+- Hackonology Forums (https://hackonology.com/forum)
+-- Forum: Technology & Configuration (https://hackonology.com/forum/forumdisplay.php?fid=3)
+--- Forum: System Configuration (https://hackonology.com/forum/forumdisplay.php?fid=4)
+--- Thread: LDAP Server Configuration script (/showthread.php?tid=38)
LDAP Server Configuration script - SysAdmin - 08-29-2020
############################## Package Installation
yum install openldap* migrationtools
slappasswd
cd /etc/openldap/slapd.d/
cd cn\=config/
vim olcDatabase\=\{2\}hdb.ldif
>change the entries
olcSuffix: dc=learnitguide,dc=net
olcRootDN: cn=Manager,dc=learnitguide,dc=net
>add the lines
olcRootPW: {SSHA}bHSiwuPJEypHS6zHSE2Uy7M69sQjmkPL
olcTLSCertificateFile: /etc/pki/tls/certs/learnitguideldap.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/learnitguideldapkey.pem
vim olcDatabase\=\{1\}monitor.ldif
>change the domain name
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=Manager,dc=learnitguide,dc=net" read by * none
slaptest -u
systemctl enable slapd
systemctl start slapd
############################################################ configure LDAP DB
Touch /var/lib/ldap/DB_CONFIG
cp -rvf /usr/share/openldap-servers/DB-CONFIG.example /var/lib/ldap/DB_CONFIG
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
############################################################# create CA certification
openssl req -new -x509 -nodes -out /etc/pki/tls/certs/learnitguideldap.pem -keyout /etc/pki/tls/certs/learnitguideldapkey.pem -days 365
>
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Chennai
Locality Name (eg, city) [Default City]:Chennai
Organization Name (eg, company) [Default Company Ltd]:Learnitguide
Organizational Unit Name (eg, section) []
COPSCommon Name (eg, your name or your server's hostname) []:linux1.learnitguide.net
Email Address []:root@linux1.learnitguide.net
############################################################### create base object
cd /usr/share/migrationtools/
vim migrate_common.ph
>change lines
$DEFAULT_MAIL_DOMAIN = "learnitguide.net"; # line 71$DEFAULT_BASE = "dc=learnitguide,dc=net"; # line 74 $EXTENDED_SCHEMA = 1; # line 90
############################################################## generate files
touch /root/base.ldif
>
dn: dc=learnitguide,dc=net
objectClass: top
objectClass: dcObject
objectclass: organization
o: learnitguide net
dc: learnitguide
dn: cn=Manager,dc=learnitguide,dc=net
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=People,dc=learnitguide,dc=net
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=learnitguide,dc=net
objectClass: organizationalUnit
ou: Group
################################################################ create users
useradd user1
useradd user2
passwd user1
passwd user2
grep ":10[0-9][0-9]" /etc/passwd > /root/passwd
grep ":10[0-9][0-9]" /etc/group > /root/group
./migrate_passwd.pl /root/passwd /root/users.ldif
./migrate_group.pl /root/group /root/groups.ldif
################################################################# import users in to ldap db
ldapadd -x -W -D "cn=Manager,dc=server,dc=xomic,dc=com" -f /root/base.ldif
ldapadd -x -W -D "cn=Manager,dc=server,dc=xomic,dc=com" -f /root/users.ldif
ldapadd -x -W -D "cn=Manager,dc=server,dc=xomic,dc=com" -f /root/groups.ldif
################################################################ test the configuration
ldapsearch -x cn=ldapuser1 -b dc=learnitguide,dc=net
ldapsearch -x -b 'dc=learnitguide,dc=net' '(objectclass=*)'
######## firewall ###################################
ufw allow “openLDAP LDAP”
firewall-cmd --permanent --add-service=LDAP
firewall-cmd --permanent --add-service=openldap
firewall-cmd --permanent --add-port=389/tcp
firewall-cmd --reload