follow the steps described below for openldap installation as and configurations 1.

Installationinstall the following rpms from fedora cd/dvd. It will be best if you make a yum repo before installation that way you can avoid any dependency error during installations install the following rpms openldap-xx.rpm openldap-clients-xxxx.rpm openldap-servers-xxx.rpm openldap-devel-xxx.rpm x = version numbers 2. configurations There are two catagories of commands a. offline commands: these command are used when ldap server service is not running. e.g. slapadd/slapcat etc b. online commands : these command are used when ldap server service is running. e.g. ldapadd/ldapmodify/ldapdelete/ldapsearch etc Remember one thing ldap is a protocol and openldap is a software that implements ldap protocol. it actually holds all the objects of your domain e.g. printers/users/organistational units of the domain. Another important point is that ldap holds its data like a tree. e.g. lets say the domain abc.com contains 2 ou (organistational units) sales.abc.com and tech.abc.com. Now sales.abc.com contains 2 users x and y. Similarly tech.abc.com contains 2 users m and n. refer to the pic1.jpg. In ldap terms we will call abc.com as dc=abc,dc=com tech.abc.com as ou=tech,dc=abc.com sales.abc.com as ou=sales,dc=abc,dc=abc,dc=com x as dn: cn=x, ou=sales, dc=abc,dc=com here dc : domain component ou : organisational unit cn: common name (basically full name) sn : surname

dc=abc. vim abc.dc=com" password remember to remove the space before rootpw.dc=com" "cn=Manager.com domain in openldap few important directories /etc/openldap/ : contains openldap configurations files /var/lib/ldap/ : contains databases of data which is added to openldap via ldapadd/slapadd command ----now follow the steps below cd /etc/openldap/ cp slapd.d/ldap start add root domain for this we will create a file named abc. $$$$$$$$$$$$$$$$$$$$$ here Manager is our ldap administrator.ldif ( name and extension has no effect but it is standard to maintain ldif extension).uid : user id now let us implement this abc.bak vim slapd. enter attributes of root domain one per line as described below.ldif dn: dc=abc.dc=com dc: cms description: Root LDAP entry for cms objectClass: dcObject objectClass: organizationalUnit .conf database suffix rootdn rootpw bdb "dc=abc.conf slapd. now start ldap service /etc/init. adminstrator has the privilage to read/write/modify/delete any data.conf.

objectClass: domainRelatedObject ou: rootObject save and exit now create another 2 files for sales (sales.dc=abc.dc=com cn: x sn: x objectClass: top objectClass: person objectClass: posixAccount objectClass: inetOrgPerson mail: x@abc.dc=com dc: tech description: orgainsational unit of tech Department objectClass: dcObject objectClass: organizationalUnit objectClass: domainRelatedObject ou: rootObject save and exit now create another 2 files for user x and a vim x.dc=abc.dc=sales.ldif dn: cn=x.dc=abc.ldif) and tech (tech.ldif dn: dc=tech.com uid: x uidNumber: 1000 gidNumber: 1000 .dc=com dc: sales description: organisational unit of sales Department objectClass: dcObject objectClass: organizationalUnit objectClass: domainRelatedObject ou: rootObject save and exit vim tech.ldif) vim sales.ldif dn: dc=sales.

dc=abc.dc=abc.ldif it will ask for password.ldif it will ask for password. enter "password" as password. .ldif it will ask for password. add tech ou. ldapadd -x -W -D "cn=Manager.homeDirectory: /home/x userPassword: pass$123 save and exit vim a.dc=com" -f abc. c.ldif dn: cn=a. a. enter "password" as password.dc=abc. b. add root domain ldapadd -x -W -D "cn=Manager.dc=abc. ldapadd -x -W -D "cn=Manager. add user x. enter "password" as password. enter "password" as password.dc=abc.dc=com" -f x.dc=com" -f sales. add sales ou.ldif it will ask for password.dc=com cn: a sn: a objectClass: top objectClass: person objectClass: posixAccount objectClass: inetOrgPerson mail: a@abc.dc=tech. d.dc=com" -f tech.com uid: a uidNumber: 10001 gidNumber: 1000 homeDirectory: /home/a userPassword: pass$123 save and exit now we will add these data to ldap. ldapadd -x -W -D "cn=Manager.

enter "password" as password.ldif it will ask for password.dc=abc.dc=com" -f a. now our ldap is holding the domain abc.e. add user a. ldapadd -x -W -D "cn=Manager.dc=com" "(uid=*)" ldapsearch -x -b "dc=abc. now we can use this database to authenticate any service. let us search for data ldapsearch -x -b "dc=abc.dc=com" "(uid=x)" .com and it's objects.

Sign up to vote on this title
UsefulNot useful