LDAP-Server-setup

From Immersive Visualization Lab Wiki
Revision as of 18:34, 22 August 2012 by Jschulze (Talk | contribs)

Jump to: navigation, search

Resource URLs

Installation Procedure

  • yum install openldap-servers openldap-clients
  • Generate root password for openldap server: /usr/sbin/slappasswd
  • cd /etc/openldap/slapd.d/cn=config
  • vi olcDatabase={2}bdb.ldif
  • change olcRootDN to: cn=manager,dc=ucsd,dc=edu
  • add a line for olcRootPW: 
    olcRootPW: {SSHA}yourhashhere
  • Add certificate lines: 
olcTLSCertificateFile: /etc/pki/tls/certs/slapdcert.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapdkey.pem
  • vi olcDatabase={1}monitor.ldif
  • in line starting with olcAccess change dc=my-domain to dc=ucsd, and dc=com to dc=edu
  • cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
  • vi /etc/sysconfig/ldap
  • set: SLAPD_LDAPS=yes
  • openssl req -new -x509 -nodes -out /etc/pki/tls/certs/slapdcert.pem -keyout /etc/pki/tls/certs/slapdkey.pem -days 365
    • Country Name (2 letter code) [XX]:US
    • State or Province Name (full name) []:California
    • Locality Name (eg, city) [Default City]:San Diego
    • Organization Name (eg, company) [Default Company Ltd]:UCSD
    • Organizational Unit Name (eg, section) []:Calit2
    • Common Name (eg, your name or your server's hostname) []:IVL
    • Email Address []: <email_address>
  • chown -Rf root:ldap /etc/pki/tls/certs/slapdcert.pem
  • chmod -Rf 750 /etc/pki/tls/certs/slapdkey.pem
  • slaptest -u
    • this should return "config file testing succeeded"
  • create file base.ldif with this content: 
dn: dc=ucsd,dc=edu
dc: example
objectClass: top
objectClass: domain

dn: ou=People,dc=ucsd,dc=edu
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=ucsd,dc=edu
ou: Group
objectClass: top
objectClass: organizationalUnit
  • create file newgroup.ldif with this content: 
dn: cn=blah,ou=Group,dc=ucsd,dc=edu
objectClass: posixGroup
objectClass: top
cn: blah
userPassword: {crypt}x
gidNumber: 1000
  • create file newpeople.ldif with this content: 
dn: uid=blah,ou=People,dc=ucsd,dc=edu
uid: blah
cn: Blah Blah
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}cr5y5J6F67Ci2
shadowLastChange: 15140
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/blah
  • ldapadd -x -W -D “cn=manager,dc=ucsd,dc=edu” -f base.ldif
  • ldapadd -x -W -D “cn=manager,dc=ucsd,dc=edu” -f newgroup.ldif
  • ldapadd -x -W -D “cn=manager,dc=ucsd,dc=edu” -f newpeople.ldif
  • ldapsearch -x -b “dc=ucsd,dc=edu”
    • should return successful result
Retrieved from "http://ivl.calit2.net/wiki/index.php?title=LDAP-Server-setup&oldid=5129"