Centos/Redhat

Step by Step OpenLDAP Server Configuration on CentOS 7 / RHEL 7

By Raj
27

Create LDAP user

Instead of creating a new user, you can migrate the local users to LDAP. Let’s create an LDIF file for a new user called raj.
vi raj.ldif

Paste the below lines to above LDIF file.

dn: uid=raj,ou=People,dc=itzgeek,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: raj
uid: raj
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/raj
loginShell: /bin/bash
gecos: Raj [Admin (at) ITzGeek]
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7

Use the ldapadd command with the above file to create a new user called “raj” in OpenLDAP directory.

ldapadd -x -W -D "cn=ldapadm,dc=itzgeek,dc=local" -f raj.ldif

Output: – Enter ldapadm password.

Enter LDAP Password: 
adding new entry "uid=raj,ou=People,dc=itzgeek,dc=local"

Assign a password to the user.

ldappasswd -s password123 -W -D "cn=ldapadm,dc=itzgeek,dc=local" -x "uid=raj,ou=People,dc=itzgeek,dc=local"

Where,

-s specify the password for the username

-x username for which the password is changed

-D Distinguished name to authenticate to the LDAP server.

Verify LDAP entries.

ldapsearch -x cn=raj -b dc=itzgeek,dc=local

Output:

# extended LDIF
#
# LDAPv3
# base <dc=itzgeek,dc=local> with scope subtree
# filter: cn=raj
# requesting: ALL
#
# raj, People, itzgeek.local
dn: uid=raj,ou=People,dc=itzgeek,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: raj
uid: raj
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/raj
loginShell: /bin/bash
gecos: Raj [Admin (at) ITzGeek]
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
userPassword:: e1NTSEF9MkE2eUhIS0pJQVRnMHBCdkpVWjR5Q3JvTkJLTzdBTWY=
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1

To delete an entry from LDAP (Optional).

ldapdelete -W -D "cn=ldapadm,dc=itzgeek,dc=local" "uid=raj,ou=People,dc=itzgeek,dc=local"

Firewall

Add the LDAP service to the firewall (TCP 389).

firewall-cmd --permanent --add-service=ldap
firewall-cmd --reload

Enable LDAP logging

Configure Rsyslog to log LDAP events to log file /var/log/ldap.log.

vi /etc/rsyslog.conf

Add below line to /etc/rsyslog.conf file.

local4.* /var/log/ldap.log

Restart the rsyslog service.

systemctl restart rsyslog

LDAP client configuration to use LDAP Server

Install the necessary LDAP client packages on the client machine.

yum install -y openldap-clients nss-pam-ldapd

Execute the below command to add the client machine to LDAP server for single sign-on. Replace “192.168.1.10” with your LDAP server’s IP address or hostname.

authconfig --enableldap --enableldapauth --ldapserver=192.168.1.10 --ldapbasedn="dc=itzgeek,dc=local" --enablemkhomedir --update

Restart the LDAP client service.

systemctl restart  nslcd

Verify LDAP Login

Use the getent command to get the LDAP entries from the LDAP server.

getent passwd raj

Output:

raj:x:9999:100:Raj [Admin (at) ITzGeek]:/home/raj:/bin/bash

Screenshot:

OpenLDAP Server Configuration on CentOS 7 - Verify LDAP Login
OpenLDAP Server Configuration on CentOS 7 – Verify LDAP Login

To verify the LDAP, log in using the LDAP user “raj” on the client machine.

OpenLDAP Server Configuration on CentOS 7 - LDAP User login on Client machine
OpenLDAP Server Configuration on CentOS 7 – LDAP User login on the Client machine

That’s All.

You might also like

How to Install Oracle Java JDK 18 on Linux

How to Install Oracle Java JDK 17 on Linux

How to Upgrade CentOS 7 to Rocky Linux 8

How To Install PHP 8.0 on CentOS 7 / RHEL 7

How To Install NTP (Chrony) On CentOS 8 / CentOS 7 & RHEL 8 / RHEL 7

How To Install Gradle on CentOS 8 / 7 & RHEL 8 / 7