wiki:Documentation/Manuals/OpenLDAP24_From_Scratch

Version 5 (modified by Andrii Salnikov, 9 years ago) (diff)

--

Basic OpenLDAP 2.4 from scratch

yum install openldap-servers openldap-clients ldapvi
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
systemctl enable slapd.service 
systemctl start slapd.service

Generate password for RootDN with slappasswd The correct way to configure -- usgin ldapmodify. SASL auth enabled by default.

ldapvi -Y EXTERNAL -h ldapi:/// -b cn=config

Edit database:

6 olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=grid,dc=imbg,dc=org,dc=ua
olcRootDN: cn=Manager,dc=grid,dc=imbg,dc=org,dc=ua
olcRootPW: {SSHA}aAlr6hDxbcIp75HdDTI/TP5XjzBFR/Sl
olcAccess: to attrs=userPassword
 by self write
 by anonymous auth
 by dn.base="cn=Manager,dc=grid,dc=imbg,dc=org,dc=ua" write
 by * none
olcAccess: to * 
 by self write 
 by * read
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub

Add LDAP schemas:

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif