Something that you may come up with in the exam and that I’ve been avoiding is the LDAP topic. In this post we’ll look at server and client configuration for LDAP.
For this scenario, the hostname of my LDAP server is centos.example.com. The domain is example.com and the entry is inside /etc/hosts
I used CertDepot as inspiration..the LDAP syntax and topic really keeps me away from approaching it.
openldap is the open source implementation of LDAP
openldap-clients contains LDAP client utilities
openldap-servers is the server package
The MigrationTools are a set of Perl scripts for migrating users, groups, aliases, hosts, netgroups, networks, protocols, RPCs, and services from existing nameservices (flat files, NIS, and NetInfo) to LDAP.
Create LDAP password from a key, (the string secret below):
1
slappasswd -s secret -n > /etc/openldap/passwd
Inside the file take note of the generated password: {SSHA}T4srVIBK+rJ9DXlVG7dvZnnAQhAZuO07
Generate an X509 certificate valid for 1 year (note the paths of the certificate and private key):
Check the slapd configuration (below errors are safe):
1234
slaptest
5a8038c4 hdb_db_open: database "dc=my-domain,dc=com": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
5a8038c4 backend_startup_one (type=hdb, suffix="dc=my-domain,dc=com"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)
Create the file /etc/openldap/base.ldif with the following content:
1234567891011121314
dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
Create the directory structure:
123456
ldapadd -x -w secret -D cn=Manager,dc=example,dc=com -f /etc/openldap/base.ldif
adding new entry "dc=example,dc=com"
adding new entry "ou=People,dc=example,dc=com"
adding new entry "ou=Group,dc=example,dc=com"
This command uses simple authentication and reads the previously created file.
Now it’s time to create a sample user account and see if things are working:
123
mkdir /home/ldap
useradd -d /home/ldap/sam sam
passwd sam
Some additional steps are needed for user account migration:
1
cd /usr/share/migrationtools
Edit migrate_common.ph to have your domain values:
12345
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "example.com";
# Default base
$DEFAULT_BASE = "dc=example,dc=com";