OpenLDAP installation&configuration Guide
Install the OpenLDAP
# yum-y Install openldap.x86_64 openldap-clients.x86_64 openldap-devel.x86_64 openldap-servers.x86_64
Configure the OpenLDAPGenerate the OLCROOTPW:
# SLAPPASSWD
New password:qazwsx
Re-enter New PASSWORD:QAZWSX
{Ssha}nnrypymtry/spduilclaqop2u4/m5xzl
Modify the Olcdatabase={2}bdb.ldif
Modify the Olcdatabase={2}bdb.ldif file, and change the Olcrootdn and Olcsuffix entries. The following is the default entry.
# grep Olcrootdn/etc/openldap/slapd.d/cn=config/olcdatabase=\{2\}bdb.ldif
Olcrootdn:cn=manager,dc=my-domain,dc=com
# grep Olcsuffix/etc/openldap/slapd.d/cn\=config/olcdatabase\=\{2\}bdb.ldif
Olcsuffix:dc=my-domain,dc=com
Change the above line to your domain component. For example, Eddie.
Olcrootdn:cn=manager,dc=eddie,dc=com
Appending these-lines to the Olcdatabase\=\{2\}bdb.ldif file enables that the user can change their password, and SH Ould be authenticated.
Olcaccess: {0}to attrs=userpassword by self write by dn.base= ' cn=manager,dc=eddie,dc=com ' write by anonymous auth by * non E
Olcaccess: {1}to * by dn.base= ' cn=manager,dc=eddie,dc=com ' write by-self-write by * read
Modify the Olcdatabase={1}monitor.ldif
Modify The OLCDATABASE\=\{1\}MONITOR.LDIF, change the dn.base to your right one, for example, cn=manager,dc=eddie,dc=com
Verify the configuration files
Execute the command to verify the configuration:
[Email protected] ~]# Slaptest-u
559A89A8 ldif_read_file:checksum error on "/etc/openldap/slapd.d/cn=config/olcdatabase={1}monitor.ldif"
559A89A8 ldif_read_file:checksum error on "/etc/openldap/slapd.d/cn=config/olcdatabase={2}bdb.ldif"
Config file testing succeeded
Please ignore the checksum error.
Start the OpenLDAP service
Start the OpenLDAP automatically when the OS Starts[level 2,3,4,5].
# chkconfig SLAPD on
Start the OpenLDAP service now.
# service SLAPD Start
Configure the initial LDIF fileCreate an initial LDIF file:eddie.ldif
[email protected] ~]# cat Eddie.ldif
Dn:dc=eddie,dc=com
Objectclass:dcobject
Objectclass:organization
Dc:eddie
O:eddie
Import the initial LDIF file
Ldapadd-x-w-d "cn=manager,dc=eddie,dc=com"-F eddie.ldif
Enter LDAP Password:
Adding new entry "dc=eddie,dc=com"
Verify the base structure
# ldapsearch-x-w-d "cn=manager,dc=eddie,dc=com"-B "dc=eddie,dc=com" "(objectclass=*)"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=eddie,dc=com> with scope subtree
# Filter: (objectclass=*)
# Requesting:all
#
# eddie.com
Dn:dc=eddie,dc=com
Objectclass:dcobject
Objectclass:organization
Dc:eddie
O:eddie
......
Now you can use the other LDAP clients to manage it.
OpenLDAP installation&configuration Guide