Académique Documents
Professionnel Documents
Culture Documents
This Tutorial describes you Step by Step Procedure to install and configure an
OpenLDAP server and Client on RHEL7/CentOS7. Also watch the tutorial video
below.
Use the following instructions to install and configure the LDAP Server and Ldap
Client on Centos7/RHEL7.
Prerequisites:
1. Make sure both server Linux1(192.168.2.10) and client(192.168.2.20) are
accessible.
2. Make an entry of each host in /etc/hosts for name resolution or Configure it in
DNS to resolve the IP, if you use server name instead of IP address. Read also How
to Configure DNS Server on RHEL7But we use IP Address for reference.
olcSuffix: dc=learnitguide,dc=net
olcRootDN: cn=Manager,dc=learnitguide,dc=net
Add the below three lines additionally in the same configuration file.
olcRootPW: {SSHA}bHSiwuPJEypHS6zHSE2Uy7M69sQjmkPL
olcTLSCertificateFile: /etc/pki/tls/certs/learnitguideldap.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/learnitguideldapkey.pem
Replace the "olcRootPW" value with your copied passwd. Now Save and exit the
configuration file.
The suffix line names the domain for which the LDAP server provides information
and should be changed to your domain name. The rootdn entry is the Distinguished
Name (DN) for a user who is unrestricted by access controls or administrative limit
parameters set for operations on the LDAP directory. The rootdn user can be
thought of as the root user for the LDAP directory. In the configuration file, change
the rootdn line from its default value as above.
Note: If no olcAccess directives are specified, the default access control policy, to *
by * read, allows all users (both authenticated and anonymous) read access.
Note: Access controls defined in the frontend are appended to all other databases'
controls.
$DEFAULT_MAIL_DOMAIN = "learnitguide.net";
$DEFAULT_BASE = "dc=learnitguide,dc=net";
$EXTENDED_SCHEMA = 1;
Copy the below lines and paste inside the file /root/base.ldif.
dn: dc=learnitguide,dc=net
objectClass: top
objectClass: dcObject
objectclass: organization
o: learnitguide net
dc: learnitguide
dn: cn=Manager,dc=learnitguide,dc=net
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=People,dc=learnitguide,dc=net
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=learnitguide,dc=net
objectClass: organizationalUnit
ou: Group
Replace with your domain name instead of learnitguide.net, Save and exit the file.
Now Convert the Individual Users file to LDAP Data Interchange Format (LDIF)
Generate a ldif file for users
[root@linux1 migrationtools]# ./migrate_passwd.pl /root/passwd /root/users.ldif
NOTE: It will ask for a password of "Manager", you have to type the password which
you generated in encrypted format.
LDAP Configuration is done, but we need to share the LDAP Users Home
Directories via NFS. So Users who logged in the client servers will also be able to
save their data remotely on LDAP Server. If not they will get an error as "Home
Directory not found". If you wish to export the Home directory using autofs instead
of making an entry in fstab file, please refer the link Mounting the NFS Filesystem
using autofs. Here we use simple fstab entry for testing purpose also watch this
demo on youtube, how to configure Linux Clients for LDAP Authentication to
OpenLDAP Server.
If you would like to automount the Home Directories over NFS, please refer the
link Automount home directories over NFS using autofs. Configure OpenLDAP Server on
RHEL7/Centos7, linux openldap server setup, Linux ldap configuration, openldap server configuration, Step by step OpenLDAP
Configuration, install openldap server in centos7, ldap server configuration
Thats all from client end. Now login using the LDAP User to ensure the
authentication.