openLDAP Client Config for CentOS 6

5,359

After conducting a lot of research, i finally was able to get LDAP installed on CentOS, and make it as my Central Authentication Server.

this is what i did.

#

SERVER

#

yum -y install openldap openldap-clients openldap-servers cyrus nss-pam-ldapd pam_ldap

yum -y install nscd

cd /etc/openldap/slapd.d/cn\=config/

vi olcDatabse*

edited all the olcDatabase files which had dn.base: dc=my-domain,dc=com to dc=example,dc=com

and cnRoot to cn=admin,dc=example,dc=com

slappasswd -h {SHA}

password:

re-type password:

{SHA}htbwnsaklreh=

copy the output and paste it in olcDatabase*bdb.ldif

olcRootPW: {SHA}htbwnsaklreh=

cd /etc/sysconfig

vi ldap

change SLAPD_LDAPS=no to yes

start log for slapd

echo "local4.* /var/log/slapd.log" >> /etc/rsyslog.conf

service rsyslog restart

/etc/init.d slapd start

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

chown -R ldap:ldap /var/lib/ldap/DB_CONFIG

chown -R ldap:ldap /etc/openldap/slapd.d

iptables -A INPUT -m state --state new -m tcp -p tcp --dport 389 -j ACCEPT

#

CLIENT and Tree initialization

#

for the client config, i followed the steps mentioned by Mr. Adrian, in his post on here

http://wiki.centos.org/AdrianHall/CentralizedLDAPAuth

THIS SHOULD HELP YOU SET-UP openLDAP on centOS 6 as well as CentOS6.4, i have tried it on these two versions Personally.

Share:
5,359

Related videos on Youtube

Vijit Jain
Author by

Vijit Jain

Updated on September 18, 2022

Comments

  • Vijit Jain
    Vijit Jain about 1 year

    I have been trying to get the users on the LDAP server to get authenticated over centOS 6 clients, but, the client will not accept the passwords of the LDAP users.

    I have Ubuntu Systems which successfully does the job, with the basic settings.

    How do I enable LDAP users to be able to log-in to the CentOS servers, and also be able to change their LDAP passwords from the CentOS clients?

    I have followed the tutorial mentioned on this link http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=2

    and a few more that i found over google.

  • Vijit Jain
    Vijit Jain over 10 years
    i have the LDAP server with proper FQDN - something like dc=example,dc=com... LDAP tree suffixes are proper, I know this, coz i have been able to authenticate Ldap users from Ubuntu Client Systems... on the CentOS system(the one troubling me)- command - id test1 --gives necessary information (test1 is a user on LDAP and not a local client user)...
  • Vijit Jain
    Vijit Jain over 10 years
    port 389 is opened, anyways, i have flushed the IPtables on the client and server, so this should not be a problem
  • Vijit Jain
    Vijit Jain over 10 years
    i do not want to use SSL, as of now, i just need to get the users working, SSL was not setup on the server, so it would be a hectic issue, considering i will have to setup the server again (which was very difficult in the first place)
  • Swartz
    Swartz over 10 years
    Make sure to save the IPtables and restart IPtables just in case. I've been bit by IPtables a few time before even tho I have made the necessary changes to rules. However if you are able to query LDAP from the CentOS client, then firewall isn't the likely reason. Re-check configs. Would be helpful if you posted the settings that you have. Someone might spot the issue.
  • Swartz
    Swartz over 10 years
    Use or not use SSL, but be aware that without SSL or some other way of securely sending user credentials, the information may be visible to others. Just a suggestion. Proceed at your own risk.
  • Swartz
    Swartz over 10 years
    Check logs for error message on both client and server. These might contain hints.