{"id":933,"date":"2015-02-05T22:17:04","date_gmt":"2015-02-06T03:17:04","guid":{"rendered":"https:\/\/www.softwareab.net\/wordpress\/?p=933"},"modified":"2015-02-05T22:19:08","modified_gmt":"2015-02-06T03:19:08","slug":"setup-openldap-centos-6-x","status":"publish","type":"post","link":"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/","title":{"rendered":"Setup OpenLDAP on CentOS 6.x"},"content":{"rendered":"<p>Hi All &#8211; I had to setup another LDAP server today and it was just barely painful enough to warrant a writeup \ud83d\ude42 Read more for my walkthrough!<\/p>\n<p><!--more--><\/p>\n<p>First &#8211; I started with my &#8220;typical&#8221; CentOS VM &#8211; built plain-jane vanilla (minimal), no X11, latest patches applied. I suggest you begin the same. Then follow these steps:<\/p>\n<ol>\n<li>Update firewall to permit port 389 (secure LDAP over port 636 is preferable but we&#8217;ll cover that in a different post). In <code>\/etc\/sysconfig\/iptables<\/code> add the line:\n<pre><code>\r\n-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT\r\n<\/code><\/pre>\n<\/li>\n<li>\nInstall OpenLDAP:<\/p>\n<pre><code>\r\nyum -y install openldap openldap-clients openldap-servers\r\n<\/code><\/pre>\n<\/li>\n<li>\nGenerate password and modify specifed config files as described below:<\/p>\n<pre><code>\r\nslappasswd\r\n<em>[...enter new password and copy result...]<\/em>\r\n\r\ncd \/etc\/openldap\/slapd.d\/cn\\=config\r\n\r\nvi olcDatabase\\=\\{2\\}bdb.ldif\r\n<em>[...add line 'olcRootPW: (copied password)'...]\r\n[...change references of 'my-domain' to 'your-domain'...]<\/em>\r\n\r\nvi olcDatabase\\=\\{1\\}monitor.ldif\r\n<em>[...modify olcAccess to change 'my-domain' to 'your-domain'...]<\/em>\r\n\r\nvi olcDatabase\\=\\{2\\}bdb.ldif\r\n<em>[...BEGIN: add these two lines...]\r\nolcAccess: {0}to attrs=userPassword by self write by dn.base=\"cn=Manager,dc=yo\r\n ur-domain,dc=com\" write by anonymous auth by * none\r\nolcAccess: {1}to * by dn.base=\"cn=Manager,dc=your-domain,dc=com\" write by self\r\n write by * read\r\n[...END: add these two lines...]<\/em>\r\n<\/code><\/pre>\n<\/li>\n<li>\n<strong>OPTIONAL:<\/strong> Update CRC-32 codes or you get warnings when starting the slapd service. For each modified file, copy to temp file excluding first two lines. Then run the CRC-32 check program &#8211; which does not exist on CentOS but I found \/ built a copy (I&#8217;ll write that up later I promise :). Here&#8217;s an example of the one I built in action:<\/p>\n<pre><code>\r\n[root@lvinfillx100 cn=config]# <strong>tail -n +3 \\\r\n  \/etc\/openldap\/slapd.d\/cn=config\/olcDatabase={1}monitor.ldif &gt; \/tmp\/foo.txt<\/strong>\r\n[root@lvinfillx100 cn=config]# <strong>check-crc32 \/tmp\/foo.txt<\/strong>\r\n\/tmp\/foo.txt                     CRC-32 = 5785915f, size = 619 bytes\r\n[root@lvinfillx100 cn=config]# <strong>vi \/etc\/openldap\/slapd.d\/cn=config\/olcDatabase={1}monitor.ldif<\/strong>\r\n<em>[...update CRC to match above...]<\/em>\r\n<\/code><\/pre>\n<\/li>\n<li>\nSetup auto-start:<\/p>\n<pre><code>\r\nchkconfig slapd on\r\nservice slapd start\r\n<\/code><\/pre>\n<\/li>\n<li>\nSetup root entry:<\/p>\n<pre><code>\r\n<em># \/root\/10-your-domain-com.ldif<\/em>\r\ndn: dc=your-domain,dc=com\r\nobjectClass: dcObject\r\nobjectClass: organization\r\ndc: your-domain\r\no : your-domain\r\n<\/code><\/pre>\n<p>Then enter it into LDAP:<\/p>\n<pre><code>\r\nldapadd -f 10-your-domain-com.ldif -D cn=Manager,dc=your-domain,dc=com -W\r\n<\/code><\/pre>\n<p>Perform a quick search if you want to verify:<\/p>\n<pre><code>\r\n[root@lvinfillx100 ~]# ldapsearch -x -LLL -b dc=your-domain,dc=com\r\ndn: dc=your-domain,dc=com\r\nobjectClass: dcObject\r\nobjectClass: organization\r\ndc: your-domain\r\no: your-domain\r\n<\/code><\/pre>\n<\/li>\n<li>\nSetup <code>memberOf<\/code> attribute support. This was a pain and took me some time to get right (would justify a blog entry just for this recipe). Note that this recipe is good for 64-bit specifically.<\/p>\n<pre><code>\r\n<em># \/root\/15-memberof.ldif<\/em>\r\ndn: cn=module,cn=config\r\ncn: module\r\nobjectClass: olcModuleList\r\nobjectclass: top\r\nolcModuleLoad: memberof.la\r\nolcModulePath: \/usr\/lib64\/openldap\r\n\r\ndn: olcOverlay=memberof,olcDatabase={2}bdb,cn=config\r\nobjectclass: olcconfig\r\nobjectclass: olcMemberOf\r\nobjectclass: olcoverlayconfig\r\nobjectclass: top\r\nolcoverlay: memberof\r\n<\/code><\/pre>\n<p>Then add the overlay support to OpenLDAP:<\/p>\n<pre><code>\r\nldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f .\/15-memberof.ldif\r\n<\/code><\/pre>\n<\/li>\n<li>\nCreate OU for Users and Groups:<\/p>\n<pre><code>\r\n<em># \/root\/20-your-domain-com-ous.ldif<\/em>\r\n# OUs for users and groups\r\ndn: ou=Users,dc=your-domain,dc=com\r\nobjectClass: organizationalUnit\r\nou: Users\r\n\r\ndn: ou=Groups,dc=your-domain,dc=com\r\nobjectClass: organizationalUnit\r\nou: Groups\r\n<\/code><\/pre>\n<p>Add to OpenLDAP:<\/p>\n<pre><code>\r\nldapadd -f 20-your-domain-com-ous.ldif -D cn=Manager,dc=your-domain,dc=com -W\r\n<\/code><\/pre>\n<\/li>\n<\/ol>\n<p>That is all. Enjoy your OpenLDAP!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi All &#8211; I had to setup another LDAP server today and it was just barely painful enough to warrant a writeup \ud83d\ude42 Read more for my walkthrough!<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[81,1],"tags":[42,55,18],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Setup OpenLDAP on CentOS 6.x - softwareab<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Setup OpenLDAP on CentOS 6.x - softwareab\" \/>\n<meta property=\"og:description\" content=\"Hi All &#8211; I had to setup another LDAP server today and it was just barely painful enough to warrant a writeup \ud83d\ude42 Read more for my walkthrough!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/\" \/>\n<meta property=\"og:site_name\" content=\"softwareab\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cloudraticsolutions\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/cloudraticsolutions\/\" \/>\n<meta property=\"article:published_time\" content=\"2015-02-06T03:17:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-02-06T03:19:08+00:00\" \/>\n<meta name=\"author\" content=\"Andrew Bruce\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@realcloudratics\" \/>\n<meta name=\"twitter:site\" content=\"@realcloudratics\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andrew Bruce\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/\"},\"author\":{\"name\":\"Andrew Bruce\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\"},\"headline\":\"Setup OpenLDAP on CentOS 6.x\",\"datePublished\":\"2015-02-06T03:17:04+00:00\",\"dateModified\":\"2015-02-06T03:19:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/\"},\"wordCount\":231,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\"},\"keywords\":[\"centos\",\"linux\",\"sysadmin\"],\"articleSection\":[\"SysAdmin\",\"Teknocratica\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/\",\"url\":\"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/\",\"name\":\"Setup OpenLDAP on CentOS 6.x - softwareab\",\"isPartOf\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#website\"},\"datePublished\":\"2015-02-06T03:17:04+00:00\",\"dateModified\":\"2015-02-06T03:19:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.softwareab.net\/wordpress\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"centos\",\"item\":\"https:\/\/www.softwareab.net\/wordpress\/tag\/centos\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Setup OpenLDAP on CentOS 6.x\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#website\",\"url\":\"https:\/\/www.softwareab.net\/wordpress\/\",\"name\":\"softwareab\",\"description\":\"Technocratica, Technopolitik, Technophobia\",\"publisher\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.softwareab.net\/wordpress\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\",\"name\":\"Andrew Bruce\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg\",\"contentUrl\":\"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg\",\"width\":400,\"height\":330,\"caption\":\"Andrew Bruce\"},\"logo\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/\"},\"description\":\"Team-oriented systems mentor with deep knowledge of numerous software methodologies, technologies, languages, and operating systems. Excited about turning emerging technology into working production-ready systems. Focused on moving software teams to a higher level of world-class application development. Specialties:Software analysis and development...Product management through the entire lifecycle...Discrete product integration specialist!\",\"sameAs\":[\"http:\/\/cloudraticsolutions.net\/\",\"https:\/\/www.facebook.com\/cloudraticsolutions\/\",\"https:\/\/twitter.com\/realcloudratics\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Setup OpenLDAP on CentOS 6.x - softwareab","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/","og_locale":"en_US","og_type":"article","og_title":"Setup OpenLDAP on CentOS 6.x - softwareab","og_description":"Hi All &#8211; I had to setup another LDAP server today and it was just barely painful enough to warrant a writeup \ud83d\ude42 Read more for my walkthrough!","og_url":"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/","og_site_name":"softwareab","article_publisher":"https:\/\/www.facebook.com\/cloudraticsolutions\/","article_author":"https:\/\/www.facebook.com\/cloudraticsolutions\/","article_published_time":"2015-02-06T03:17:04+00:00","article_modified_time":"2015-02-06T03:19:08+00:00","author":"Andrew Bruce","twitter_card":"summary_large_image","twitter_creator":"@realcloudratics","twitter_site":"@realcloudratics","twitter_misc":{"Written by":"Andrew Bruce","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/#article","isPartOf":{"@id":"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/"},"author":{"name":"Andrew Bruce","@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600"},"headline":"Setup OpenLDAP on CentOS 6.x","datePublished":"2015-02-06T03:17:04+00:00","dateModified":"2015-02-06T03:19:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/"},"wordCount":231,"commentCount":0,"publisher":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600"},"keywords":["centos","linux","sysadmin"],"articleSection":["SysAdmin","Teknocratica"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/","url":"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/","name":"Setup OpenLDAP on CentOS 6.x - softwareab","isPartOf":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#website"},"datePublished":"2015-02-06T03:17:04+00:00","dateModified":"2015-02-06T03:19:08+00:00","breadcrumb":{"@id":"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.softwareab.net\/wordpress\/setup-openldap-centos-6-x\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.softwareab.net\/wordpress\/"},{"@type":"ListItem","position":2,"name":"centos","item":"https:\/\/www.softwareab.net\/wordpress\/tag\/centos\/"},{"@type":"ListItem","position":3,"name":"Setup OpenLDAP on CentOS 6.x"}]},{"@type":"WebSite","@id":"https:\/\/www.softwareab.net\/wordpress\/#website","url":"https:\/\/www.softwareab.net\/wordpress\/","name":"softwareab","description":"Technocratica, Technopolitik, Technophobia","publisher":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.softwareab.net\/wordpress\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600","name":"Andrew Bruce","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/","url":"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg","contentUrl":"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg","width":400,"height":330,"caption":"Andrew Bruce"},"logo":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/"},"description":"Team-oriented systems mentor with deep knowledge of numerous software methodologies, technologies, languages, and operating systems. Excited about turning emerging technology into working production-ready systems. Focused on moving software teams to a higher level of world-class application development. Specialties:Software analysis and development...Product management through the entire lifecycle...Discrete product integration specialist!","sameAs":["http:\/\/cloudraticsolutions.net\/","https:\/\/www.facebook.com\/cloudraticsolutions\/","https:\/\/twitter.com\/realcloudratics"]}]}},"_links":{"self":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts\/933"}],"collection":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/comments?post=933"}],"version-history":[{"count":2,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts\/933\/revisions"}],"predecessor-version":[{"id":935,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts\/933\/revisions\/935"}],"wp:attachment":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/media?parent=933"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/categories?post=933"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/tags?post=933"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}