March 11, 2014

Installing RHEL 6 Default Directory Servers, OpenLDAP

Introduction

In this blog I will show you how to install, configure and test the default directory service in RHEL 6 - OpenLDAP. LDAP directory services are common used for storing authentication credential.

1. Install

$ yum install -y openldap openldap-clients openldap-servers

2. Configure

The OpenLDAP configuration has been altered in RHEL 6. Previously it was a configuration file /etc/openldap/slapd.conf, but now it is a configuration database located in /etc/openldap/slapd.d/.

Global configuration is stored in /etc/openldap/slapd.d/cn\=config.ldif.

$ cat /etc/openldap/slapd.d/cn\=config.ldif
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /etc/openldap/slapd.conf.bak
olcConfigDir: /etc/openldap/slapd.d
olcAllows: bind_v2
olcArgsFile: /var/run/openldap/slapd.args
...

Database specific configuration is stored in /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif.

We will here change the olcSuffix (the domain for which the LDAP server provides information) and the olcRootDN (the LDAP super username).

$ grep olcSuffix /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif
olcSuffix: dc=magnuskkarlsson,dc=com
$ grep olcRootDN /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif
olcRootDN: cn=Manager,dc=magnuskkarlsson,dc=com

Finally we need to generate a password for olcRootDN. To generate the password we use the slappasswd tool. And to add it, we add the directive olcRootPW to the /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif.

$ slappasswd 
New password: <redhat>
Re-enter new password: <redhat>
{SSHA}0aIvJ8mtnCYGqDc5YhW2C9rRLJwWv/HX
$ grep olcRootPW /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif
olcRootPW: {SSHA}0aIvJ8mtnCYGqDc5YhW2C9rRLJwWv/HX

3. Start

$ service slapd start

And to automatically start OpenLDAP at boot time.

$ chkconfig slapd on

4. Test

To test the installation we perform a simple search (query for you SQL people).

$ ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
...
dn:
namingContexts: dc=magnuskkarlsson,dc=com
...

Now we are going to add entries to your directory. To add entries we use the ldapadd tool. The ldapadd expects LDIF (LDAP Data Interchange Format) file.

$ cat /tmp/example.ldif
dn: dc=magnuskkarlsson,dc=com
objectclass: dcObject
objectclass: organization
o: Magnus K Karlsson AB
dc: magnuskkarlsson

dn: cn=Manager,dc=magnuskkarlsson,dc=com
objectclass: organizationalRole
cn: Manager
$ ldapadd -x -D "cn=Manager,dc=magnuskkarlsson,dc=com" -W -f /tmp/example.ldif
Enter LDAP Password: <redhat>
adding new entry "dc=magnuskkarlsson,dc=com"

adding new entry "cn=Manager,dc=magnuskkarlsson,dc=com"

Finally we test the added entries.

$ ldapsearch -x -b 'dc=magnuskkarlsson,dc=com' '(objectclass=*)'
...
# magnuskkarlsson.com
dn: dc=magnuskkarlsson,dc=com
objectClass: dcObject
objectClass: organization
o: Magnus K Karlsson AB
dc: magnuskkarlsson

# Manager, magnuskkarlsson.com
dn: cn=Manager,dc=magnuskkarlsson,dc=com
objectClass: organizationalRole
cn: Manager

No comments: