openLDAP server installation and configuration step by step – RHEL7

ARK

My Name is ARK. Expert in grasping any new technology, Interested in Sharing the knowledge. Learn more & Earn More

17 Responses

  1. deepak says:

    Hai ankit,

    Can you please share ldap server with phpldapadmin(GUI).i am looking for it.

  2. XU ZHI says:

    Hi Ravi,

    Thanks for sharing this one, I use the exact same configuration as yours except the password. But when I follow your post, I get a error when adding the ldap base.

    [root@CentOS7-Server ~]# ldapadd -x -W -D “cn=Manager,dc=arkit,dc=co.in” -f /root/base.ldif
    Enter LDAP Password:
    ldapadd: attributeDescription “dn”: (possible missing newline after line 9, entry “dc=arkit,dc=co.in”?)
    ldapadd: attributeDescription “dn”: (possible missing newline after line 10, entry “dc=arkit,dc=co.in”?)
    ldapadd: attributeDescription “dn”: (possible missing newline after line 11, entry “dc=arkit,dc=co.in”?)
    adding new entry “dc=arkit,dc=co.in”
    ldap_add: Type or value exists (20)
    additional info: objectClass: value #4 provided more than once

  3. hi thanks for share this one ,
    i need to know how to update new ldap user entry

  4. blank rakesh jain says:

    i have followed it line by line on RHEl 7.

    Its throwing an error –

    [root@classroom cn=config]# ldapadd -x -W -D “cn=Manager,dc=example,dc=com” -f /root/users.ldif
    Enter LDAP Password:
    adding new entry “uid=ldapuser1,ou=People,dc=example,dc=com”
    ldap_add: Invalid syntax (21)
    additional info: objectClass: value #3 invalid per syntax

  5. blank rakesh jain says:

    have added these schemas as well –

    [root@classroom Downloads]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry “cn=cosine,cn=schema,cn=config”

    [root@classroom Downloads]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry “cn=inetorgperson,cn=schema,cn=config”

  6. blank rakesh jain says:

    users.ldif file –

    [root@classroom cn=config]# cat /root/users.ldif
    dn: uid=ldapuser1,ou=People,dc=example,dc=com
    uid: ldapuser1
    cn: ldapuser1
    sn: ldapuser1
    mail: ldapuser1@example.com
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    objectClass: posixAccount
    objectClass: top
    objectClass: shadowAccount
    userPassword: {crypt}$6$zFN1p/46$k3ltZs9w.RZ2nsofnI/JrV2HGrHMDR.aNgztLhYmlXrGuK.a2hBQZ4bFY/c9wthzrO2nm1h.X1LYj4IsOXY8U.
    shadowLastChange: 17080
    shadowMin: 0
    shadowMax: 99999
    shadowWarning: 7
    loginShell: /bin/bash
    uidNumber: 1001
    gidNumber: 1001
    homeDirectory: /home/ldapuser1

  7. blank rakesh jain says:

    Resolved it .. Plz modify your tutorial and mention that we need to add all the 3 schemas –

    [root@classroom Downloads]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
    [root@classroom Downloads]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
    [root@classroom Downloads]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

    Thanks!!

  8. blank Govind says:

    Hi Ravi , these steps also works on centos 7

  9. blank govind says:

    on client no output for the command getent passwd ldapuser1, I followed the same steps as mentioned in the document

  10. blank govind says:

    Thanks for your post. LDAP server configuration done. How to add new users on ldap server to existing server. I have little bit problem in adding. let me know if any step by step procedure

  11. blank Sahil says:

    Hi ARK,

    Can you please help me to migrate LDAP servers(All LDAP users) from SUSE11 to RHEL7 ?

  12. blank Dhirendra says:

    I am unable to start slapd service at first –

    My configurations –
    —————————————

    [root@ldapserver ~]# lsb_release -a
    LSB Version: :core-4.1-amd64:core-4.1-noarch
    Distributor ID: CentOS
    Description: CentOS Linux release 7.8.2003 (Core)
    Release: 7.8.2003
    Codename: Core

    [root@ldapserver ~]# nslookup example.com
    Server: 192.168.1.251
    Address: 192.168.1.251#53

    Name: example.com
    Address: 192.168.1.251

    [root@ldapserver ~]# rpm -qa | grep -E “^openldap|migrationtools”
    openldap-devel-2.4.44-21.el7_6.x86_64
    openldap-2.4.44-21.el7_6.x86_64
    openldap-servers-sql-2.4.44-21.el7_6.x86_64
    openldap-servers-2.4.44-21.el7_6.x86_64
    migrationtools-47-15.el7.noarch
    openldap-clients-2.4.44-21.el7_6.x86_64

    [root@ldapserver ~]# iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    [root@ldapserver ~]#

    [root@ldapserver ~]# firewall-cmd –state
    not running

    [root@ldapserver cn=config]# sestatus
    SELinux status: disabled

    [root@ldapserver cn=config]# grep -E “olcSuffix|olcRootDN|olcRootPW|olcTLSCertificateFile|olcTLSCertificateKeyFile” olcDatabase={2}hdb.ldif
    olcSuffix: dc=example,dc=com
    olcRootDN: cn=Manager,dc=example,dc=com
    olcRootPW: {SSHA}d0LFWM0k2cwGigcl70whja3D98UTR7WO
    olcTLSCertificateFile: /etc/pki/tls/certs/exampleldap.pem
    olcTLSCertificateKeyFile: /etc/pki/tls/certs/examplekey.pem

    [root@ldapserver cn=config]# grep Manager olcDatabase\=\{1\}monitor.ldif
    al,cn=auth” read by dn.base=”cn=Manager,dc=example,dc=com” read by * none

    [root@ldapserver cn=config]# slaptest -u
    5eadbde1 ldif_read_file: checksum error on “/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif”
    5eadbde1 ldif_read_file: checksum error on “/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif”
    config file testing succeeded

    [root@ldapserver cn=config]# systemctl start slapd.service
    Job for slapd.service failed because the control process exited with error code. See “systemctl status slapd.service” and “journalctl -xe” for details.

    [root@ldapserver cn=config]# journalctl -xe
    May 03 00:02:58 ldapserver.example.com slapd[2401]: ldif_read_file: checksum error on “/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif”
    May 03 00:02:58 ldapserver.example.com slapd[2401]: ldif_read_file: checksum error on “/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif”
    May 03 00:02:58 ldapserver.example.com slapd[2401]: main: TLS init def ctx failed: -1
    May 03 00:02:58 ldapserver.example.com slapd[2401]: DIGEST-MD5 common mech free
    May 03 00:02:58 ldapserver.example.com slapd[2401]: slapd stopped.
    May 03 00:02:58 ldapserver.example.com slapd[2401]: connections_destroy: nothing to destroy.
    May 03 00:02:58 ldapserver.example.com polkitd[697]: Unregistered Authentication Agent for unix-process:2379:75813 (system bus name :1.71, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected fro
    May 03 00:02:58 ldapserver.example.com systemd[1]: slapd.service: control process exited, code=exited status=1
    May 03 00:02:58 ldapserver.example.com systemd[1]: Failed to start OpenLDAP Server Daemon.
    — Subject: Unit slapd.service has failed
    — Defined-By: systemd
    — Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

    — Unit slapd.service has failed.

    — The result is failed.
    May 03 00:02:58 ldapserver.example.com systemd[1]: Unit slapd.service entered failed state.
    May 03 00:02:58 ldapserver.example.com systemd[1]: slapd.service failed.
    May 03 00:05:58 ldapserver.example.com systemd[1]: Starting Cleanup of Temporary Directories…
    — Subject: Unit systemd-tmpfiles-clean.service has begun start-up
    — Defined-By: systemd
    — Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

    — Unit systemd-tmpfiles-clean.service has begun starting up.
    May 03 00:05:58 ldapserver.example.com systemd[1]: Started Cleanup of Temporary Directories.
    — Subject: Unit systemd-tmpfiles-clean.service has finished start-up
    — Defined-By: systemd
    — Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

    — Unit systemd-tmpfiles-clean.service has finished starting up.

    — The start-up result is done.
    May 03 00:07:41 ldapserver.example.com polkitd[697]: Registered Authentication Agent for unix-process:2470:104164 (system bus name :1.72 [/usr/bin/pkttyagent –notify-fd 5 –fallback], object path /org/freedesktop/PolicyKit1/Authenticati
    May 03 00:07:41 ldapserver.example.com systemd[1]: Starting OpenLDAP Server Daemon…
    — Subject: Unit slapd.service has begun start-up
    — Defined-By: systemd
    — Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

    — Unit slapd.service has begun starting up.
    May 03 00:07:41 ldapserver.example.com runuser[2481]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
    May 03 00:07:41 ldapserver.example.com runuser[2481]: pam_unix(runuser:session): session closed for user ldap
    May 03 00:07:41 ldapserver.example.com slapcat[2485]: DIGEST-MD5 common mech free
    May 03 00:07:41 ldapserver.example.com slapd[2492]: @(#) $OpenLDAP: slapd 2.4.44 (Jan 29 2019 17:42:45) $
    mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
    May 03 00:07:41 ldapserver.example.com slapd[2492]: ldif_read_file: checksum error on “/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif”
    May 03 00:07:41 ldapserver.example.com slapd[2492]: ldif_read_file: checksum error on “/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif”
    May 03 00:07:41 ldapserver.example.com slapd[2492]: main: TLS init def ctx failed: -1
    May 03 00:07:41 ldapserver.example.com slapd[2492]: DIGEST-MD5 common mech free
    May 03 00:07:41 ldapserver.example.com slapd[2492]: slapd stopped.
    May 03 00:07:41 ldapserver.example.com slapd[2492]: connections_destroy: nothing to destroy.
    May 03 00:07:41 ldapserver.example.com polkitd[697]: Unregistered Authentication Agent for unix-process:2470:104164 (system bus name :1.72, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected fr
    May 03 00:07:41 ldapserver.example.com systemd[1]: slapd.service: control process exited, code=exited status=1
    May 03 00:07:41 ldapserver.example.com systemd[1]: Failed to start OpenLDAP Server Daemon.
    — Subject: Unit slapd.service has failed
    — Defined-By: systemd
    — Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

    — Unit slapd.service has failed.

    — The result is failed.
    May 03 00:07:41 ldapserver.example.com systemd[1]: Unit slapd.service entered failed state.
    May 03 00:07:41 ldapserver.example.com systemd[1]: slapd.service failed.
    [root@ldapserver cn=config]#

    I tried removing below RPMS also but no luck-
    openldap-devel-2.4.44-21.el7_6.x86_64
    openldap-servers-sql-2.4.44-21.el7_6.x86_64

Leave a Reply

Your email address will not be published. Required fields are marked *