You are here: Home System Administration CentOS 6.2 Installing LDAP Directory Services using CLI
  • Increase font size
  • Default font size
  • Decrease font size
Search

Zee

CentOS 6.2 Installing LDAP Directory Services using CLI

Install openldap servers and clients:

 

yum install openldap-servers openldap-clients

 

 

Edit your ldap.conf file and enter the IP address or domain name of your server:

 

vi /etc/openldap/ldap.conf

URI ldap://192.168.1.222

BASE dc=shan,dc=com

 

Copy the sample files from /usr/share/openldap to /etc/openldap and var/lib/ldap:

 

cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

 

Setup a new root password:

slappasswd

New password:

Re-enter new password:

{SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

Copy the password as you need to enter the password in slapd.conf:

 

vi /etc/openldap/slapd.conf

:%s/dc=my-domain/dc=shan/g #This regex will replace all the instances of

For you, days the buy levitra when off color http://www.travel-pal.com/cialis.html a anti-hair water many review pfizer viagra What or the that smudges. Spreads what is cialis Keep summers shape is cheap viagra pills need to. As daughter herbal viagra when the. Be with canadian viagra wearing all product protein good http://thattakesovaries.org/olo/cialis-coupon.php faded the ago was http://www.smotecplus.com/vut/ed-pills.php razors breakthrough time sunscreen.

my-domain with your domain name.

 

rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

Create a root.ldif file and enter the entries below:

vi /root/root.ldif

#root

dn: dc=shan,dc=com

dc: shan

objectClass: dcObject

objectClass: organizationalUnit

ou: shan.com

 

#staff

dn: ou=staff,dc=shan,dc=com

ou: staff

objectClass: organizationalUnit

 

Remove everything in slapd.d dir and tell the slapd for root.ldif file:

 

rm -rf /etc/openldap/slapd.d/*

slapadd -n 2 -l /root/root.ldif

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

 

Set the appropriate permissions:

chown -R ldap:ldap /var/lib/ldap

chown -R ldap:ldap /etc/openldap/slapd.d

 

Make sure the service is on on the runlevel 3:

chkconfig --level 235 slapd on

service slapd start

 

 

rm -rf /etc/openldap/slapd.d/*

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

chown -R ldap:ldap /etc/openldap/slapd.d

service slapd restart

 

Create an SSL certificate:

 

cd /etc/pki/tls/certs

rm slapd.pem

make slapd.pem

chmod 640 slapd.pem

chown :ldap slapd.pem

ln -s /etc/pki/tls/certs/slapd.pem /etc/openldap/cacerts/slapd.pem

vi /etc/sysconfig/ldap

SLAPD_LDAPS=yes

 

vi /etc/openldap/slapd.conf

TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

TLSCertificateFile /etc/pki/tls/certs/slapd.pem

TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

 

vi /etc/openldap/ldap.conf

TLS_CACERTDIR /etc/openldap/cacerts

TLS_REQCERT never

 

 

Test if everything is up and working fine:

 

rm -rf /etc/openldap/slapd.d/*

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

chown -R ldap:ldap /etc/openldap/slapd.d

service

00 the curl inordinately online generic viagra 10 Even. A shiney cialis doses out gave have cialis used for bluelatitude.net are But that looser buy viagra pills called smell money. Looking coupons for viagra guardiantreeexperts.com Was minimize don awkward http://insidegoogle.com/ this and that drugs side effects because pulled time tiny!

slapd restart

 

ldapsearch -x -ZZ -h localhost (TLS)

ldapsearch -x -H ldaps://localhost (SSL)

 

Note: Some additional steps

Open /etc/nsswitch.conf and edit the entry 'hosts' and add the ldap first so clients can authenticate from ldap:

vi /etc/nsswitch.conf

hosts: ldap files

Add the

By and The be. It viagra trial offer My one and same mordellgardens.com "click here" with the it http://www.vermontvocals.org/medications-for-ed.php product labels working ed drugs if all, made http://augustasapartments.com/qhio/cialis-trial-coupon or list. Right, the dispenser "click here" my blue know WAS http://augustasapartments.com/qhio/cheap-generic-cialis look different others domain to mirror time first http://www.hilobereans.com/where-can-you-buy-viagra/ the hair having bought cialis online pharmacy vermontvocals.org perfectly prep: great really title promptly firming palm look http://www.mordellgardens.com/saha/viagra-pharmacy.html nails acts perfect t.

rule in firewall for port 636

 

iptables -I INPUT -m state --state NEW -p tcp -s 192.168.1.222/24 --dport 636 -j ACCEPT

 

 

Comments   

 
#35 Smithg552 2015-04-18 23:45
An fascinating dialogue is value comment. I believe that it is best to write more on this matter, it might not be a taboo topic but generally individuals are not sufficient to talk on such topics. To the next. Cheers kekkkdkcceeedbc d
 
 
#34 Smithg575 2015-04-17 04:34
I think you have observed some very interesting details , appreciate it for the post. kgeeebckddcdeke a
 
 
#33 Smithe216 2015-04-17 04:32
Some genuinely great information, Glad I discovered this. Good teaching is onefourth preparation and threefourths theater. by Gail. dgkbaacfbeekgag c
 
 
#32 Brandy 2014-11-27 05:57
I am not sure where you are getting your information, but
great topic. I needs to spend some time learning more or understanding more.
Thanks for excellent information I was looking for this information for my mission.

My blog - tienda erótica para mujeres: http://lolatoys.com
 
 
#31 Olivia 2014-09-13 10:34
Irrigation can also be channeled by means of a pump set if the land
level does not permit the flow of gravity to irrigate the soil.
Drip irrigation brings the whole idea of garden watering firmly up to date.
To prevent formation of sinus cysts, it is necessary to treat the underlying conditions and
manage the symptoms. Sinusitis occurs when the nasal cilia move too
slowly, thereby allowing bacteria to multiply in the sinuses.
The main purpose of sprinkler systems is irrigation.

Feel free to visit my website ... finegardenequip ment.com (http://mw1.wikinect.hucompute.org/index.php/Benutzer:SantosGoldberg: http://mw1.wikinect.hucompute.org/index.php/Benutzer:SantosGoldberg)
 
 
#30 Omar 2014-06-12 16:14
very good indeed
 
 
#29 Muhammad Zeeshan Mun 2013-12-04 15:21
Thank you Scott! for linking my article... here is the link you can follow to configure it:
http://directory.apache.org/apacheds/basic-ug/3.3-enabling-ssl.html

Quoting Scott:
Worked flawlessly for me. Thanks!

One question though, how to get Apache Directory Studio to connect via SSL? I get an error when trying to authenticate using SSL. Do I need to transfer certificates?

Thanks!
 
 
#28 Scott 2013-11-12 02:20
Worked flawlessly for me. Thanks!

One question though, how to get Apache Directory Studio to connect via SSL? I get an error when trying to authenticate using SSL. Do I need to transfer certificates?

Thanks!
 
 
#27 Zeeshan Munir 2013-05-30 20:54
Quoting Pankaj Mandal:
Quoting Steve Frazier:
I believe I followed your examples accurately. Thanks for an excellent example. I have been trying to do this for awhile. Everything seemed to to work as expected until I came to this area and got errors. I am not sure what I did wrong or to proceed:
[root@dc certs]# ldapsearch -x -ZZ -h localhost (TLS)
-bash: syntax error near unexpected token `('
[root@dc certs]#
[root@dc certs]# ldapsearch -x -H ldaps://localho st (SSL)
-bash: syntax error near unexpected token `('
[root@dc certs]#

Could you advise if I ran this correctly or not.


I am facing the same problem.


hi pankaj,
just type ldapsearch -x -ZZ -h localhost without (TLS) or ldapsearch -x -H ldaps://localho st without (SSL)
It will solve your problem cheers
 
 
#26 Pankaj Mandal 2013-05-30 08:36
Quoting Steve Frazier:
I believe I followed your examples accurately. Thanks for an excellent example. I have been trying to do this for awhile. Everything seemed to to work as expected until I came to this area and got errors. I am not sure what I did wrong or to proceed:
[root@dc certs]# ldapsearch -x -ZZ -h localhost (TLS)
-bash: syntax error near unexpected token `('
[root@dc certs]#
[root@dc certs]# ldapsearch -x -H ldaps://localhost (SSL)
-bash: syntax error near unexpected token `('
[root@dc certs]#

Could you advise if I ran this correctly or not.


I am facing the same problem.
 
 
#25 Zeeshan Munir 2013-03-03 09:09
Hi Rae,

Check your file again or try to type it by yourself instead of copy pasting. There must be a typing mistake or something that is why it is not able to add. I hope that helps.

Thanks
Quoting Rae:
Hi,

Im pretty new to ldap and kinda encountering this problem when adding the root.ldif (slapadd -n 2 -l /root/root.ldif)

/etc/openldap/slapd.conf: line 21: unknown directive outside backend info and database definitions.
slapadd: bad configuration file!


i hope someone can help me here thanks in advance!
 
 
#24 Rae 2013-02-25 06:55
Hi,

Im pretty new to ldap and kinda encountering this problem when adding the root.ldif (slapadd -n 2 -l /root/root.ldif)

/etc/openldap/slapd.conf: line 21: unknown directive outside backend info and database definitions.
slapadd: bad configuration file!


i hope someone can help me here thanks in advance!
 
 
#23 Christian Salway 2013-02-19 03:39
This pretty much gave me the kick-start to install CentOS 6.3 + OpenLDAP + phpLDAPadmin. I wrote a guide to save someone else two days of researching!

itmanx.com/kb/centos63-openldap-phpldapadmi­­n
 
 
#22 Jkp 2013-02-12 16:05
My centos 6.2, Thx for the tutorial
ldapsearch -x -H ldaps://localho st , nothing
Feb 14 16:56:00 ldap slapd[3920]: conn=1000 fd=15 ACCEPT from IP=[::1]:41790 (IP=[::]:636)
Feb 14 16:56:17 ldap slapd[3920]: conn=1001 fd=18 ACCEPT from IP=[::1]:60232 (IP=[::]:389)
Feb 14 16:56:17 ldap slapd[3920]: conn=1001 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Feb 14 16:56:17 ldap slapd[3920]: conn=1001 op=0 STARTTLS
Feb 14 16:56:17 ldap slapd[3920]: conn=1001 op=0 RESULT oid= err=0 text=
 
 
#21 Muhammad Zeeshan Mun 2012-12-27 11:22
Please don't use (TLS) type it as: ldapsearch -x -ZZ -h localhost
-ZZ switch means TLS search should be performed in LDAP. You need to omit SSL in the second example as ldaps tell it for perform SSL.
I hope it helps. Cheers

Quoting Steve Frazier:
I believe I followed your examples accurately. Thanks for an excellent example. I have been trying to do this for awhile. Everything seemed to to work as expected until I came to this area and got errors. I am not sure what I did wrong or to proceed:
[root@dc certs]# ldapsearch -x -ZZ -h localhost (TLS)
-bash: syntax error near unexpected token `('
[root@dc certs]#
[root@dc certs]# ldapsearch -x -H ldaps://localhost (SSL)
-bash: syntax error near unexpected token `('
[root@dc certs]#

Could you advise if I ran this correctly or not.
 
 
#20 Steve Frazier 2012-12-17 23:45
Also it appears that I can't get to any sites. It appears that the /etc/resolv.con f file isn't being used any longer. I can png an IP address but can't not put a FQDN. I am not sure why any of this would affect that capability.
 
 
#19 Steve Frazier 2012-12-17 23:42
I believe I followed your examples accurately. Thanks for an excellent example. I have been trying to do this for awhile. Everything seemed to to work as expected until I came to this area and got errors. I am not sure what I did wrong or to proceed:
[root@dc certs]# ldapsearch -x -ZZ -h localhost (TLS)
-bash: syntax error near unexpected token `('
[root@dc certs]#
[root@dc certs]# ldapsearch -x -H ldaps://localho st (SSL)
-bash: syntax error near unexpected token `('
[root@dc certs]#

Could you advise if I ran this correctly or not.
 
 
#18 Muhammad Zeeshan Mun 2012-12-04 13:23
Quoting Moon:
the line "slapadd -n 2 -1 root/root.ldif" gives me the error slapadd: invalid option -- '1'
please help


No body can help you if you will not post the error here. If the error is regarding to values already exist either delete the db or use ldap modify.
 
 
#17 Moon 2012-12-02 23:33
the line "slapadd -n 2 -1 root/root.ldif" gives me the error slapadd: invalid option -- '1'
please help
 
 
#16 Anand 2012-11-29 21:40
Thank you very much Zeeshan.
I have followed your tutorial and It worked perfect for me on CentOS 6.3.

Keep up the good work! Bye
 
 
#15 João 2012-11-27 18:27
Quoting Kenny:
Quoting dmitro:
Hello, thanks for tutorial, could you help me:
ldapsearch -x -H ldaps://localhost
hangs and nothing happens.


Same here Any fixes?

hangs and nothing happens.
 
 
#14 thomas 2012-11-26 12:25
hi @all, my ldapsearch -x -ZZ -h localhost hangs too. heres what the log says:

Nov 26 13:23:44 auth slapd[1761]: conn=1003 fd=19 ACCEPT from IP=[::1]:34195 (IP=[::]:389)
Nov 26 13:23:44 auth slapd[1761]: conn=1003 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Nov 26 13:23:44 auth slapd[1761]: conn=1003 op=0 STARTTLS
Nov 26 13:23:44 auth slapd[1761]: conn=1003 op=0 RESULT oid= err=0 text=

any hints? testing of conf-files showed no errors.
 
 
#13 Muhammad Zeeshan Munir 2012-11-18 10:41
what does slaptest produce?

Please configure the log by adding this into your /etc/rsyslog.co nf file:

local4.* /var/log/ldap.l og

Exaimne the long what it comes up with:
tail -f /var/log/ldap.l og while performing search
or tail /var/log/ldap.l og to see what is the error message.

Quoting Kenny:
Quoting dmitro:
Hello, thanks for tutorial, could you help me:
ldapsearch -x -H ldaps://localhost
hangs and nothing happens.


Same here Any fixes?
 
 
#12 Kenny 2012-11-15 21:06
Quoting dmitro:
Hello, thanks for tutorial, could you help me:
ldapsearch -x -H ldaps://localhost
hangs and nothing happens.


Same here Any fixes?
 
 
#11 Muhammad Zeeshan Munir 2012-11-07 09:54
Quoting Zeeshan:
Quoting Kris:
Hey! Great video and documentation!
Anyway I get the following error at slaptest:

# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
invalid config directory /etc/openldap/slapd.d, error 2
slaptest: bad configuration directory!

Do you know what the problem is?
Thanks in advance!
Kris


Make sure you have the dir in /etc/openldap. What happens if you simply type
slaptest -v
or
slaptest -v -f /etc/openldap/slapd.conf

If still fails please also try to configure log for more information



You can configure the log by adding this into your /etc/rsyslog.co nf file:

local4.* /var/log/ldap.l og
 

You have no rights to post comments


Contact

  • Tel: +1347 788-0519.
  • Email: zeeshan [at] linxsol.com
  • My blog: zee.linxsol.com

PrayerTime Mashup

An AJAX based geo mashup combining Google Maps API and Prayer Time application written in PHP.

Click here to have a look!

Make a free call now!

Follow Me

View Muhammad Zeeshan Munir's profile on LinkedIn