Install and configure OpenLDAP in RHEL7
Install and configure OpenLDAP in RHEL7
I. LDAP terminology
Entry: a separate unit, which is differentiated by DN (distinguish name ).
Attribute: the attribute of the entry. For example, if the entry is an organizational unit, its attributes include address, phone number, and fax number. The attributes are optional and mandatory, the required attributes are defined by objectclass. These attributes can be found in/etc/openldap/slapd. d/cn = config/cn = schema/directory
LDIF: LDAP interchange format is used to represent the LDAP entry text format. The format is as follows:
[Id] dn: distinguished_nameattribute_type: attribute_value... Attribute_type: attribute_value...
Ii. Install OpenLDAPsuite
OpenLDAP-related installation packages:
PackageDescription
OpenldapA
Openldap-clients
Openldap-servers
Compat-openldap
To allow users to query the LDAP Service locally, install the following additional packages:
Nss-pam-ldapd
Install the OpenLDAP package:
[Root @ bkjia ~] # Yum install openldap \ *-y
Iii. OpenLDAP server management tools:
CommandDescription
Slapacl Allows you to check the access to a list of attributes.
Slapadd Allows you to add entries from an LDIF file to an LDAP directory.
Slapauth Allows you to check a list of IDs for authentication and authorization permissions.
Slapcat Allows you to pull entries from an LDAP directory in the default format and save them in an LDIF file.
Slapdn Allows you to check a list of Distinguished Names (DNs) based on available schema syntax.
Slapindex Allows you to re-index the slapd directory based on the current content. Run this utility whenever you change indexing options in the configuration file.
Slappasswd Allows you to create an encrypted user password to be used with the ldapmodify utility, or in the slapd configuration file.
Slapschema Allows you to check the compliance of a database with the corresponding schema.
Slaptest Allows you to check the LDAP server configuration.
Before using slapadd, modify the owner Group of the following files:
[Root @ bkjia ~] # Chown-R ldap. ldap/var/lib/ldap/
Before using slapdd, stop the sladp service:
Systemctl stop slapd. service
4. OpenLDAP client management tools:
The following tools are installed in the OpenLDAP client installation package to add, modify, and delete entries in the ldap directory.
Command Description
Ldapadd ---- Allows you to add entries to an LDAP directory, either from a file, or from standard input. It is a symbolic link to ldapmodify-.
Ldapcompare ----Allows you to compare given attribute with an LDAP directory entry.
Ldapdelete ------ Allows you to delete entries from an LDAP directory.
Ldapexop ------- Allows you to perform extended LDAP operations.
Ldapmodify ------- Allows you to modify entries in an LDAP directory, either from a file, or from standard input.
Ldapmodrdn ------- Allows you to modify the RDN value of an LDAP directory entry.
Ldappasswd -------- Allows you to set or change the password for an LDAP user.
Ldapsearch -------- Allows you to search LDAP directory entries.
Ldapurl ----------- Allows you to compose or decompose LDAP URLs.
Ldapwhoami ------ Allows you to perform a whoami operation on an LDAP server.
5. Configure the Open LDAP Server
The configuration file of Open LDAP is stored in the/etc/openldap directory by default,
Path Description
/Etc/openldap/ldap. conf The configuration file for client applications that use the OpenLDAP libraries. This includes des ldapadd, ldapsearch, Evolution, etc.
/Etc/openldap/slapd. d/The directory containing the slapd configuration.
Modify global variable Configuration:
The global variable configuration file is stored in/etc/openldap/slapd. d/cn = config. ldif to modify the database configuration.
OpenLDAP uses BDB as the background database by default. The database configuration file is stored in the/etc/openldap/slapd. d/cn = config directory.
Liferay Portal configuration uses Oracle and OpenLDAP
Axigen + OpenLDAP + BerkeleyDB + ejabberd multi-domain + WeChat chat detailed configuration
Deploy OpenLDAP authentication in CentOS
Install OpenLDAP server in CentOS Linux
OpenLDAP details: click here
OpenLDAP: click here
This article permanently updates the link address: