How to install and configure OpenLDAP on Linux

Home > Search > How-to
  by

Use apt-get or yum to install OpenLDAP.

~]# yum install openldap openldap-clients openldap-servers migrationtools

 


Set Root Password

Set the LDAP root password.

~]# slappasswd
New password: ********
Re-enter new password: ********
{SHHA}pfjf4857vjslsj4j4g8skdffj3342

 


Configure LDAP for your domain

Next, you will configure LDAP to use your domain name, such as example.com. The domain is the top-level entity in an LDAP hierarchy. Later, you will create OUs and add users to OUs.

 

By default, the /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif file will have domain name my-domain.com. Update this file to list your domain name. Also, add entries for your root LDAP password, as well as the path to your public certficate and private key.

olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc=example,dc=com
. . .
olcRootPW: {SHHA}pfjf4857vjslsj4j4g8skdffj3342
olcTLSCertificateFile: /etc/pki/tls/certs/example.crt
olcTLSCertificateKeyFIle: /etc/pki/tls/private/example.key

 

In the /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif file, replace my-domain with your domain name.

olcAccess: 
  "cn=Manager,dc=example,dc=com"

 

Update /usr/share/migrationtools/migrate_common.ph to have your domain.

$DEFAULT_MAIL_DOMAIN = "example.com"
$DEFAULT_BASE = "dc=example,dc=com"

 

Ensure "config file testing succeeded" is displayed. Checksum errors can be ignored.

~]# slaptest -u
. . .
config file testing succeeded

 


Start and enable OpenLDAP

Start and enable OpenLDAP, and ensure OpenLDAP is active and running.

~]# systemctl start slapd
~]# systemctl enable slapd
~]# systemctl status slapd

 

Verify that the LDAP service is listening on port 389.

netstat -ant | grep 389
tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN          
tcp6       0      0 :::389                  :::*                    LISTEN

 


Database schema

Copy the example DB_CONFIG file into the /var/lib/ldap/ directory, and rename the file to DB_CONFIG.

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

 

Add the cosine, nis, and inetorgperson schemas

~]# ldapadd -Y EXTERNAL -H ldapi:// -f /etc/openldap/schema/cosine.ldif
~]# ldapadd -Y EXTERNAL -H ldapi:// -f /etc/openldap/schema/nis.ldif
~]# ldapadd -Y EXTERNAL -H ldapi:// -f /etc/openldap/schema/inetorgperson.ldif

 

Update /usr/share/migrationtools/migrate_common.ph to use extended schema.

$EXTENDED_SCHEMA = 1;

 

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments