’.

Step 3: Configuring OpenLDAP

Create the ‘db.ldif’ file with nano or a text editor of your preference and enter in the content below in.

# nano db.ldif

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcSuffix

olcSuffix: dc=field,dc=dreamvps,dc=com



dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootDN

olcRootDN: cn=ldapadm,dc=field,dc=dreamvps,dc=com



dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootPW

olcRootPW: hashed_output_from_the_slappasswd_command

 

Next, deploy the configuration with ldapmodify.

# ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif

 

Now restrict monitor access only to the ldapadm user.

# nano monitor.ldif



dn: olcDatabase={1}monitor,cn=config

changetype: modify

replace: olcAccess

olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=field,dc=dreamvps,dc=com" read by * none

 

Deploy the configuration change once more.

# ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif

 

You have to generate a certificate and a private key so that you can communicate securely with the OPenLDAP server.  Run the following command to do it.

openssl req -new -x509 -nodes -out \

/etc/openldap/certs/myldap.field.dreamvps.com.cert \

-keyout /etc/openldap/certs/myldap.field.dreamvps.com.key \

-days 365

 

Now change the owner and group permissions so OpenLDAP is able to read the files.

# chown -R ldap:ldap /etc/openldap/certs

 

Next, you will have to create ‘certs.ldif’ to configure OpenLDAP to use the LDAPS protocol.

# nano certs.ldif



dn: cn=config

changetype: modify

replace: olcTLSCertificateFile

olcTLSCertificateFile: /etc/openldap/certs/myldap.field.dreamvps.com.cert



dn: cn=config

changetype: modify

replace: olcTLSCertificateKeyFile

olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.field.dreamvps.com.key

 

We may now deploy the configuration again.

# ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif

 

Now try out the configuration by executing the command below.

# slaptest -u

 

Step 4: Setting up the OpenLDAP database

You may now set up the LDAP database, begin by copying the sample database configuration file to ‘/var/lib/ldap’ and replacing the file permissions.

# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

# chown -R ldap:ldap /var/lib/ldap

 

Append the LDAP schemas.

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

 

Now make the ‘base.ldif’ file for your domain.

# nano base.ldif



dn: dc=field,dc=dreamvps,dc=com

dc: field

objectClass: top

objectClass: domain



dn: cn=ldapadm,dc=field,dc=dreamvps,dc=com

objectClass: organizationalRole

cn: ldapadm

description: LDAP Manager



dn: ou=People,dc=field,dc=dreamvps,dc=com

objectClass: organizationalUnit

ou: People



dn: ou=Group,dc=field,dc=dreamvps,dc=com

objectClass: organizationalUnit

ou: Group

 

You now need to deploy those configuration changes to the OpenLDAP by using the ldapadm user:

# ldapadd -x -W -D "cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com" -f base.ldif

 

Put in the root password once prompted.

If you want to add users, it is simpler to append them using a GUI; we suggest using Apache Directory Studio or JXplorer for this.

This is it, LDAP should now be installed on your CentOS 7 VPS.

And one more thing

Also, here are a few hand-picked guides that must read next:

  1. How to install SquirrelMail on CentOS 7
  2. How to Rebuild a Corrupted RPM Database in CentOS

 

0 Comments
Add a comment

Leave a Reply