I am currenty working on to setup a centralized authenticaion with OpenLDAP for Red Hat Linux .
Objective – Setup a Centralized OpenLDAP authentication for Red Hat Linux Servers where client can connect with ssh , user administration can be done from one server.
Please I am not looking for rpm or yum installation no cn=config. I want to configure with slapd.conf and ldap.conf
tar -xvf db-4.7.25.NC.tar.gz
ls -ltr
cp patch.4.7.25.1 patch.4.7.25.2 patch.4.7.25.3 patch.4.7.25.4 db-4.7.25.NC
cd db-4.7.25.NC
patch -p0 patch.4.7.25.1
patch -p0 < patch.4.7.25.1
patch -p0 < patch.4.7.25.2
patch -p0 < patch.4.7.25.3
patch -p0 < patch.4.7.25.4
cd build_unix/
./dist/configure
make
make install
export CPPFLAGS="-I/usr/local/BerkeleyDB.4.7/include"
export LDFLAGS="-L/usr/local/BerkeleyDB.4.7/lib"
export LD_LIBRARY_PATH=/opt/db-4.7.25.NC/build_unix/.libs
vi /etc/profile
source /etc/profile
cd /opt/
tar -xvzf openldap-2.4.23.tgz
openldap-2.4.23
./configure --with-tls --enable-accesslog --enable-auditlog --enable-dyngroup --enable-dynlist --enable-ppolicy --enable-bdb --enable-syslog --with-cyrus-sasl --with-threads --enable-crypt=yes --enable-ldap=yes --enable-proxycache=yes
make depend
make
make test
make install
vi /usr/local/etc/openldap/slapd.conf
slappasswd
my slapd.conf ---------------
database bdb
suffix "dc=exa,dc=com"
rootdn "cn=Manager,dc=exa,dc=com"
rootpw {SSHA}PxEhMMYJvFRqT3L4fYYCmevrt22zYeDS
directory /usr/local/var/openldap-data
======================================================
root objects for the LDAP database
cat exa.ldif
dn: dc=exa,dc=sea
dc: exa
description: Root LDAP entry for exa.sea
objectClass: dcObject
objectClass: organizationalUnit
dn: ou=People,dc=exa,dc=com
ou: People
description: All people in organisation
objectClass: organizationalUnit
I have added the entries successfully and can search the database but when I am trying to change password it is giving error message (Result: No such object (32) )
**cn: uid=naveen,ou=People,dc=exa,dc=com
uid: naveen
cn: naveen
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$SBo8cFfd$Nqc9yqobHxwiom/0BLPnf.
shadowLastChange: 12502
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 2000
gidNumber: 2000
homeDirectory: /home/naveen**
===============================================
[root@localhost bob]# ldappasswd -vx -D "cn=Manager,dc=exa,dc=com" -W -
S "uid=naveen,ou=People,dc=exa,dc=com"
New password:
Re-enter new password:
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
Result: No such object (32)
Could anyone suggest me a better way to do OpenLDAP Authenticaiton for Red Hat Linux with slapd.conf and client configuration.
client configuration –
authconfig-tui
ldap.conf slapd.conf
=======================================================================================
I solved the ldappasswd issue.
[root@localhost opt]# ldappasswd -vx -D "cn=Manager,dc=exa,dc=com" -W -S "cn=John Smith,ou=People,dc=exa,dc=com"
New password:
Re-enter new password: ldap_initialize( )
Enter LDAP Password:
Result: Success (0)
[root@localhost opt]#
Please advise me better way to authenticate Clients using OpenLDAP thanks.
Thanks in advance Naveen
Best Answer
Your question is pretty badly formed, Naveen. It seems like you know what you want to do, but you haven't really thought through (or researched) how to accomplish it.
The general outline for setting up LDAP-based authentication is:
You need to figure out what your LDAP directory will look like.
Think like an AD deployment (much as it pains me to say such things).
You should use Yum/Apt/whatever your OS standard way of installing stuff is for this part.
There's no sense in making work for yourself by building it from source unless you have to.
RFC 2307 is the minimum. You probably also want to add the sudo schema if you use sudo, and the OpenSSH LDAP Public Keys schema if you use SSH.
Enable the OpenSSH-LPK (LDAP Public Keys) patch if you intend to use it.
Install pam_ldap/nss_ldap (or pam_ldapd) and add LDAP to your
nsswitch.conf
file.Add a couple of users and groups.
There are a number of tutorials which will help you out if you google around.
There are also some words from RedHat on the subject, though I can't vouch for their accuracy as I don't run RedHat in my environment.