Difference between revisions of "LDAP-Server-setup"

From Immersive Visualization Lab Wiki
Jump to: navigation, search
(Installation Procedure)
(Installation Procedure)
Line 28: Line 28:
 
** Organizational Unit Name (eg, section) []:Calit2
 
** Organizational Unit Name (eg, section) []:Calit2
 
** Common Name (eg, your name or your server's hostname) []:IVL
 
** Common Name (eg, your name or your server's hostname) []:IVL
** Email Address []:jschulze@ucsd.edu
+
** Email Address []: <email_address>
 
* chown -Rf root:ldap /etc/pki/tls/certs/slapdcert.pem
 
* chown -Rf root:ldap /etc/pki/tls/certs/slapdcert.pem
 
* chmod -Rf 750 /etc/pki/tls/certs/slapdkey.pem
 
* chmod -Rf 750 /etc/pki/tls/certs/slapdkey.pem

Revision as of 17:22, 22 August 2012

Resource URLs

Installation Procedure

  • yum install openldap-servers openldap-clients
  • Generate root password for openldap server: /usr/sbin/slappasswd
  • cd /etc/openldap/slapd.d/cn=config
  • vi olcDatabase={2}bdb.ldif
  • change olcRootDN to: cn=manager,dc=ucsd,dc=edu
  • add a line for olcRootPW:
    olcRootPW: {SSHA}yourhashhere
  • Add certificate lines:
olcTLSCertificateFile: /etc/pki/tls/certs/slapdcert.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapdkey.pem
  • vi olcDatabase={1}monitor.ldif
  • in line starting with olcAccess change dc=my-domain to dc=ucsd, and dc=com to dc=edu
  • cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
  • vi /etc/sysconfig/ldap
  • set: SLAPD_LDAPS=yes
  • openssl req -new -x509 -nodes -out /etc/pki/tls/certs/slapdcert.pem -keyout /etc/pki/tls/certs/slapdkey.pem -days 365
    • Country Name (2 letter code) [XX]:US
    • State or Province Name (full name) []:California
    • Locality Name (eg, city) [Default City]:San Diego
    • Organization Name (eg, company) [Default Company Ltd]:UCSD
    • Organizational Unit Name (eg, section) []:Calit2
    • Common Name (eg, your name or your server's hostname) []:IVL
    • Email Address []: <email_address>
  • chown -Rf root:ldap /etc/pki/tls/certs/slapdcert.pem
  • chmod -Rf 750 /etc/pki/tls/certs/slapdkey.pem
  • slaptest -u
    • this should return "config file testing succeeded"
  • create file base.ldif with this content:
dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain

dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
  • create file newgroup.ldif with this content:
dn: cn=blah,ou=Group,dc=exmaple,dc=com
objectClass: posixGroup
objectClass: top
cn: blah
userPassword: {crypt}x
gidNumber: 1000
  • create file newpeople.ldif with this content:
dn: uid=blah,ou=People,dc=example,dc=com
uid: blah
cn: Blah Blah
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}cr5y5J6F67Ci2
shadowLastChange: 15140
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/blah
  • ldapadd -x -W -D “cn=manager,dc=ucsd,dc=edu” -f base.ldif
  • ldapadd -x -W -D “cn=manager,dc=ucsd,dc=edu” -f newgroup.ldif
  • ldapadd -x -W -D “cn=manager,dc=ucsd,dc=edu” -f newpeople.ldif
  • ldapsearch -x -b “dc=ucsd,dc=edu”
    • should return successful result