How to Build OpenLDAP server with fedora 20 and centos 6.5

Source: Internet
Author: User
Tags ldap ldapsearch openldap

Objective: To use LDAP as the data directory of the System user and manage LDAP data based on the Web.

  1. Install

    To use yum for installation, you must install Apache, PHP, and LDAP software packages to manage the LDAP server in Web mode. To verify the user through LDAP, be sure to install nss-Pam-ldapd and pam_ldap. Web management uses LDAP-account-manager or phpldapadmin. Lam and phpldapadmin can be directly installed using RPM packages. Centos 6.5 uses OpenLDAP 2.4.23 and Fedora uses OpenLDAP 2.4.39. The migrationtools tool is used to convert the System user file to ldif.

  2. Configuration

    Centos 1, 6.5



    1. use/usr/share/openldap-servers/slapd. conf. convert obsolete to/etc/OpenLDAP/slapd. d. To restore the file, you must first create slapd. d File Upload. Otherwise, an error will be reported. After the conversion is complete, you need to change the slapd. d. File owner: chown-r LDAP: ldap/etc/OpenLDAP/slapd. d.

    2. run Server Load balancer after confirming that the configuration is correct. database files are generated in the/var/lib/ldap file volumes, copy/usr/share/openldap-servers/db_config.example to/var/lib/ldap/db_config. After completion, change the owner: chown-r LDAP: ldap/var/lib/ldap. Then you can start the service: Service slapd start.

    Fedora 20

    /Usr/share/openldap-servers/slapd. convert ldif to/etc/OpenLDAP/slapd. d. Run the command ldapadd-F/etc/OpenLDAP/slapd. d-N 0-F/usr/share/openldap-servers/slapd. ldif. Fedora 20, edit slapd before conversion. the ldif file configuration service cannot be changed manually after conversion. d. Use the ldapmodify command to edit the files under the hosts file. Otherwise, an error will be reported and the service will not start. centos 6.5 can directly edit slapd. d file. Note: In ora, Schema should be written to slapd. ldif in advance. By default, only one core. ldif schema is included. If you do not add the schema yourself, a syntax error will be prompted when you use the ldapadd command later. When you see a syntax error when adding data later, you should check whether the schema contains the corresponding data type. Then, it is the same as step 2 of centos.

  3. Create the System user ldif file and go to the/usr/share/migrationtools file catalog. Run the script named base, group, and passwd to generate the ldif file. Edit the ldif file generated by group and passwd, and only keep the user data you have added. Then run the ldapadd command to add it to the LDAP server: ldapadd-X-d "cn = manager, Dc = home, Dc = com"-H 127.0.0.1-P 389-w-F base. ldif. You can use ldapsearch to query ldapsearch-X-B Dc = home, Dc = com-H LDAP :///

  4. After the data is created, enable the user to log on to the system by verifying the user data stored in LDAP. First, delete the same user data in the system and the LDAP server, including/etc/passwd-,/etc/shadow-, and/etc/group. Modify forcelegacy = No in/etc/sysconfig/authconfig to: forcelegacy = Yes (no sssd service is used) and run the following command: authconfig -- enableldap -- enableldapauth -- enablemkhomedir -- ldapserver = xj.home.com -- ldapbasedn = "DC = home, Dc = com" -- Update to enable user data in LDAP. (When Using sssd, TLS encryption may not cause errors, but the user cannot log on without TLS encryption, and the incorrect password is incorrect ,). Edit the/etc/nsswich. conf file, and change the number of files

    Passwd: Files LDAP

    Shadow: Files LDAP

    GROUP: Files LDAP

  5. After the preceding steps are completed, no error is prompted when you log on to LDAP.

  6. When using the Web to manage LDAP, enable the SELinux Boolean value under fedora, setsebool-P httpd_can_connect_ldap 1. Otherwise, SELinux will prompt an error and the web page will prompt that the LDAP service cannot be accessed. We recommend that you use lam for simple configuration.


This article is from the "zookeeper" blog, please be sure to keep this source http://xjhome.blog.51cto.com/221500/1433984

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.