centos 7
------
Install OpenLDAP Server on CentOS 7
# yum -y install openldap*
# systemctl enable slapd && systemctl start slapd
Allow ldaps port in Firewall.
[root@ldapserver ~]# firewall-cmd --permanent --add-service=ldaps success [root@ldapserver ~]# firewall-cmd --reload success
Configure OpenLDAP syslog.
[root@ldapserver ~]# cat >> /etc/rsyslog.conf << EOF > #LDAP Logging > local4.* /var/log/openldap.log > EOF [root@ldapserver ~]# systemctl restart rsyslog
# systemctl restart slapd.service
# slappasswd ldapPasswd
slappasswd -s osradar -n
{SSHA}1cq/3yOOq0WDLmx3JPxvFAqSQY2ZKI9Z
[root@ldap ~]# cd /etc/openldap/slapd.d/cn\=config/
[root@ldap cn=config]# ll
total 20
drwxr-x--- 2 ldap ldap 29 Aug 29 13:23 cn=schema
-rw------- 1 ldap ldap 378 Aug 29 13:23 cn=schema.ldif
-rw------- 1 ldap ldap 513 Aug 29 13:23 olcDatabase={0}config.ldif
-rw------- 1 ldap ldap 443 Aug 29 13:23 olcDatabase={-1}frontend.ldif
-rw------- 1 ldap ldap 562 Aug 29 13:23 olcDatabase={1}monitor.ldif
-rw------- 1 ldap ldap 609 Aug 29 13:23 olcDatabase={2}hdb.ldif
# vi olcDatabase\=\{2\}hdb.ldif [ Edid this line]
olcSuffix: dc=my-domain,dc=com
olcRootDN: cn=Manager,dc=my-domain,dc=com
# cd
[root@ldap ldap]# mkdir ~/ldap
[root@ldap ldap]# cd ~/ldap
# vi db.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=worldcm,dc=net
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=worldcm,dc=net
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}1cq/3yOOq0WDLmx3JPxvFAqSQY2ZKI9Z #[Add this passwd-slappasswd]
[root@ldap ldap]# ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
root@ldap ~]# cd /etc/openldap/slapd.d/cn\=config/
[root@ldap cn=config]# ll
[root@ldap cn=config]# vi olcDatabase\=\{2\}hdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 8a86d261
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
structuralObjectClass: olcHdbConfig
entryUUID: 49da7f9e-7e14-103a-8dd9-f5ca8fa84db8
creatorsName: cn=config
createTimestamp: 20200829072332Z
olcSuffix: dc=worldcm,dc=net # [changes Line]
olcRootDN: cn=ldapadm,dc=worldcm,dc=net # [changes Line]
olcRootPW:: e1NTSEF9MWNxLzN5T09xMFdETG14M0pQeHZGQXFTUVkyWktJOVo= # [changes Line]
entryCSN: 20200829073851.662422Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20200829073851Z
-----------------------------
[root@ldap cn=config]# ls
[root@ldap cn=config]# vi olcDatabase\=\{1\}monitor.ldif
----------------------------------------
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 fb9e4aa2
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern # [ We use idapmodify command to edit this dile]
al,cn=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none
structuralObjectClass: olcDatabaseConfig
entryUUID: 49da7968-7e14-103a-8dd8-f5ca8fa84db8
creatorsName: cn=config
createTimestamp: 20200829072332Z
entryCSN: 20200829072332.771842Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20200829072332Z
---------------------------
[root@ldap cn=config]# cd
[root@ldap ldap]# cd ~/ldap
root@ldap dap]# vi monitor.ldif ] Crear a file]
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=worldcm,dc=net" read by * none
-------------------
root@ldap ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}monitor,cn=config"
---------------------------------
[root@ldap ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@ldap ~]# chown ldap:ldap /var/lib/ldap/*
[[root@ldap ~]#]# slaptest -u config file testing succeeded
# cd /etc/openldap/schema
[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"
[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"
[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=inetorgperson,cn=schema,cn=config"
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
[root@ldap ldap]# cd ~/ldap
[root@ldap ~]# vi base.ldif
-------------------
dn: dc=worldcm,dc=net
objectclass: dcObject
objectclass: organization
o: Home LDAP Server
dc: worldcm
dn: cn=ldapadm,dc=worldcm,dc=net
objectclass: organizationalRole
cn: ldapadm
dn: ou=users,dc=worldcm,dc=net
ou: users
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=worldcm,dc=net
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=addressbook,dc=worldcm,dc=net
ou: addressbook
objectClass: top
objectClass: organizationalUnit
------------------------OR--------------------
dn: dc=worldcm,dc=net
dc: worldcm
objectClass: top
objectClass: domain
dn: cn=ldapadm,dc=worldcm,dc=net
objectClass: organizationalRole
cn: ldapadm
description: LDAP Manager
dn: ou=People,dc=worldcm,dc=net
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=worldcm,dc=net
objectClass: organizationalUnit
ou: Group
------------------
[root@ldap ~]# ldapadd -x -W -D "cn=ldapadm,dc=worldcm,dc=net" -f base.ldif
Enter LDAP Password:
adding new entry "dc=worldcm,dc=net"
adding new entry "cn=ldapadm,dc=worldcm,dc=net"
adding new entry "ou=People,dc=worldcm,dc=net"
adding new entry "ou=Group,dc=worldcm,dc=net"
---------------------------
[root@ldap ~]# ldapsearch -D cn="ldapadm,dc=worldcm,dc=net" -W -b "dc=worldcm,dc=net" objectClass=*
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=worldcm,dc=net> with scope subtree
# filter: objectClass=*
# requesting: ALL
#
# worldcm.net
dn: dc=worldcm,dc=net
dc: worldcm
objectClass: top
objectClass: domain
# ldapadm, worldcm.net
dn: cn=ldapadm,dc=worldcm,dc=net
objectClass: organizationalRole
cn: ldapadm
description: LDAP Manager
# People, worldcm.net
dn: ou=People,dc=worldcm,dc=net
objectClass: organizationalUnit
ou: People
# Group, worldcm.net
dn: ou=Group,dc=worldcm,dc=net
objectClass: organizationalUnit
ou: Group
# search result
search: 2
result: 0 Success
# numResponses: 5
# numEntries: 4
--------------------------------------------------
# systemctl restart slapd.service
************ phpldapadmin - support php 5.6 *******************************
[root@ldap ~]# yum -y install php php-mbstring php-pear
yum -y install install php56w-xml php56w-soap php56w-xmlrpc php56w-mbstring php56w-json php56w-gd php56w-mcrypt php56w-pear php56w-ldap
# yum -y install phpldapadmin
# systemctl enable httpd && systemctl start httpd
[root@ldap ~]# vi /etc/httpd/conf.d/phpldapadmin.conf
#
# Web-based tool for managing LDAP servers
#
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs
<Directory /usr/share/phpldapadmin/htdocs>
<IfModule mod_authz_core.c>
# Apache 2.4
# Require local
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
-------------------------------
# systemctl restart httpd
[root@ldap ~]# cp /etc/phpldapadmin/config.php /etc/phpldapadmin/config.php.ORG
[root@ldap ~]# vi /etc/phpldapadmin/config.php
305 // $servers->setValue('server','base',array('')); #[Remove // & Add]
305 $servers->setValue('server','base',array('dc=worldcm,dc=net'));
397 $servers->setValue('login','attr','dn'); # remove //
398 //$servers->setValue('login','attr','uid'); # Add //
332 # $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');
$servers->setValue('login','bind_id','cn=ldapadm,dc=worldcm,dc=net');
# systemctl restart httpd
# systemctl restart slapd.service
$servers->newServer('ldap_pla');
$servers->setValue('server','name','ldapserver.worldcm.net');
$servers->setValue('server','host','127.0.0.1');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=worldcm,dc=net'));
$servers->setValue('login','auth_type','cookie');
$servers->setValue('login','bind_id','cn=ldapadm,dc=worldcm,dc=net');
$servers->setValue('login','bind_pass','123');
$servers->setValue('server','tls',false);
--------