Friday, 31 May 2013

How to configure openldap in RHel5

                     
                                          How to configure openldap Server on RHEL5

 First install packages for openldap

root@bhandari#] yum install openldap-servers

Now set the ldap admin password

root@bhandari#] slappasswd
New password:
Re-enter new password:
{SSHA}WifrivWxRE4Mx2uupJ+e9kz2Pc2uFHQJ

Now switch to the mention location

root@bhandari#] cd /etc/openldap/

Open the configuration file and edit it

root@bhandari#] vim slapd.conf

database        bdb
suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
rootpw          {SSHA}WifrivWxRE4Mx2uupJ+e9kz2Pc2uFHQJ

Now maintain database cache by using following command

root@bhandari#] cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG

root@bhandari#] chown -Rf ldap:ldap /var/lib/ldap/

Now test our configuration by running this command

root@bhandari#] slaptest

Now start ldap service

root@bhandari#] /etc/init.d/ldap start;chkconfig ldap on

Create the users for ldap by using script.

root@bhandari#] vim user.sh
#!/bin/bash
for i in {1..10};do
useradd -d /home/domain/ldapuser$i ldapuser$i
echo "redhat"|passwd --stdin ldapuser$i > /dev/null
done

root@bhandari#] cat /etc/passwd | grep ldapuser > /root/passwd

root@bhandari#] cat /etc/group | grep ldapuser > /root/group

root@bhandari#] cd /usr/share/openldap/migration

root@bhandari#] vim migrate_common.ph
# Default base
$DEFAULT_BASE = "dc=example,dc=com";

root@bhandari#] ./migrate_passwd.pl /root/passwd > /root/passwd.ldif

root@bhandari#] ./migrate_group.pl /root/group > /root/group.ldif

Now create the base ldif file

root@bhandari#] vim base.ldif

dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain

dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

dn: ou=don,dc=example,dc=com
ou: don
objectClass: top
objectClass: organizationalUnit

First add base ldif in openldap database

root@bhandari#] ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /root/base.ldif

Now add users and groups

root@bhandari#] ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /root/passwd.ldif

root@bhandari#] ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f /root/group.ldif

we use nfs for sharing home directory to client machine.

root@bhandari#] yum install nfs

root@bhandari#] vim /etc/exports

/home/domain *(rw,sync)

root@bhandari#] /etc/init.d/nfs start;chkconfig nfs on

you can check ldap server users by run command

[root@bhandari#] ldapsearch -x -b "dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# example.com
dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain

# People, example.com
dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

# Group, example.com
dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

# don, example.com
dn: ou=don,dc=example,dc=com
ou: don
objectClass: top
objectClass: organizationalUnit

# ldapuser1, People, example.com
dn: uid=ldapuser1,ou=People,dc=example,dc=com
uid: ldapuser1
cn: ldapuser1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJDc4Ri5INFN0JFQyOEhTdUg4UjJLVFJzYTN5S0RVaTA=
shadowLastChange: 15856
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/domain/ldapuser1

# ldapuser2, People, example.com
dn: uid=ldapuser2,ou=People,dc=example,dc=com
uid: ldapuser2
cn: ldapuser2
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJGpHZERnWTdjJGx1Uk1Fa0svWGlkN2JqeWREdE0uMzE=
shadowLastChange: 15856
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 501
gidNumber: 501
homeDirectory: /home/domain/ldapuser2

# ldapuser3, People, example.com
dn: uid=ldapuser3,ou=People,dc=example,dc=com
uid: ldapuser3
cn: ldapuser3
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJDFiZGJxVk9YJEVZQkc3UldpTlAxS3B2cEhmNERxMy8=
shadowLastChange: 15856
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 502
gidNumber: 502
homeDirectory: /home/domain/ldapuser3

# ldapuser4, People, example.com
dn: uid=ldapuser4,ou=People,dc=example,dc=com
uid: ldapuser4
cn: ldapuser4
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJEJLalIxS2dJJER0T3ZtNEU5czZyOTNIVnhRSUNpMzE=
shadowLastChange: 15856
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 503
gidNumber: 503
homeDirectory: /home/domain/ldapuser4

# ldapuser5, People, example.com
dn: uid=ldapuser5,ou=People,dc=example,dc=com
uid: ldapuser5
cn: ldapuser5
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJEVCRlM5M3owJHVoS2xDQXNmUGh5cUI0Ni95ckVvNzA=
shadowLastChange: 15856
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 504
gidNumber: 504
homeDirectory: /home/domain/ldapuser5

# ldapuser6, People, example.com
dn: uid=ldapuser6,ou=People,dc=example,dc=com
uid: ldapuser6
cn: ldapuser6
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJHZ1RWNQZTYyJFpQRTQvZjI3ZnRncjJ4dzZFZ2JTYi8=
shadowLastChange: 15856
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 505
gidNumber: 505
homeDirectory: /home/domain/ldapuser6

# ldapuser7, People, example.com
dn: uid=ldapuser7,ou=People,dc=example,dc=com
uid: ldapuser7
cn: ldapuser7
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJHFSL0xIZUp0JDBmc3o4cnFhZFlQZHZ3WG5VTHAyeC8=
shadowLastChange: 15856
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 506
gidNumber: 506
homeDirectory: /home/domain/ldapuser7

# ldapuser8, People, example.com
dn: uid=ldapuser8,ou=People,dc=example,dc=com
uid: ldapuser8
cn: ldapuser8
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJFJQREJKc1lZJGJtYWtwR2FBTklnMHBSZE9ZSlNHVC8=
shadowLastChange: 15856
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 507
gidNumber: 507
homeDirectory: /home/domain/ldapuser8

# ldapuser9, People, example.com
dn: uid=ldapuser9,ou=People,dc=example,dc=com
uid: ldapuser9
cn: ldapuser9
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJGNCcW5ENnVpJGEyRmYwLmdnbmVacFIvQ1c3dEV6Vy8=
shadowLastChange: 15856
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 508
gidNumber: 508
homeDirectory: /home/domain/ldapuser9

# ldapuser10, People, example.com
dn: uid=ldapuser10,ou=People,dc=example,dc=com
uid: ldapuser10
cn: ldapuser10
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQxJE9BbDJRSTZ6JEhIVWpiTXZQb09XQko1cmNVVkdWUzA=
shadowLastChange: 15856
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 509
gidNumber: 509
homeDirectory: /home/domain/ldapuser10

# ldapuser1, Group, example.com
dn: cn=ldapuser1,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser1
userPassword:: e2NyeXB0fXg=
gidNumber: 500

# ldapuser2, Group, example.com
dn: cn=ldapuser2,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser2
userPassword:: e2NyeXB0fXg=
gidNumber: 501

# ldapuser3, Group, example.com
dn: cn=ldapuser3,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser3
userPassword:: e2NyeXB0fXg=
gidNumber: 502

# ldapuser4, Group, example.com
dn: cn=ldapuser4,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser4
userPassword:: e2NyeXB0fXg=
gidNumber: 503

# ldapuser5, Group, example.com
dn: cn=ldapuser5,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser5
userPassword:: e2NyeXB0fXg=
gidNumber: 504

# ldapuser6, Group, example.com
dn: cn=ldapuser6,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser6
userPassword:: e2NyeXB0fXg=
gidNumber: 505

# ldapuser7, Group, example.com
dn: cn=ldapuser7,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser7
userPassword:: e2NyeXB0fXg=
gidNumber: 506

# ldapuser8, Group, example.com
dn: cn=ldapuser8,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser8
userPassword:: e2NyeXB0fXg=
gidNumber: 507

# ldapuser9, Group, example.com
dn: cn=ldapuser9,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser9
userPassword:: e2NyeXB0fXg=
gidNumber: 508

# ldapuser10, Group, example.com
dn: cn=ldapuser10,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser10
userPassword:: e2NyeXB0fXg=
gidNumber: 509

# search result
search: 2
result: 0 Success

# numResponses: 25
# numEntries: 24

Thanks & Regards
Manish Bhandari
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)