Install OpenLDAP
Using the following command to install OpenLDAP:
yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel migrationtools
OpenLDAP version
slapd -VV
Configuring OpenLDAP administrator password
slappasswd -s 123456
OpenLDAP configuration files
olcDatabase={2}hdb.ldif
vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}hdb.ldif
Add a line in the configuration file:
olcRootPW: {SSHA}cz194nylg0li+7PAiECh6Jt0UNXPv3k2
Where cn = root root for the user name of OpenLDAP administrator, and olcRootPW represent OpenLDAP administrator's password.
olcSuffix: dc=nmcm,dc=com
olcRootDN: cn=root,dc=nmcm,dc=com
olcDatabase={2}hdb.ldif
vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth" read by dn.base="cn=root,dc=nmcm,dc=com" read by * none
Verify OpenLDAP Configuration
The basic configuration of the authentication OpenLDAP
slaptest -u
Start OpenLDAP service
systemctl enable slapd
systemctl start slapd
systemctl status slapd
Startup Errors
Read/write permissions for DB file '/var/lib/ldap/id2entry.bdb' are required.
Read/write permissions for DB file '/var/lib/ldap/dn2id.bdb' are required.
Permissions issue
chown -R ldap.ldap /etc/openldap/
chown -R ldap.ldap /var/lib/ldap/
OpenLDAP default listening port is 389
lsof -i:389
OpenLDAP Configuration Database
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap:ldap -R /var/lib/ldap
chmod 700 -R /var/lib/ldap
ll /var/lib/ldap/
OpenLDAP database is used by default BerkeleyDB, / var / lib / ldap / BerkeleyDB database is stored in the default path.
Importing Basic Schema
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
migrate_common.ph file
migrate_common.ph file is mainly used to generate the ldif files
vim /usr/share/migrationtools/migrate_common.ph
$DEFAULT_MAIL_DOMAIN = “nmcm.com”;
$DEFAULT_BASE = “dc=nmcm,dc=com”;
$EXTENDED_SCHEMA = 1;
Adding users and user groups
By default, OpenLDAP is no ordinary user, but there is an admin user is root configuration of the front.
Add User Group, using the following command:
groupadd nsccwx
groupadd nmcm
Add users and set a password, use the following command:
useradd -g nsccwx zhaojq
useradd -g nmcm hankm
echo ‘123456’ | passwd –stdin zhaojq
echo ‘123456’ | passwd –stdin hankm
View the configuration attributes:
grep ":10[0-9][0-9]" /etc/passwd > /root/users
cat users
grep ":10[0-9][0-9]" /etc/group > /root/groups
cat groups
According to the generated user and user group attributes, file generation using migrate_passwd.pl ldif to add users and user groups.
/usr/share/migrationtools/migrate_passwd.pl /root/users > /root/users.ldif
cat users.ldif
/usr/share/migrationtools/migrate_group.pl /root/groups > /root/groups.ldif
cat groups.ldif
Add new users to OpenLDAP, the file can be modified directly users.ldif.
Users and groups to import database OpenLDAP
Openldap-based configuration database:
vim /root/base.ldif
dn: dc=nmcm,dc=com
o: nmcm com
dc: nmcm
objectClass: top
objectClass: dcObject
objectclass: organization
dn: cn=root,dc=nmcm,dc=com
cn: root
objectClass: organizationalRole
description: Directory Manager
dn: ou=People,dc=nmcm,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=nmcm,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
Importing the underlying database
ldapadd -x -w "123456" -D "cn=root,dc=nmcm,dc=com" -f /root/base.ldif
Import users into the database
ldapadd -x -w “123456” -D “cn=root,dc=nmcm,dc=com” -f /root/users.ldif
Runtime Error
ldap_add: No such object (32)
matched DN: dc=nmcm,dc=com
Import groups into the database
ldapadd -x -w “123456” -D “cn=root,dc=nmcm,dc=com” -f /root/groups.ldif
