Saturday 8 June 2013

Setting up an OpenLDAP server

As mentioned in an earlier post I will require an LDAP server for testing my project. I will be using OpenLDAP on Centos 6.4.

Lets kick things off by installing some packages: 

 $ sudo yum install openldap openldap-clients openldap-servers

Generate a password for your Manager/Administrator user:

 $ slappasswd

This will generate a SHA hash something like this:

{SSHA}q6sOQ5FGWkU6YE5H+awaGZj8UKpLVkBH

This needs to be inserted into the servers configuration file so note it down.

Open up /etc/openldap/slapd.d/cn\=config/olcDatabase\={2}bdb.ldif and modify it so it looks like the following: 

 ...................................
olcReadOnly: FALSE
olcRootDN: cn=Manager,dc=my-domain,dc=com
olcRootPW: {SSHA}q6sOQ5FGWkU6YE5H+awaGZj8UKpLVkBH
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
...................................

Next we need to configure our domain, you can do this by using the replace(replace dc=my-domain,dc=com) feature in your editor or you can use sed like I have done below:

 $ sed -i -e 's/dc=my-domain,dc=com/dc=clouddev,dc=lan/g' /etc/openldap/slapd.d/cn\=config/olcDatabase\={2}bdb.ldif
 $ sed -i -e 's/dc=my-domain,dc=com/dc=clouddev,dc=lan/g' /etc/openldap/slapd.d/cn\=config/olcDatabase\={1}monitor.ldif

Auto start OpenLDAP:

 $ chkconfig slapd start
 $ service slapd start

Populate it:

For this example I will only populate the root directory and will configure the rest later using phpldapadmin. If you wish you can create users/groups using ldapadd and ldif files.

 $ echo -e "dn: dc=clouddev,dc=lan\nobjectClass: dcObject\nobjectClass: organization\ndc: clouddev\no : clouddev" > /tmp/base.ldif
 $ ldapadd -f /tmp/base.ldif -D cn=Manager,dc=clouddev,dc=lan -w password

Configure iptables:

Since I'm just doing this for a development environment I just turned of iptables completely:

 $ iptables --flush
 $ service iptables stop
 $ chkconfig iptables off

If you wish to configure them simply insert:

-A INPUT -p tcp --dport 389 -j ACCEPT

into /etc/sysconfig/iptables

Finally test that your server is up and working by querying it:

 $ ldapsearch -h localhost -b dc=clouddev,dc=lan -xxx

I didn't wish to spend time doing ldif dumps and applying them with ldapadd/ldapdelete/ldapmodify so I opted to install phpldapadmin which supplies a web based interface for managing OpenLDAP.

Start by setting up the EPEL repos on CentOS:

 $ wget http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6
 $ rpm --import RPM-GPG-KEY-EPEL-6 
 $ wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
 $ rpm -ivh epel-release-6-8.noarch.rpm

Continue on to install phpldapadmin:

 $ yum --enablerepo=epel install phpldapadmin

Configure the access you require to it by modifying the allow access from line in /etc/httpd/config.d/phpldapadmin.conf

Next we need to change an option in phpldapadmin's configuration file to use a dn for login instead of a uid.

 $ sed -i -e "s/$servers->setValue('login','attr','uid');/\/\/$servers->setValue('login','attr','uid');/g" -e "s/\/\/$servers->setValue('login','attr','dn');/$servers->setValue('login','attr','dn');/g" /etc/phpldapadmin/config.php

Finally restart the httpd:

 $ service httpd restart

browse to http://server-address/ldapadmin and login with
username: cn=Manager,dc=clouddev,dc=lan
password: password

and create your wanted OUs, users, groups, etc.
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)