LDAP Server Configuration script - Printable Version +- Hackonology Forums (https://hackonology.com/forum) +-- Forum: Technology & Configuration (https://hackonology.com/forum/forumdisplay.php?fid=3) +--- Forum: System Configuration (https://hackonology.com/forum/forumdisplay.php?fid=4) +--- Thread: LDAP Server Configuration script (/showthread.php?tid=38) |
LDAP Server Configuration script - SysAdmin - 08-29-2020 ############################## Package Installation yum install openldap* migrationtools slappasswd cd /etc/openldap/slapd.d/ cd cn\=config/ vim olcDatabase\=\{2\}hdb.ldif >change the entries olcSuffix: dc=learnitguide,dc=net olcRootDN: cn=Manager,dc=learnitguide,dc=net >add the lines olcRootPW: {SSHA}bHSiwuPJEypHS6zHSE2Uy7M69sQjmkPL olcTLSCertificateFile: /etc/pki/tls/certs/learnitguideldap.pem olcTLSCertificateKeyFile: /etc/pki/tls/certs/learnitguideldapkey.pem vim olcDatabase\=\{1\}monitor.ldif >change the domain name olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=Manager,dc=learnitguide,dc=net" read by * none slaptest -u systemctl enable slapd systemctl start slapd ############################################################ configure LDAP DB Touch /var/lib/ldap/DB_CONFIG cp -rvf /usr/share/openldap-servers/DB-CONFIG.example /var/lib/ldap/DB_CONFIG ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif ############################################################# create CA certification openssl req -new -x509 -nodes -out /etc/pki/tls/certs/learnitguideldap.pem -keyout /etc/pki/tls/certs/learnitguideldapkey.pem -days 365 > Country Name (2 letter code) [XX]:IN State or Province Name (full name) []:Chennai Locality Name (eg, city) [Default City]:Chennai Organization Name (eg, company) [Default Company Ltd]:Learnitguide Organizational Unit Name (eg, section) []COPS Common Name (eg, your name or your server's hostname) []:linux1.learnitguide.net Email Address []:root@linux1.learnitguide.net ############################################################### create base object cd /usr/share/migrationtools/ vim migrate_common.ph >change lines $DEFAULT_MAIL_DOMAIN = "learnitguide.net"; # line 71$DEFAULT_BASE = "dc=learnitguide,dc=net"; # line 74 $EXTENDED_SCHEMA = 1; # line 90 ############################################################## generate files touch /root/base.ldif > dn: dc=learnitguide,dc=net objectClass: top objectClass: dcObject objectclass: organization o: learnitguide net dc: learnitguide dn: cn=Manager,dc=learnitguide,dc=net objectClass: organizationalRole cn: Manager description: Directory Manager dn: ou=People,dc=learnitguide,dc=net objectClass: organizationalUnit ou: People dn: ou=Group,dc=learnitguide,dc=net objectClass: organizationalUnit ou: Group ################################################################ create users useradd user1 useradd user2 passwd user1 passwd user2 grep ":10[0-9][0-9]" /etc/passwd > /root/passwd grep ":10[0-9][0-9]" /etc/group > /root/group ./migrate_passwd.pl /root/passwd /root/users.ldif ./migrate_group.pl /root/group /root/groups.ldif ################################################################# import users in to ldap db ldapadd -x -W -D "cn=Manager,dc=server,dc=xomic,dc=com" -f /root/base.ldif ldapadd -x -W -D "cn=Manager,dc=server,dc=xomic,dc=com" -f /root/users.ldif ldapadd -x -W -D "cn=Manager,dc=server,dc=xomic,dc=com" -f /root/groups.ldif ################################################################ test the configuration ldapsearch -x cn=ldapuser1 -b dc=learnitguide,dc=net ldapsearch -x -b 'dc=learnitguide,dc=net' '(objectclass=*)' ######## firewall ################################### ufw allow “openLDAP LDAP” firewall-cmd --permanent --add-service=LDAP firewall-cmd --permanent --add-service=openldap firewall-cmd --permanent --add-port=389/tcp firewall-cmd --reload |