Académique Documents
Professionnel Documents
Culture Documents
Note, if you have had change the Idap directory, correct that in the line,
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools
# Mode 700 recommended
directory /var/lib/ldap
We will import our local user list into the LDAP Keep in mind that in order to import local
users to LDAP, you must convert the file (with user info) to the *ldif (LDAP Data
Interchange Files) format. This is done with already made script that comes with
OpenLDAP server.
The first step is to Import root user. Let's copy/paste or "grep" the root user
information from /etc/passwd file to the new file called passwdroot, this can be done like
this :
[root@linux1 ~]# grep root/etc/passwd > /etc/openldap/passwdroot
Next, you can additionally import your already-made local users to LDAP. This is
done the same way. For example, let's say I have user user1 and I want to import it I
would do
[root@linux1 ~]# grep user1 /etc/passwd > /etc/openldap/passwdldapusers
If you have any more local users that you wish to add, repeat the last step, but
this time use ">>" this symbols instead of">" to append the file.
[root@linux1 ~]# grep member /etc/passwd >/etc/openldap/passwdldapusers
Next, it's time to convert our files to *ldif format Locate the migrate_passwdpl
script, and do the following...
[root@linux1~]#/usr/share/openldap/migration/migrate_passwdpl
/etc/openldap/passwdroot/etc/openIda p/rootIdif
[root@linux1~]#/usr/share/openldap/migration/migrate_passwdpl
/etc/openldap/passwdldapusers/etc/openldap/ldapusersldif
Note if you add some local user to the LDAP sometime later, you need to rerun
the script for converting passwdldapusers file again. No need to do that for passwdroot
file
Now, we have to change in our two *ldif files. You need to change dn entry to
suit our scenario.
Since we also named our root user Manager in slapdconf file, You also need to
change the cn=root to cn=Manager in the rootldif file
Next, you have to create *ldif file for the abc" domain
The LDIF files you created from /etc/passwd referred to users only. The
attributes of the abc domain haven't yet been defined, and you also haven't defined the
organizational unit called People. This can be done using a third LDIF file called
/etc/openldap/abcldif, which should look this
LDAP Centralize Login - Document
dn: dc=abc,dc=com
dc: abc
description: Root LDAP entry for abc
objectClass: dcObject
ou: rootObject
objectClass: organizationalUnit
dn: cn=root,dc=abc,dc=com
objectClass: organizationalRole en:
root
dn: ou = People,dc=abc,dc=com
description: All people in organization
objectClass: organizationalUnit ou:
People
Please note, that you need that extra blank line in the abcIdif, which you have to
create and add the below line otherwise the import will fail with en error
The only step left is to actually import the three *ld if files to our LDAP. First you
need to import root domain info (abcIdif), than root user info (rootIdif) and last additional
local users info (Idapusersldif) in that order
This is done as shown below, first domain info
[root@linux2 openldap]# Idapadd -x -D "cn = root,dc=abc,dc=com" -W -f abcIdif
Enter LDAP Password: _____________
adding new entry "dc=abc,dc=com"
adding new entry "ou=People,dc=abc,dc=com"
Type your LDAP password when prompted and the data will be import into the
database. Do the same for file rootldif and Idapusersldif.
[root@linux2 openldap]# Idapadd -x -D "cn = root,dc=abc,dc=com" -W -f rootldif
Enter LDAP Password: ______________________________
adding new entry "uid = root,ou = People,dc=abc,dc=com"
We have completed LDAP Server Configuration. Now move towards LDAP
Client Configuration
LDAP Centralize Login - Document
The client machine may be *any* machine that you want your LDAP users to be
connecting to (and use LDAP authentication of course). If you have a stand-alone server
that you just want it to share with others than the server is also the client machine.
Configure it to authenticate thru LDAP so that users connecting locally or remotely (via
ssh/telnet) can get authenticated.
On the client side, we only need to configure the authentication type and point to
the LDAP server.
For the GUI - style for setting this,
[root@linux1 ~]# system-config-authentication
or [root@linux1 ~]# authconfig
Under user information tab click on "Enable LDAP Support" checkbox, it will provide you
with configuration dialog.
Make sure you fill in the information correct. Don't check the "Use TLS to encrypt
connection" checkbox, because the authentication won't work. Changes the base DN
names from "example.com" to "abc" and type LDAP server IP that is 192.168.0.1.
Now, do the same on "Authentication" tab, enable the "Enable the LDAP
support" and click on button below to configure it Leave the checkboxes for "Use
shadow password" and "Use MD5 passwords" as is They need to stay enabled.
LDAP Centralize Login - Document
In order for LDAP users home folders to be exported to any machine that they
will logon to, we need to setup a NFS server.
We have to setup NFS on the LDAP server. To import the directory via NFS,
open the /etc/exports file. In this file, for our scenario we want to export our /home
folders to all the client machine in our LAN.
[root@linux1 ~]# vi /etc/exports
/home *(rw,sync)
For NFS server to be able to read the configuration, invoke the command
[root@linux1 ~]# exportfs -a
Done with the configuration. Now, startup the services that needs to be running
in order for NFS to be successfully working, the services are portmap, nfslock, nfs
start them with service command and set it to automatic boot time loader with
chkconfig command.
[root@linux1 ~]# service portmap start
[root@linux1 ~]# service nfslock start
[root@linux1 ~]# service nfs start
... and make sure that the services are automatically start at boot time
The client side of configuration is also easy Just make sure that same services
as described above is started at boot time
Also, add the service autofs to your startup list, because this service will actually
mount our home folder from NFS server to our /home folder
[root@linux2 ~]# chkconfig autofs on
Next, clean-up the home folders. Change the mount point of /home folder into
/etc/fstab from /home to /homeold
Create the new folder/home
[root@linuxl ~]# mkdir /home
Ok, before testing with actual login, test if you can mount the exported /home
directory from NFS server [root@linux1 ~]# mount 192.168.0.1 :/home /home
Now, we want to mount the NFS Server's home partition at boot time, so do the
following 1] Open/etc/automaster
write down,
/home /etc/auto home
2] Open/etc/autohome
Write down,
* -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp
192.168.0.1:/home/&. That's it Make sure the needed services are started and
you are ready to test your configuration