![Configuring OpenLDAP Server and Client in RHEL 7 How to Configure OpenLDAP Authentication on Linux](https://ytimg.googleusercontent.com/vi/Yx3gtZS84j4/hqdefault.jpg)
dapserver.nehraclasses.com 192.168.1.170
ldapclient.nehraclasses.com 192.168.1.180
Server configuration:
1. Install the required LDAP packages.
[root@ldapserver ]# yum -y install openldap* migrationtools
2. Create an LDAP root password for administrative purposes
[root@ldapserver ]# slappasswd
New Password:
Re-enter the new password:
3. Modify the OpenLDAP server configuration
[root@ldapserver ]# vim /etc/openldap/slapd.d/cnconfig/olcDatabase{2}hdb.ldif
4. Provide Monitor privileges.
[root@ldapserver cnconfig]# vim /etc/openldap/slapd.d/cnconfig/olcDatabase{1}monitor.ldif
[root@ldapserver cnconfig]# slaptest -u
configuration file test passed
5. Enable and start the SLAPD service.
[root@ldapserver cnconfig]# systemctl starts slapd
[root@ldapserver cnconfig]# systemctl enable slapd
[root@ldapserver cnconfig]# netstat -lt grep ldap
6. Configure the LDAP database.
[root@ldapserver cnconfig]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@ldapserver cnconfig]# chown -R ldap:ldap /var/lib/ldap/
Add the following LDAP schemas.
[root@ldapserver cnconfig]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
[root@ldapserver cnconfig]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
[root@ldapserver cnconfig]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
7. Create the self-signed certificate
[root@ldapserver cnconfig]# openssl req -new -x509 -nodes -out /etc/pki/tls/certs/nehraclassesldap.pem -keyout /etc/pki/tls/certs/nehraclassesldapkey.pem -days 365
Check the certificates created under the location /etc/pki/tls/certs/
[root@ldapserver cnconfig]# ll /etc/pki/tls/certs/*.pem
8. Create base objects in OpenLDAP.
[root@ldapserver cnconfig]# cd /usr/share/migrationtools/
[root@ldapserver migrationtools]# vim migrate_common.ph
DEFAULT_MAIL_DOMAIN //"nehraclasses.com/";
DEFAULT_BASE /"dcnehraclasses,dccom/";
EXTENDED_SCHEMA1;
9. Generate a base.ldif file for your domain.
[root@ldapserver migrationtools]# touch /root/base.ldif
10. Create local users.
[root@ldapserver migrationtools} # useradd ldapuser1
[root@ldapserver migrationtools} # useradd ldapuser2
[root@ldapserver migrationtools] # echo /"redhat/" passwd –stdin ldapuser1
[root@ldapserver migrationtools] # echo /"redhat/" passwd –stdin ldapuser2
[root@ldapserver migrationtools]# grep /":10[0-9][0-9]/" /etc/passwd /root/passwd
[root@ldapserver migrationtools]# grep /":10[0-9][0-9]/" /etc/group /root/group
[root@ldapserver migrationtools]# ./migrate_passwd.pl /root/passwd /root/users.ldif
[root@ldapserver migrationtools]# ./migrate_group.pl /root/group /root/groups.ldif
11. Import users into the LDAP database.
[root@ldapserver migrationtools]# ldapadd -x -W -D /"cnManager,dcnehraclasses,dccom/" -f /root/base.ldif
[root@ldapserver migrationtools]# ldapadd -x -W -D /"cnManager,dcnehraclasses,dccom/" -f /root/users.ldif
[root@ldapserver migrationtools]# ldapadd -x -W -D /"cnManager,dcnehraclasses,dccom/" -f /root/groups.ldif
12. Test the configuration.
[root@ldapserver migrationtools]# ldapsearch -x cnldapuser1 -b dcnehraclasses,dccom
[root@ldapserver migrationtools]# ldapsearch -x -b 'dcnehraclasses,dccom' '(objectclass*)'
13. Stop Firewalld to allow the connection.
[root@ldapserver migrationtools]# systemctl stop firewalld
14. NFS configuration to export home directory.
[root@ldapserver ]# vim /etc/exports
/home *(rw,sync)
Enable and restart the rpcbind and nfs services.
[root@ldapserver ]# yum -y install rpcbind* nfs*
[root@ldapserver ]# systemctl starts rpcbind
[root@ldapserver ]# systemctl starts nfs
[root@ldapserver ]# systemctl enable rpcbind
[root@ldapserver ]# systemctl enable nfs
Test the NFS configuration.
[root@ldapserver ]# showmount -e
Customer configuration:
1. Configuring Ldap client to use LDAP server.
[root@ldapclient ]# yum install -y openldap-clients nss-pam-ldapd rpcbind* nfs*
2. Start and enable the services.
# systemctl starts rpcbind
# systemctl starts nfs
# systemctl activates rpcbind
# systemctl activate nfs
3. Mount the LDAP user home directory.
# vim exports /etc
/home/ *(rw)
# showmount -e localhost
4. Configure LDAP authentication.
# authconfig-tui
5. Mount the /home directory.
# mount ldapserver.nehraclasses.com:/home /home
Enter into AutoFS.
6. Test the client configuration.
[root@ldapclient ]# getent passwd ldapuser1
ldapuser1:x:1000:1000:ldapuser1:/home/ldapuser1:/bin/bash
7. Access the LDAP user account and create files.
# su – ldapuser1
Now access the Ldap server and check the files of ldapuser1 in his home directory.
# cd /home/ldapuser1
# ls -lh
You have successfully configured LDAP server and LDAP client in RHEL 7.
Please take the opportunity to connect and share this video with your friends and family if you find it useful.
No Comments