$ yum install openldap-servers
$ yum install openldap*
$rpm -qa | grep ldap
Take backup for slapd.conf
$ /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak
Edit the file /etc/openldap/slapd.conf
we need to change some lines suffix,
rootdn and the two rootpw lines.
Suffix is the high level descriptor you selected above. The
rootdn is who (the user) that owns the server and should start with
cn=. The first root password (rootpw) line should be set to
secret. You can generate an encrypted password for the second
rootpw line using the command:
$ slappasswd
Just cut and paste the output of the slappasswd command into the
second rootpw line in slapd.conf
$ vim /etc/openldap/slapd.conf
suffix "dc=bloger,dc=com"
bloger is a your domain name
rootdn "cn=Manager,dc=bloger,dc=com"
rootpw secret
rootpw {SSHA}MRNBda83kd9f7d7did902mLA1x0AVOWMRBua
save & exit this file.
open ldap.conf file.
$ vim /etc/openldap/ldap.conf
change 2 line in this file
HOST 127.0.0.1
BASE dc=bloger,dc=com
save & exit this file.
LDAP Migration tools-:
These tools are located
in /usr/share/openldap/migration. If
you don't find them in your distribution you can download these tools
from:
http://www.padl.com/OSS/MigrationTools.html
Install is simple.
cd MigrationTools-47
You then must edit migrate_common.ph and change the following site-specific variables to reflect your installation:
Now we need to add the base entries into the LDAP. Here is an example of a new base org. units you may need and a user new user. The file we will create in out example is bloger.com.ldif.
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "bloger.com";
# Default base
$DEFAULT_BASE = "dc=blger,dc=com
Create a data file (bloger.ldif) & copy following content.
$ tuch bloger.ldif
dn: dc=bloger,dc=com
objectclass: topsave this file.
objectclass: organization
o: bloger
description: Top level LDAP for bloger.com
dn: ou=Group,dc=bloger,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=People,dc=bloger,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Services,dc=bloger,dc=com
ou: Services
objectClass: top
objectClass: organizationalUnit
$ /usr/share/openldap/migration/migrate_base.pl > bloger.ldif
Import first record
$ ldapadd -a -W -x -D "cn=Manager,dc=bloger,dc=com" -f bloger.ldif
$ ldapsearch -x -b 'dc=bloger,dc=com' 'objectclass=*
Create test user-:create file newrec.ldif for test user & add some content in this file.
$ touch bloger.ldif
note- You need an empty line before each line starting with "dn:"
$ vim bloger.ldif
# test1, < style="font-weight: bold;">bloger, comsave & exit this file.
dn: uid=test,ou=People,dc=bloger,dc=com
cn: test
sn: test
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
userPassword: {crypt}$!Z0ksiAKjsKLAsjuwyuAK!jksX
uid: test
uidNumber: 501
gidNumber: 501
loginShell: /bin/bash
homeDirectory: /home/test
shadowLastChange: 10877
shadowMin: 0
shadowMax: 999999
shadowInactive: -1
shadowWarning: 7
shadowFlag: 0
shadowExpire: -1
The dn: record must be uniqe and should include the include your suffix.
Add the record to your LDAP
To add a record to the ldap database we use the command ldapadd
$ ldapadd -W -x -D "cn=Manager,dc=bloger,dc=com" -W -f newrec.ldif
$ ldapsearch -x -b 'cn=test,dc=bloger,dc=com' $ getent passwdClient Side Authentication-:
1. Click System, select Administration and click Authentication. This will launch the Authentication Configuration window.
2. Check Enable LDAP Support and click the Configure LDAP button
3. Fill in the LDAP Search Base DN and LDAP Server fields. Click Ok when you are done.
4. Click the Authentications tab and check Enable LDAP Support.
To test this, create a user in your LDAP directory that is not in
your machine. Then check the account by fingering the
user. For example, if you add the test record for you
should be able to essue the command:
$ finger test1
1 comment:
Thanx. it really helped me.
Post a Comment