Difference between revisions of "LDAP-Server-setup"
From Immersive Visualization Lab Wiki
(New page: ===Resource URLs=== * http://www.nodeofcrash.com/?p=481 ===Installation Procedure=== * yum install openldap-servers openldap-clients * Generate root password for openldap server: /usr/s...) |
(→Installation Procedure) |
||
| Line 10: | Line 10: | ||
* change olcRootDN to: cn=Manager,dc=ucsd,dc=com | * change olcRootDN to: cn=Manager,dc=ucsd,dc=com | ||
* add a line for olcRootPW: <pre>olcRootPW: {SSHA}yourhashhere</pre> | * add a line for olcRootPW: <pre>olcRootPW: {SSHA}yourhashhere</pre> | ||
| − | * Add certificate lines: <pre>olcTLSCertificateFile: /etc/pki/tls/certs/slapdcert.pem | + | * Add certificate lines: |
| + | <pre> | ||
| + | olcTLSCertificateFile: /etc/pki/tls/certs/slapdcert.pem | ||
| + | olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapdkey.pem | ||
| + | </pre> | ||
* vi vi olcDatabase={1}monitor.ldif | * vi vi olcDatabase={1}monitor.ldif | ||
* in line starting with olcAccess change dc=my-domain to dc=ucsd | * in line starting with olcAccess change dc=my-domain to dc=ucsd | ||
| − | * | + | * cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG |
* vi /etc/sysconfig/ldap | * vi /etc/sysconfig/ldap | ||
* set: SLAPD_LDAPS=yes | * set: SLAPD_LDAPS=yes | ||
| Line 28: | Line 32: | ||
* slaptest -u | * slaptest -u | ||
** this should return "config file testing succeeded" | ** this should return "config file testing succeeded" | ||
| + | * create file base.ldif with this content: | ||
| + | <pre> | ||
| + | dn: dc=example,dc=com | ||
| + | dc: example | ||
| + | objectClass: top | ||
| + | objectClass: domain | ||
| + | |||
| + | dn: ou=People,dc=example,dc=com | ||
| + | ou: People | ||
| + | objectClass: top | ||
| + | objectClass: organizationalUnit | ||
| + | |||
| + | dn: ou=Group,dc=example,dc=com | ||
| + | ou: Group | ||
| + | objectClass: top | ||
| + | objectClass: organizationalUnit | ||
| + | </pre> | ||
| + | * create file newgroup.ldif with this content: | ||
| + | <pre> | ||
| + | dn: cn=blah,ou=Group,dc=exmaple,dc=com | ||
| + | objectClass: posixGroup | ||
| + | objectClass: top | ||
| + | cn: blah | ||
| + | userPassword: {crypt}x | ||
| + | gidNumber: 1000 | ||
| + | </pre> | ||
| + | * create file newpeople.ldif with this content: | ||
| + | <pre> | ||
| + | dn: uid=blah,ou=People,dc=example,dc=com | ||
| + | uid: blah | ||
| + | cn: Blah Blah | ||
| + | objectClass: account | ||
| + | objectClass: posixAccount | ||
| + | objectClass: top | ||
| + | objectClass: shadowAccount | ||
| + | userPassword: {CRYPT}cr5y5J6F67Ci2 | ||
| + | shadowLastChange: 15140 | ||
| + | shadowMin: 0 | ||
| + | shadowMax: 99999 | ||
| + | shadowWarning: 7 | ||
| + | loginShell: /bin/bash | ||
| + | uidNumber: 1000 | ||
| + | gidNumber: 1000 | ||
| + | homeDirectory: /home/blah | ||
| + | </pre> | ||
Revision as of 17:10, 22 August 2012
Resource URLs
Installation Procedure
- yum install openldap-servers openldap-clients
- Generate root password for openldap server: /usr/sbin/slappasswd
- vi olcDatabase={2}bdb.ldif
- change olcRootDN to: cn=Manager,dc=ucsd,dc=com
- add a line for olcRootPW:
olcRootPW: {SSHA}yourhashhere - Add certificate lines:
olcTLSCertificateFile: /etc/pki/tls/certs/slapdcert.pem olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapdkey.pem
- vi vi olcDatabase={1}monitor.ldif
- in line starting with olcAccess change dc=my-domain to dc=ucsd
- cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
- vi /etc/sysconfig/ldap
- set: SLAPD_LDAPS=yes
- openssl req -new -x509 -nodes -out /etc/pki/tls/certs/slapdcert.pem -keyout /etc/pki/tls/certs/slapdkey.pem -days 365
- Country Name (2 letter code) [XX]:US
- State or Province Name (full name) []:California
- Locality Name (eg, city) [Default City]:San Diego
- Organization Name (eg, company) [Default Company Ltd]:UCSD
- Organizational Unit Name (eg, section) []:Calit2
- Common Name (eg, your name or your server's hostname) []:IVL
- Email Address []:jschulze@ucsd.edu
- chown -Rf root:ldap /etc/pki/tls/certs/slapdcert.pem
- chmod -Rf 750 /etc/pki/tls/certs/slapdkey.pem
- slaptest -u
- this should return "config file testing succeeded"
- create file base.ldif with this content:
dn: dc=example,dc=com dc: example objectClass: top objectClass: domain dn: ou=People,dc=example,dc=com ou: People objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=example,dc=com ou: Group objectClass: top objectClass: organizationalUnit
- create file newgroup.ldif with this content:
dn: cn=blah,ou=Group,dc=exmaple,dc=com
objectClass: posixGroup
objectClass: top
cn: blah
userPassword: {crypt}x
gidNumber: 1000
- create file newpeople.ldif with this content:
dn: uid=blah,ou=People,dc=example,dc=com
uid: blah
cn: Blah Blah
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}cr5y5J6F67Ci2
shadowLastChange: 15140
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/blah
