Open-LDAP-Server-On-CentOS

Open-LDAP-Server-On-CentOS
==============================

# yum -y install openldap openldap-clients openldap-servers

# slappasswd
New password                   : test@1234
Re-enter new password     : test@1234
{SSHA}xxxxxxxxxxxxxxxxxxxxxxx
#
# cd /etc/openldap/slapd.d/cn\=config
# vi olcDatabase\=\{2\}bdb.ldif
...
olcSuffix: dc=test-svk,dc=com
olcRootDN: cn=admin,dc=test-svk,dc=com
olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxx
...
olcAccess: {0}to attrs=userPassword by self write by dn.base="cn=admin,dc=test-svk,dc=com" write by anonymous auth by * none
olcAccess: {1}to * by dn.base="cn=admin,dc=test-svk,dc=com" write by self write by * read
#
# vi olcDatabase\=\{1\}monitor.ldif
...
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=admin,dc=test-svk,dc=com" read by * none
...

#
# chkconfig slapd on
# service slapd start

# mkdir /Test
# cd /Test
# vi test-svk.ldif
dn: dc=test-svk,dc=com
objectClass: dcObject
objectClass: organization
dc: test-svk
o : test-svk
#
# ldapadd -f test-svk.ldif -D cn=admin,dc=test-svk,dc=com -W
# ldapsearch -x -LLL -b dc=test-svk,dc=com
dn: dc=test-svk,dc=com
objectClass: dcObject
objectClass: organization
dc: test-svk
o: test-svk
#

To add an organizational unit (OU) entry to the LDAP tree
----------------------------------------------------------------------------------------------------

Create two OS's named as users and groups

# vi ldapou.ldif
dn: ou=users,dc=test-svk,dc=com
objectClass: organizationalUnit
ou: Users
dn: ou=groups,dc=test-svk,dc=com
objectClass: organizationalUnit
ou: groups
#
# ldapadd -f ldapou.ldif -D cn=admin,dc=test-svk,dc=com -W

To add a user to LDAP
-------------------------------------

Generate a password for ldap user

# slappasswd
New password                       : user123
Re-enter new password         : user123
{SSHA}xxxxxxxxxxxxxxxxxxxxxxx
#

Copy the "{SSHA}xxxxxxxxxxxxxxxxxxxxxxx" to userPassword attribute section in below mentioned "ldapuser.ldif" file

# cd /Test
# vi ldapuser.ldif
dn: uid=luser1,ou=users,dc=test-svk,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: luser1
cn: luser1
sn: luser1
userPassword: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxx
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/luser1

dn: cn=luser1,ou=groups,dc=test-svk,dc=com
objectClass: posixGroup
cn: luser1
gidNumber: 1001
memberUid: luser1

#

Add the contents of ldapuser.ldif file to LDAP.

# ldapadd -f ldapuser.ldif -D cn=admin,dc=test-svk,dc=com -W

To add a group to LDAP -------->Optional
----------------------------------------
# cd /Test
# vi testgrp.ldif
dn: cn=TestGroup,ou=users,dc=test-svk,dc=com
cn: TestGroup
objectClass: groupOfNames
member: cn=luser1,ou=users,dc=test-svk,dc=com
#

Add the contents of testgrp.ldif file to LDAP.

# ldapadd -f  testgrp.ldif -D cn=admin,dc=test-svk,dc=com -W


To add a user to an LDAP group  ---->Optional
--------------------------------------------------------------------------------
Add a user named as luser2 as mentioned above
Then add it to TestGroup

# vi addUserToGroup.ldif
dn: cn=TestGroup,ou=users,dc=test-svk,dc=com
changetype: modify
add: member
member: cn=luser2,ou=users,dc=test-svk,dc=com#
# ldapadd -f addUserToGroup.ldif -D cn=admin,dc=test-svk,dc=com -W

LDAP-PHP-Admin WebInterface
===============================

# yum install phpldapadmin
un-comment line 397, comment line 398 in "/etc/phpldapadmin/config.php"
( "//" is used to comment the line)

# vi /etc/phpldapadmin/config.php
...
 $servers->setValue('login','attr','dn');
//$servers->setValue('login','attr','uid');
...
#
# vi /etc/httpd/conf.d/phpldapadmin.conf
...
    Allow from 127.0.0.1 192.168.1.0/24
...
#
# vi  /etc/httpd/conf/httpd.conf
...
ServerName ldap-server
...
#
# chkconfig httpd on
# service httpd start

now browse to the following URL: http://serverhostname/ldapadmin

login on LDAP using

Login DN    :    cn=admin,dc=test-svk,dc=com
Password    :    test@1234
   
=======================
Open-LDAP-Client
=======================

LDAP use for Login-Aunthentication
-------------------------------------------------------------

# yum install openldap-clients nss-pam-ldapd
# system-config-authentication
1.    Select 'Identity&Authentication' Tab
UserAccountConfiguration--
    UserAccountDatabase     ---    LDAP
    LDAP Search Base DN   ---    dc=test-svk,dc=com
    LDAPServer                   ---    ldap://192.168.1.210/
AuthenticationConfiguration--
    Authentication Method    ---    LDAP password
2.    Select 'Advanced Options' Tab
OtherAuthenticationOptions--
    create home directories onthe first login --- yes (tickmark)
Click 'Apply' and restart

OR

# authconfig --enableldap --enableldapauth --ldapserver=192.168.1.210 --ldapbasedn="dc=test-svk,dc=com" --enablemkhomedir --update
OR
# setup

Select---Authentication Configuration----Run Tool
User Information     ---    Use LDAP
Authentication        ---    Use Shadow Passwords
                             ---    Use LDAP Authentication
                             ---    Local authorization is sufficient
Next
Server            : ldap://192.168.1.210/
Base DN         : dc=test-svk,dc=com
Click OK

Reboot and Login using any LDAP user

=================================================