OpenLDAP Server & Client Configuration in RHEL 7 | How To Setup OpenLDAP Authentication in Linux

Подписаться 47 тыс.

Просмотров 17 тыс.

50% 1

Install & Configure Openldap Server & Client in Redhat Enterprise Linux 7:
================
dapserver.nehraclasses.com 192.168.1.170
ldapclient.nehraclasses.com 192.168.1.180
Server Configuration:
1. Install the required LDAP Packages.
[root@ldapserver ~]# yum -y install openldap* migrationtools
2. Create a LDAP root passwd for administration purpose
[root@ldapserver ~]# slappasswd
New password:
Re-enter new password:
3. Edit the OpenLDAP Server Configuration
[root@ldapserver ~]# vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
4. Provide the Monitor privileges.
[root@ldapserver cn=config]# vim /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif
[root@ldapserver cn=config]# slaptest -u
config file testing succeeded
5. Enable and Start the SLAPD service.
[root@ldapserver cn=config]# systemctl start slapd
[root@ldapserver cn=config]# systemctl enable slapd
[root@ldapserver cn=config]# netstat -lt | grep ldap
6. Configure the LDAP Database.
[root@ldapserver cn=config]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@ldapserver cn=config]# chown -R ldap:ldap /var/lib/ldap/
Add the following LDAP Schemas.
[root@ldapserver cn=config]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
[root@ldapserver cn=config]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
[root@ldapserver cn=config]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
7. Create the self-signed certificate
[root@ldapserver cn=config]# openssl req -new -x509 -nodes -out /etc/pki/tls/certs/nehraclassesldap.pem -keyout /etc/pki/tls/certs/nehraclassesldapkey.pem -days 365
Verify the created certificates under the location /etc/pki/tls/certs/
[root@ldapserver cn=config]# ll /etc/pki/tls/certs/*.pem
8. Create base objects in OpenLDAP.
[root@ldapserver cn=config]# cd /usr/share/migrationtools/
[root@ldapserver migrationtools]# vim migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "nehraclasses.com";
$DEFAULT_BASE = "dc=nehraclasses,dc=com";
$EXTENDED_SCHEMA = 1;
9. Generate a base.ldif file for your Domain.
[root@ldapserver migrationtools]# touch /root/base.ldif
10. Create Local Users.
[root@ldapserver migrationtools} # useradd ldapuser1
[root@ldapserver migrationtools} # useradd ldapuser2
[root@ldapserver migrationtools] # echo "redhat" | passwd --stdin ldapuser1
[root@ldapserver migrationtools] # echo "redhat" | passwd --stdin ldapuser2
[root@ldapserver migrationtools]# grep ":10[0-9][0-9]" /etc/passwd /root/passwd
[root@ldapserver migrationtools]# grep ":10[0-9][0-9]" /etc/group /root/group
[root@ldapserver migrationtools]# ./migrate_passwd.pl /root/passwd /root/users.ldif
[root@ldapserver migrationtools]# ./migrate_group.pl /root/group /root/groups.ldif
11. Import Users in to the LDAP Database.
[root@ldapserver migrationtools]# ldapadd -x -W -D "cn=Manager,dc=nehraclasses,dc=com" -f /root/base.ldif
[root@ldapserver migrationtools]# ldapadd -x -W -D "cn=Manager,dc=nehraclasses,dc=com" -f /root/users.ldif
[root@ldapserver migrationtools]# ldapadd -x -W -D "cn=Manager,dc=nehraclasses,dc=com" -f /root/groups.ldif
12. Test the configuration.
[root@ldapserver migrationtools]# ldapsearch -x cn=ldapuser1 -b dc=nehraclasses,dc=com
[root@ldapserver migrationtools]# ldapsearch -x -b 'dc=nehraclasses,dc=com' '(objectclass=*)'
13. Stop Firewalld to allow the connection.
[root@ldapserver migrationtools]# systemctl stop firewalld
14. NFS Configuration to export the Home Directory.
[root@ldapserver ~]# vim /etc/exports
/home *(rw,sync)
Enable and restart rpcbind and nfs service.
[root@ldapserver ~]# yum -y install rpcbind* nfs*
[root@ldapserver ~]# systemctl start rpcbind
[root@ldapserver ~]# systemctl start nfs
[root@ldapserver ~]# systemctl enable rpcbind
[root@ldapserver ~]# systemctl enable nfs
Test the NFS Configuration.
[root@ldapserver ~]# showmount -e
Client Configuration:
1. Ldap Client Configuration to use LDAP Server.
[root@ldapclient ~]# yum install -y openldap-clients nss-pam-ldapd rpcbind* nfs*
2. Start & Enable the services.
systemctl start rpcbind
systemctl start nfs
systemctl enable rpcbind
systemctl enable nfs
3. Mount the LDAP Users Home Directory.
vim /etc exports
/home/ *(rw)
showmount -e localhost
4. Configure LDAP Authentication.
authconfig-tui
5. Mount the /home directory.
mount ldapserver.nehraclasses.com:/home /home
Make the entry in AutoFS.
6. Test the Client Configuration.
[root@ldapclient ~]# getent passwd ldapuser1
ldapuser1:x:1000:1000:ldapuser1:/home/ldapuser1:/bin/bash
7. Switch in the account of ldap user and create some files.
su - ldapuser1
Now go to the Ldapserver, and verify the files for ldapuser1 in his home directory.
cd /home/ldapuser1
ls -lh
You have successfully configured the LDAP Server & LDAP Client in RHEL 7.

Опубликовано:

2 апр 2020

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 39

@omkarshukla742 2 года назад

Sir you are just like a Google in linux. Jo kahi nai milta aapke pas se jaroor mil jata hai

@SanjayVerma-sr7mg 4 года назад

Hi sir. If possible kindly make a vedio regarding dynamic dns configuration in rhel 7/8. Bcos it's very difficult task for u human to assign manual name for linux client when u have 500 linux client

@piusococh2840 4 года назад

Hi thanks for the video out i cant start the slapd service after adding the RooTPW, olcTLSCertiicate and olcTLSCertificateFile. How do you clear that error in your video. Thanks

@piusococh2840 4 года назад

Hi i am wondering why i can start the slapd servce after editing the adding the RooTPW, olcTLSCertiicate and olcTLSCertificateFile to the configuration file I would be happy to hear back from you thanks.

@camilorestrepo5226 4 года назад

Since authconfig-tui, is deprecated to the redhat 8, how can I configure it for the exam 8?

@basantakumardalai5846 2 года назад

thanks

@ranapratapsingh1986 3 года назад

sir for confuring ldap server do we need to use same unix flavours os for ldap server and ldap client

@NehraClasses 3 года назад

No it's not like that, you can use any one

@shekars1878 3 года назад

Hi sir , It will great if you are prepare video configuring gui for openldap I.e. apache directory studio. Thanks in advance..

@NehraClasses 3 года назад

Please raise a request for the same in our telegram channel 🙏🙏

@tarunmittal8700 3 года назад

how we can set up password caching, so we can use the LDAP for authentication even when the LDAP server is down or not reachable.

@NehraClasses 3 года назад

Please provide all details in telegram group.

@rahulanshan1371 2 года назад

Is it possible to follow these steps inside a centos7 docker container ?

@NehraClasses 2 года назад

Yes, you can try

@harshalsalunkhe5881 3 года назад

Sir appne vo slaps.service start kasa ki same issue with me and I searched alot but not able to solve it plz help

@NehraClasses 3 года назад

Restart the machine and try again, I have uploaded another video in English on LDAP. Please watch there u will not face any such challenges. ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-ZO4DyRb-5KI.html

@srihari3044 3 года назад

I got error while executing this command LDAP_bind: invalid credentials (49)

@mmmubeen3878 3 года назад

Linux is always painful due to free source

@NehraClasses 2 года назад

please provide us error details in our telegram channel.

@NehraClasses 2 года назад

No dear, open source is the best.

@rajnishsaini3513 3 года назад

sir ye command k baad jo password dena vo kon sa hh [root@ldapserver migrationtools]# ldapadd -x -W -D "cn=Manager,dc=nehraclasses,dc=com" -f /root/base.ldif

@NehraClasses 3 года назад

Which password you are talking about

@sandipbanerjee9871 4 года назад

Sir apne root/base.ldif file ke andar Jo copy kia hain wo kaha se Kia hain .

@NehraClasses 4 года назад

Some content from the internet & some at my own. If you need all the steps and commands, please go through the description of the video.

@sandipbanerjee9871 4 года назад

@@NehraClasses thank you sir

@xayal4 2 года назад

How to setup openLDAP Server with SSL certificate??

@NehraClasses 2 года назад

If you want us to create a video tutorial on this topic please join our channel standard membership and raise a request in our telegram channel.

@srihari3044 3 года назад

Hello sir can you please give me confirmation about this error # Ledadd -x -W -D "cn=Manager,dc=xxx,dc=xxx -f /root/base.ldif

@NehraClasses 3 года назад

please watch another video of LDAP on our channel.

@abhirambajpai3639 2 года назад

Sir I followed these steps but LDAP not properly work

@NehraClasses 2 года назад

Follow this tutorial. ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-ZO4DyRb-5KI.html

@abdularshad2993 3 года назад

same error display when start the service kindly provide the solution you stop and skip the solution in video Job for slapd.service failed because the control process exited with error code. See "systemctl status slapd.service" and "journalctl -xe" for details.

@NehraClasses 3 года назад

Follow the latest tutorial on LDAP ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-ZO4DyRb-5KI.html

@abdularshad2993 3 года назад

@@NehraClasses jaha se apne copy kia he waha se kafi pehle configure kar chuka hu but ap ye sikhaie agar 3 parts me domain hoga to fir mese configure karenge example : world.ac.in