Professional Documents
Culture Documents
SNA
2021
(This can be done using the slappasswd command which generate an encrypted
password hash)
{SSHA}MI/malE7t763EWw7YiRzXsojGETmqMJq
You can also set the password in a one line command; slappasswd -h {SHA} -s password.
Replace the ‘password‘ with your password.
Navigate to OpenLDAP schemas directory and import the cosine, nis and
inetorgperson schemas.
cd /etc/openldap/schema
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
SASL SSF: 0
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
All these modifications can be implemented using a single ldif file as shown
below;
vim mod_domain.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by
dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
read by dn.base="cn=Manager,dc=example,dc=com" read by * none
dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com
dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=example,dc=com
dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}MI/malE7t763EWw7YiRzXsojGETmqMJq
dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcAccess
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
SASL SSF: 0
dn: olcDatabase={2}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {2}mdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc=example,dc=com
olcRootPW: {SSHA}MI/malE7t763EWw7YiRzXsojGETmqMJq
SASL username:
gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={1}monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by
dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
vim basedn.ldif
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Example Com
dc: Example
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=example,dc=com
objectClass: organizationalUnit
ou: Group
To add the Base domain entry, run the command below;
slappasswd
New password:
vim add_user.ldif
dn: uid=amosm,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Amos
sn: Mibey
userPassword: {SSHA}QLXFlVsiNY7bLgcwx8yurJqMZVaErD9b
loginShell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/amosm
dn: cn=amosm,ou=Group,dc=example,dc=com
objectClass: posixGroup
cn: Amos
gidNumber: 10000
memberUid: amosm
To verify that the user is created, you can use ldapsearch command to query
its details.
dn: uid=amosm,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Amos
sn: Mibey
loginShell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/amosm
uid: amosm
Well, that it all takes to install and configure OpenLDAP server on Fedora 29. It
all seems good. Feel free to add more users and explore the full funtionality of
OpenLDAP. Before we can wrap up, open the OpenLDAP server service on
firewall to allow external access.