Topic 7

Date: 3/1/2017
Lightweight Directory Access Protocol (LDAP)
Linux System Administration


Practical exercises: LDAP server installation and configuration.
  • Install OpenLDAP packages on master VM.
    apt-get install slapd ldap-utils libldap-2.4-2 libnss-ldap
    
    You can accept the default entries in configuration stage since you will configure LDAP manually. Remove the databases created during LDAP setup:
    systemctl stop slapd
    rm -rf /var/lib/ldap/*
    

  • Create a new configuration file, /etc/ldap/slapd.conf, and paste the configuration from the table below.
    # See slapd.conf(5) for details on configuration options.
    # This file should NOT be world readable.
    #
    # Include Schemas
    include         /etc/ldap/schema/core.schema
    include         /etc/ldap/schema/cosine.schema
    include         /etc/ldap/schema/nis.schema
    include         /etc/ldap/schema/inetorgperson.schema
    
    # Where the dynamically loaded modules are stored
    modulepath      /usr/lib/ldap
    moduleload      back_bdb
    
    # bdb database definitions
    database        bdb 
    
    # Define Domain components and Root distinguished name (Manager)
    suffix          "dc=dom02, dc=linux, dc=class"
    rootdn          "cn=Manager,dc=dom02,dc=linux,dc=class"
    
    # Where the database file are physically stored for database #1
    directory       "/var/lib/ldap"
    
    # Cleartext passwords, especially for the rootdn, should
    # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
    # Use of strong authentication encouraged.
    # Root password can be created with:
    # perl  -e "print crypt(thisp, ac,)" > pass.txt
    # rootpw         thisp
    rootpw          {crypt}acunRNwFPEdHQ
    
    # slapd process ID file
    pidfile         /var/run/slapd/slapd.pid
    

  • Edit file /etc/default/slapd and specify the location of the configuration file:
    SLAPD_CONF=/etc/ldap/slapd.conf

  • start LDAP server:
    systemctl start slapd
    
    To make sure LDAP is running, execute ldapsearch:
    ldapsearch -x -h localhost -LL  -b '' -s base '(objectclass=*)' namingContexts 
    
    You should see:
    namingContexts: dc=dom02,dc=linux,dc=class


  • Take me to the Course Website