------

Install OpenLDAP  Server on CentOS 7

# yum -y install openldap* 

# systemctl enable slapd && systemctl start slapd

Allow ldaps port in Firewall.

Configure OpenLDAP syslog.

# systemctl restart slapd.service

# slappasswd           ldapPasswd

slappasswd -s osradar -n

{SSHA}1cq/3yOOq0WDLmx3JPxvFAqSQY2ZKI9Z

[root@ldap ~]# cd /etc/openldap/slapd.d/cn\=config/

[root@ldap cn=config]# ll

total 20

drwxr-x--- 2 ldap ldap  29 Aug 29 13:23 cn=schema

-rw------- 1 ldap ldap 378 Aug 29 13:23 cn=schema.ldif

-rw------- 1 ldap ldap 513 Aug 29 13:23 olcDatabase={0}config.ldif

-rw------- 1 ldap ldap 443 Aug 29 13:23 olcDatabase={-1}frontend.ldif

-rw------- 1 ldap ldap 562 Aug 29 13:23 olcDatabase={1}monitor.ldif

-rw------- 1 ldap ldap 609 Aug 29 13:23 olcDatabase={2}hdb.ldif

# vi olcDatabase\=\{2\}hdb.ldif              [ Edid this line]

olcSuffix: dc=my-domain,dc=com

olcRootDN: cn=Manager,dc=my-domain,dc=com

# cd

[root@ldap ldap]# mkdir ~/ldap

[root@ldap ldap]# cd ~/ldap

           # vi db.ldif

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcSuffix

olcSuffix: dc=worldcm,dc=net

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootDN

olcRootDN: cn=ldapadm,dc=worldcm,dc=net

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootPW

olcRootPW: {SSHA}1cq/3yOOq0WDLmx3JPxvFAqSQY2ZKI9Z        #[Add this passwd-slappasswd]

[root@ldap ldap]#  ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

root@ldap ~]#  cd /etc/openldap/slapd.d/cn\=config/

[root@ldap cn=config]#  ll

[root@ldap cn=config]#  vi olcDatabase\=\{2\}hdb.ldif 

# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.

# CRC32 8a86d261

dn: olcDatabase={2}hdb

objectClass: olcDatabaseConfig

objectClass: olcHdbConfig

olcDatabase: {2}hdb

olcDbDirectory: /var/lib/ldap

olcDbIndex: objectClass eq,pres

olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub

structuralObjectClass: olcHdbConfig

entryUUID: 49da7f9e-7e14-103a-8dd9-f5ca8fa84db8

creatorsName: cn=config

createTimestamp: 20200829072332Z

olcSuffix: dc=worldcm,dc=net                                                                                             # [changes Line]

olcRootDN: cn=ldapadm,dc=worldcm,dc=net                                                                      # [changes Line]

olcRootPW:: e1NTSEF9MWNxLzN5T09xMFdETG14M0pQeHZGQXFTUVkyWktJOVo=                 # [changes Line]

entryCSN: 20200829073851.662422Z#000000#000#000000

modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

modifyTimestamp: 20200829073851Z

                                -----------------------------

[root@ldap cn=config]#  ls

[root@ldap cn=config]#  vi olcDatabase\=\{1\}monitor.ldif 

                                           ----------------------------------------

# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.

# CRC32 fb9e4aa2

dn: olcDatabase={1}monitor

objectClass: olcDatabaseConfig

olcDatabase: {1}monitor

olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern                    # [ We use idapmodify command to edit this dile]

 al,cn=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none

structuralObjectClass: olcDatabaseConfig

entryUUID: 49da7968-7e14-103a-8dd8-f5ca8fa84db8

creatorsName: cn=config

createTimestamp: 20200829072332Z

entryCSN: 20200829072332.771842Z#000000#000#000000

modifiersName: cn=config

modifyTimestamp: 20200829072332Z

                                              ---------------------------

[root@ldap cn=config]# cd

[root@ldap ldap]# cd ~/ldap

root@ldap dap]#  vi monitor.ldif        ] Crear a file]

dn: olcDatabase={1}monitor,cn=config

changetype: modify

replace: olcAccess

olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=worldcm,dc=net" read by * none

                     -------------------

root@ldap ~]# ldapmodify  -Y EXTERNAL -H ldapi:/// -f monitor.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

modifying entry "olcDatabase={1}monitor,cn=config"

                         ---------------------------------

[root@ldap ~]#  cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

[root@ldap ~]#  chown ldap:ldap /var/lib/ldap/*

[[root@ldap ~]#]# slaptest -u config file testing succeeded

# cd /etc/openldap/schema

[root@ldap ~]#  ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=cosine,cn=schema,cn=config"

[root@ldap ~]#  ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=nis,cn=schema,cn=config"

[root@ldap ~]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

SASL/EXTERNAL authentication started

SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

SASL SSF: 0

adding new entry "cn=inetorgperson,cn=schema,cn=config"

#  ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

[root@ldap ldap]#  cd ~/ldap

[root@ldap ~]#  vi base.ldif

                       -------------------

dn: dc=worldcm,dc=net

objectclass: dcObject

objectclass: organization

o: Home LDAP Server

dc: worldcm

dn: cn=ldapadm,dc=worldcm,dc=net

objectclass: organizationalRole

cn: ldapadm

dn: ou=users,dc=worldcm,dc=net

ou: users

objectClass: top

objectClass: organizationalUnit

dn: ou=Group,dc=worldcm,dc=net

ou: Group

objectClass: top

objectClass: organizationalUnit

dn: ou=addressbook,dc=worldcm,dc=net

ou: addressbook

objectClass: top

objectClass: organizationalUnit

                       ------------------------OR--------------------

dn: dc=worldcm,dc=net

dc: worldcm

objectClass: top

objectClass: domain

dn: cn=ldapadm,dc=worldcm,dc=net

objectClass: organizationalRole

cn: ldapadm

description: LDAP Manager

dn: ou=People,dc=worldcm,dc=net

objectClass: organizationalUnit

ou: People

dn: ou=Group,dc=worldcm,dc=net

objectClass: organizationalUnit

ou: Group

                 ------------------

[root@ldap ~]#  ldapadd -x -W -D "cn=ldapadm,dc=worldcm,dc=net" -f base.ldif

Enter LDAP Password: 

adding new entry "dc=worldcm,dc=net"

adding new entry "cn=ldapadm,dc=worldcm,dc=net"

adding new entry "ou=People,dc=worldcm,dc=net"

adding new entry "ou=Group,dc=worldcm,dc=net"

                   ---------------------------

[root@ldap ~]#  ldapsearch -D cn="ldapadm,dc=worldcm,dc=net" -W -b "dc=worldcm,dc=net" objectClass=*

Enter LDAP Password: 

# extended LDIF

#

# LDAPv3

# base <dc=worldcm,dc=net> with scope subtree

# filter: objectClass=*

# requesting: ALL

#

# worldcm.net

dn: dc=worldcm,dc=net

dc: worldcm

objectClass: top

objectClass: domain

# ldapadm, worldcm.net

dn: cn=ldapadm,dc=worldcm,dc=net

objectClass: organizationalRole

cn: ldapadm

description: LDAP Manager

# People, worldcm.net

dn: ou=People,dc=worldcm,dc=net

objectClass: organizationalUnit

ou: People

# Group, worldcm.net

dn: ou=Group,dc=worldcm,dc=net

objectClass: organizationalUnit

ou: Group

# search result

search: 2

result: 0 Success

# numResponses: 5

# numEntries: 4

          --------------------------------------------------

# systemctl restart slapd.service

************  phpldapadmin - support php 5.6 *******************************

[root@ldap ~]#   yum -y install php php-mbstring php-pear           

yum -y install install php56w-xml php56w-soap php56w-xmlrpc php56w-mbstring php56w-json php56w-gd php56w-mcrypt php56w-pear php56w-ldap

#  yum -y install phpldapadmin

# systemctl enable httpd && systemctl start httpd  

[root@ldap ~]#    vi /etc/httpd/conf.d/phpldapadmin.conf

#

#  Web-based tool for managing LDAP servers

#

Alias /phpldapadmin /usr/share/phpldapadmin/htdocs

Alias /ldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>

  <IfModule mod_authz_core.c>

    # Apache 2.4

#    Require local

   Require all granted

  </IfModule>

  <IfModule !mod_authz_core.c>

    # Apache 2.2

    Order Deny,Allow

    Deny from all

    Allow from 127.0.0.1

    Allow from ::1

  </IfModule>

</Directory>

       -------------------------------

#  systemctl restart httpd

[root@ldap ~]# cp /etc/phpldapadmin/config.php  /etc/phpldapadmin/config.php.ORG 

[root@ldap ~]# vi /etc/phpldapadmin/config.php 

 305 // $servers->setValue('server','base',array(''));                      #[Remove // & Add]

 305  $servers->setValue('server','base',array('dc=worldcm,dc=net'));

    397  $servers->setValue('login','attr','dn');         # remove //

    398 //$servers->setValue('login','attr','uid');      # Add //

332 #  $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');

       $servers->setValue('login','bind_id','cn=ldapadm,dc=worldcm,dc=net');

#  systemctl restart httpd

# systemctl restart slapd.service

$servers->newServer('ldap_pla');

$servers->setValue('server','name','ldapserver.worldcm.net');

$servers->setValue('server','host','127.0.0.1');

$servers->setValue('server','port',389);

$servers->setValue('server','base',array('dc=worldcm,dc=net'));

$servers->setValue('login','auth_type','cookie');

$servers->setValue('login','bind_id','cn=ldapadm,dc=worldcm,dc=net');

$servers->setValue('login','bind_pass','123');

$servers->setValue('server','tls',false);

--------