Setup LDAP base DN:
Generate base.ldif file for your domain.
$ vi base.ldif dn: ou=People,dc=itzgeek,dc=local objectClass: organizationalUnit ou: People dn: ou=Group,dc=itzgeek,dc=local objectClass: organizationalUnit ou: Group
Build the directory structure.
$ ldapadd -x -W -D "cn=admin,dc=itzgeek,dc=local" -f base.ldif
Output:
Enter LDAP Password: adding new entry "ou=People,dc=itzgeek,dc=local" adding new entry "ou=Group,dc=itzgeek,dc=local"
Add LDAP Accounts:
Let’s create an LDIF (LDAP Data Interchange Format) file for a new user “ldapuser”.
$ vi ldapuser.ldif
Paste the below lines into above LDIF file.
dn: uid=ldapuser,ou=People,dc=itzgeek,dc=local objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount cn: ldapuser uid: ldapuser uidNumber: 9999 gidNumber: 100 homeDirectory: /home/ldapuser loginShell: /bin/bash gecos: Test LdapUser userPassword: {crypt}x shadowLastChange: 17058 shadowMin: 0 shadowMax: 99999 shadowWarning: 7
Use the ldapadd command to create a new user “ldapuser” in OpenLDAP directory.
$ ldapadd -x -W -D "cn=admin,dc=itzgeek,dc=local" -f ldapuser.ldif Enter LDAP Password: adding new entry "uid=ldapuser,ou=People,dc=itzgeek,dc=local"
Assign a password to the user.
$ ldappasswd -s password123 -W -D "cn=admin,dc=itzgeek,dc=local" -x "uid=ldapuser,ou=People,dc=itzgeek,dc=local"
Where,
-s specify the password for the username
-x username for which the password is changed
-D Distinguished name to authenticate to the LDAP server.
Verify LDAP entries.
ldapsearch -x cn=ldapuser -b dc=itzgeek,dc=local
Output:
# extended LDIF # # LDAPv3 # base <dc=itzgeek,dc=local> with scope subtree # filter: cn=ldapuser # requesting: ALL # # ldapuser, People, itzgeek.local dn: uid=ldapuser,ou=People,dc=itzgeek,dc=local objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount cn: ldapuser uid: ldapuser uidNumber: 9999 gidNumber: 100 homeDirectory: /home/ldapuser loginShell: /bin/bash gecos: Test LdapUser shadowLastChange: 17058 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
To delete an entry from LDAP (Optional).
$ ldapdelete -W -D "cn=admin,dc=itzgeek,dc=local" "uid=ldapuser,ou=People,dc=itzgeek,dc=local"