Step by Step OpenLDAP Server Configuration on CentOS 7 / RHEL 7

ADVERTISEMENT

Create LDAP user:

Instead of creating a new user, you can migrate the local users to LDAP.

Let’s create an LDIF file for a new user called raj.

vi raj.ldif

Paste the below lines to above LDIF file.

ADVERTISEMENT
Article will continue after the ad
dn: uid=raj,ou=People,dc=itzgeek,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: raj
uid: raj
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/raj
loginShell: /bin/bash
gecos: Raj [Admin (at) ITzGeek]
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7

Use the ldapadd command with the above file to create a new user called “raj” in OpenLDAP directory.

ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f raj.ldif

Enter LDAP Password: 
adding new entry "uid=raj,ou=People,dc=itzgeek,dc=local"

Assign a password to the user.

ldappasswd -s password123 -W -D "cn=ldapadm,dc=itzgeek,dc=local" -x "uid=raj,ou=People,dc=itzgeek,dc=local"

Where,

-s specify the password for the username

-x username for which the password is changed

-D Distinguished name to authenticate to the LDAP server.

Verify LDAP entries.

ldapsearch -x cn=raj -b dc=itzgeek,dc=local

Output:

# extended LDIF
#
# LDAPv3
# base <dc=itzgeek,dc=local> with scope subtree
# filter: cn=raj
# requesting: ALL
#

# raj, People, itzgeek.local
dn: uid=raj,ou=People,dc=itzgeek,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: raj
uid: raj
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/raj
loginShell: /bin/bash
gecos: Raj [Admin (at) ITzGeek]
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
userPassword:: e1NTSEF9MkE2eUhIS0pJQVRnMHBCdkpVWjR5Q3JvTkJLTzdBTWY=

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

To delete an entry from LDAP (Optional).

ldapdelete -W -D "cn=ldapadm,dc=itzgeek,dc=local" "uid=raj,ou=People,dc=itzgeek,dc=local"

Firewall:

Add the LDAP service to the firewall (tcp 389).

firewall-cmd --permanent --add-service=ldap
firewall-cmd --reload

Enable LDAP logging:

Configure Rsyslog to log a LDAP events to log file /var/log/ldap.log.

vi /etc/rsyslog.conf

Add below line to /etc/rsyslog.conf file.

local4.* /var/log/ldap.log

Restart the rsyslog service.

systemctl restart rsyslog

LDAP client configuration to use LDAP Server:

Install the necessary LDAP client packages on the client machine.

# yum install -y openldap-clients nss-pam-ldapd

Execute the below command to add the client machine to LDAP server for single sign on. Replace “192.168.12.10” with your LDAP server’s IP address or hostname.

# authconfig --enableldap --enableldapauth --ldapserver=192.168.12.10 --ldapbasedn="dc=itzgeek,dc=local" --enablemkhomedir --update

Restart the LDAP client service.

# systemctl restart  nslcd

Verify LDAP Login:

Use getent command to get the LDAP entries from the LDAP server.

# getent passwd raj

raj:x:9999:100:Raj [Admin (at) ITzGeek]:/home/raj:/bin/bash

Screenshot:

OpenLDAP Server Configuration on CentOS 7 - Verify LDAP Login
OpenLDAP Server Configuration on CentOS 7 – Verify LDAP Login

To verify the LDAP, log in using the LDAP user “raj” on the client machine.

OpenLDAP Server Configuration on CentOS 7 - LDAP User Login
OpenLDAP Server Configuration on CentOS 7 – LDAP User Login

That’s All.

ADVERTISEMENT

POSTS YOU MAY LIKE -:)

Share This Post

Shares