CHADDSFORDPC Chester County Customer Web Site Design, PC Computer Repair, Server Maintence. Chadds Ford, Kennet Square, West Chester, PA

LDAP setup on RHEL 5

Install, Enable and Start LDAP

Install the follwing packages openldap, openldap-servers and openldap-clients
run "chkconfig ldap on" to set the service to start at system start
run "service ldap restart" to start service

Configure slapd.conf

The following 3 lines are the most important and need to be changed to meet your environment. In this example I am using the fictional domian.local. The suffix should corespnd to the domain. The rootdn is the Administrator user for the directory. rootpw is the password for the rootdn user.

suffix "dc=domain,dc=local"
rootdn "cn=Manager,dc=domain,dc=local"
rootpw secret

Test with the command
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

Create Directory with LDIF file

You must create the base of your directory and the directory "Administrator" account. In this example the "Administrator" is called Manager. Note that the base and "Administrator" are defined in the slapd.conf file.

dn: dc=domain,dc=local
objectclass: dcObject
objectclass: organization
o: Local Domain
dc: domain

dn: cn=Manager,dc=domain,dc=local
objectclass: organizationalRole
cn: Manager

add the preceding lines into a file called mydirectory.ldif
ldapadd -x -D "cn=Manager,dc=domain,dc=local" -W -f mydirectory.ldif

Add OU's, Users and Groups

dn: ou=people,dc=domain,dc=local
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=domain,dc=local
objectClass: organizationalUnit
ou: groups

dn: uid=john,ou=people,dc=domain,dc=local
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 1000
gidNumber: 10000
userPassword: password
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: john.doe@domain.local
postalCode: 31000
l: Toulouse
o: Example
mobile: +33 (0)6 xx xx xx xx
homePhone: +33 (0)5 xx xx xx xx
title: System Administrator
postalAddress:
initials: JD

dn: cn=myusergroup,ou=groups,dc=domain,dc=local
objectClass: posixGroup
cn: myusergroup
gidNumber: 10000

add the preceding lines into a file called mydirectory2.ldif. You can modify the OU's,Groups and Users. You can also add more OU's, Groups and Users by adding an entry for each.
ldapadd -x -D "cn=Manager,dc=domain,dc=local" -W -f mydirectory2.ldif

Test

Now test using the ldapsearch command.
ldapsearch -x -b 'dc=domain,dc=local' '(objectclass=*)'

Links

OpenLDAP Software 2.4 Administrator's Guide: A Quick-Start Guide
RHEL 5 Deployment Guide - Chapter 24. Lightweight Directory Access Protocol
Ubuntu Server Guide 9.04 - OpenLDAP Server