LDAP

Required LDAP Server RPMS

openldap
openldap-clients
openldap-devel
nss_ldap
openldap-servers

Install these rpms using rpm command or yum command or gui package updater.

Create a database directory

#mkdir /var/lib/ldap/example.com
# chown ldap:ldap /var/lib/ldap/example.com

Create an LDAP "root" password

# slappasswd
New password:
Re-enter new password:
{SSHA}v4qLq/qy01w9my60LLX9BvfNUrRhOjQZ
#

Create a Test Account Named ldapuser

# useradd -g users ldapuser
# passwd ldapuser
Changing password for user ldapuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
#

Edit the slapd.conf file

The LDAP server's daemon is named slapd and its configuration file is named /etc/openldap/slapd.conf. Update it with:

• A database of the default type bdb using the domain suffix example.com made up of domain components (DCs) example and com.
• The root user with a common name (CN), or nickname, of Manager who, as expected, is part of the example and com DCs.
• The encrypted version of the LDAP root password as well as the location of the LDAP database.

The configuration file syntax to do this is:

database        bdb
suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
rootpw          {SSHA}v4qLq/qy01w9my60LLX9BvfNUrRhOjQZ
directory       /var/lib/ldap/example.com

Create Your LDAP Database

This process involves migrating your system’s authentication files to the LDAP database you will need to create. Here’s what you need to do:

1. Update your file location database with the updated command. . This will make it easier to find the files you need.

[root@bigboy tmp]# updatedb
Locate your migrate_common.ph file. Here we can see it is located in the  /usr/share/openldap/migration/ directory.

[root@bigboy tmp]# locate migrate_common.ph
/usr/share/openldap/migration/migrate_common.ph
[root@bigboy tmp]#
Edit the file and replace all instances of the string “padl” with
the string “example”. Padl is the website used by some of the LDAP
development team. We need our domain to be “example” instead so it
matches our /etc/openldap/slpd.conf file. The migrate_common.ph file
will be used later by the migration script.

[root@bigboy tmp]#  vi /usr/share/openldap/migration/migrate_common.ph

For example, at the vi editor’s : prompt, use the command:

%s/padl/example/g

4. Copy the DB_CONFIG.example starter file to your ldap database directory of /var/lib/ldap/example.com.

[root@bigboy tmp]# cp /etc/openldap/DB_CONFIG.example \ /var/lib/ldap/example.com/DB_CONFIG

5. Migrate your system authentication files using the migrate_all_offline.sh script that should reside in the same directory as the migrate_common.ph file.

[root@bigboy tmp]# /usr/share/openldap/migration/migrate_all_offline.sh Creating naming context entries... Migrating groups... Migrating hosts... ... ... ... Preparing LDAP database... => bdb_tool_entry_put: id2entry_add failed: DB_KEYEXIST: Key/data pair already exists (-30996) => bdb_tool_entry_put: txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996) slapadd: could not add entry dn="cn=raid-am,ou=Services,dc=example,dc=com" (line=16432): txn_aborted! DB_KEYEXIST: Key/data pair already exists (-30996) Migration failed: saving failed LDIF to /tmp/nis.ldif.E14499 [root@bigboy tmp]#

You may get a key pair error for the raid-am service, but it doesn’t appear to affect functionality.

6. LDAP won’t start unless the files in the database directory are owned by the ldap user. Use the chown command to do this.

[root@bigboy tmp]# chown -R ldap:ldap /var/lib/ldap/example.com

7. Start LDAP and make sure it starts on reboot.

[root@bigboy tmp]# service ldap start Starting slapd: [ OK ] [root@bigboy tmp]# chkconfig ldap on

source:http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS