Install LDAP-slapd.conf mode
——————start installation———————
Query whether to install

# rpm -qa openldap-servers

Remove ldap
# yum remove openldap

# yum remove openldap-servers

Installation Environment
Centos7
Apache/2.4.6 (CentOS)
PHP 7.1.11

Install LDAP Server

Openldap-servers-2.4.44-5.el7.x86_64

# yum install openldap-servers openldap-clients migrationtools

# rpm -qa | grep openldap

Delete all files in the slapd.d folder and copy a copy of slapd.conf
# rm -rvf /etc/openldap/slapd.d
# mkdir /etc/openldap/slapd.d

Generate password

# /sbin/slappasswd
New password:
Re-enter new password:

{SSHA}XXXXXXXXXXXXXXXXX….

Ldap-server configuration file
# cp /usr/share/openldap-servers/slapd.ldif /etc/openldap/slapd.conf

Modify the slapd.conf file
# vi /etc/openldap/slapd.conf

Put

olcAccess: to * by dn.base=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,c n=auth” read by dn.base=”cn=Manager,dc=my-domain,dc= Com” read by * none
olcSuffix: dc=my-domain,dc=com olcRootDN: cn=Manager,dc=my-domain,dc=com

Change to

olcAccess: to * by dn.base=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,c n=auth” read by dn.base=” cn=Manager,dc=rmohan,dc=com ” read by * none olcSuffix: dc=rmohan,dc=com
olcRootDN: cn=Manager,dc=rmohan,dc=com
olcRootPW: {SSHA}XXXXXXXXXXXXXXXXXXXXX

(olcRootPW please copy from password.txt just)

Start converting configuration files
# rm -rvf /var/lib/ldap/*
# /usr/libexec/openldap/convert-config.sh
# head -20 /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{[12]}*

Test if the LDAP configuration file is normal
# slaptest -u
Config file testing succeeded

Clear the database sample file and copy the database default profile
Copy database preset profile #
Cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

# rm -rvf /etc/openldap/certs
# mkdir /etc/openldap/ certs

Create a certs DB profile
# /usr/libexec/openldap/create-certdb.sh
Creating certificate database in ‘/etc/openldap/certs’.
# /usr/libexec/openldap/generate-server-cert.sh
Creating new server certificate in ‘/etc/openldap/certs’.
# chown ldap:ldap -R /var/lib/ldap/
# systemctl start slapd
# slaptest
Config file testing succeeded
# systemctl enable slapd
# firewall-cmd –permanent –zone=public –add-port=389/tcp
# firewall-cmd –reload
# ldapwhoami -WD cn=Manager,dc=rmohan,dc=com
Enter LDAP Password:
Dn :cn=Mana g er,dc=rmohan,dc=com

Import schema
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

Edit root node

# vim base.ldif
Dn: dc=rmohan,dc=com
objectClass: top
objectClass: dcObject
Objectclass: organization
o: rmohan
Dc: rmohan

Dn: cn=Manager,dc=rmohan,dc=com
objectClass: organizationalRole
Cn: Manager
Description: Directory Manager

Dn: ou=STU, dc=rmohan,dc=com
objectClass: organizationalUnit
Ou: STU
Description:student

Dn: ou=TEA,dc=rmohan,dc=com
objectClass: organizationalUnit
Ou: TEA
Description:teacher

# /bin/ldapadd -x -D “cn=Manager,dc=rmohan,dc=com” -W -f base.ldif
Enter LDAP Password:
Adding new entry “dc=rmohan,dc=com”
Adding new entry “cn=Manager,dc=rmohan,dc=com”
Adding new entry “ou=People,dc=rmohan,dc=com”
Adding new entry “ou=Group,dc=rmohan,dc=com”

Firewall settings

# /bin/firewall-cmd –permanent –add-service=ldap
# /bin/firewall-cmd –reload

Leave a comment

Your email address will not be published. Required fields are marked *

Blue Captcha Image
Refresh

*

Protected by WP Anti Spam

Hit Counter provided by dental implants orange county