In this HowTo we will build a simple LDAP tree ,
the scope of this how to is only seeting up LDAP server .
the system used in this how to is CentOS 5.5 i386
1. require packages :
openldap-servers
2. building LDAP tree :
edit file /etc/openldap/slapd.conf
and put your domain and suffix , as well as the ldap root password
you can use use slappasswd for encryping the password for encrypting the password
suffix "dc=CentOS"
rootdn "cn=root,dc=CentOS"
rootpw {SSHA}BbW/c1wp2uyM+mHR7EN+mVHkfHxBRXmg
* you can test the LDAP server configuration using
slaptest -u
3. create the database config file :
the easy way to do that is to copy the example
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
now we can start building the tree
~]# service ldap start Checking configuration files for slapd: config file testing succeeded [ OK ] Starting slapd: [ OK ]
4. creating the base tree :
this tree will include the domain (suffix) users and groups
create an ldif base file ( you can use /usr/share/openldap/migration/migrate_base.pl for that )
a simple base would look something like this ( lets call it base.ldif )
dn: dc=CentOS dc: CentOS objectClass: top objectClass: domain dn: ou=People,dc=CentOS ou: People objectClass: top objectClass: organizationalUnit dn: ou=Group,dc=CentOS ou: Group objectClass: top objectClass: organizationalUnit
now add it to the LDAP tree via ldapadd
~]# ldapadd -x -W -D "cn=root,dc=CentOS" -f base.ldif Enter LDAP Password: adding new entry "dc=CentOS" adding new entry "ou=People,dc=CentOS" adding new entry "ou=Group,dc=CentOS"
once its finished we can start adding users and groups :
lets add two groups to our LDAP , by creating groups.ldif file
dn: cn=group1,ou=Group,dc=CentOS
objectClass: posixGroup
objectClass: top
cn: group1
userPassword: {crypt}x
gidNumber: 5000
dn: cn=group2,ou=Group,dc=CentOS
objectClass: posixGroup
objectClass: top
cn: group2
userPassword: {crypt}x
gidNumber: 5001
now add this groups under the LDAP tree
~]# ldapadd -x -W -D "cn=root,dc=CentOS" -f groups.ldif Enter LDAP Password: adding new entry "cn=group1,ou=Group,dc=CentOS" adding new entry "cn=group2,ou=Group,dc=CentOS"
now lets add two users :
again create a users.ldif file ,
the password can be created via slappasswd
dn: uid=user1,ou=People,dc=CentOS
uid: user1
cn: My name is user1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {SSHA}cEcqMNFk1Jd1N1L7U1JdybZdsb+5qG2T
shadowLastChange: 14791
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 6001
gidNumber: 6001
homeDirectory: /home/user1
gecos: My name is user1
dn: uid=user2,ou=People,dc=CentOS
uid: user2
cn: My name is user2
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {SSHA}cEcqMNFk1Jd1N1L7U1JdybZdsb+5qG2T
shadowLastChange: 14791
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 6002
gidNumber: 6002
homeDirectory: /home/user2
gecos: My name is user2
you may wonder why there are so many entries we need to fill ,
well thats because each attribute we add to the LDAP , we will need to fill
all require entries .
lets add this users :
~]# ldapadd -x -W -D "cn=root,dc=CentOS" -f users.ldif Enter LDAP Password: adding new entry "uid=user1,ou=People,dc=CentOS" adding new entry "uid=user2,ou=People,dc=CentOS"
and that’s about it , in order to manage LDAP in a more friendly manner
you can use one of many ldap managment tools like phpldapadmin etc.