Connect with us

Hi, what are you looking for?

Linux

How to Install LDAP on CentOS 7

How to LDAP Configuration and Install on CentOS 7 / RHEL 7 / SL7 / OL7. LDAP is abbreviated as Light Weight Directory Access Protocol. It is a type of authentication mechanism which provide centralized authentication to the users and across different systems.This LDAP is independent mechanism which provide centralized login from Linux to other operating system remotely such as, Linux & windows, etc. This mechanism is purely works on two default ports such as 389 & 636.

Directory Services In all and different platforms

  1. Microsoft: Active directory Services
  2. MAC: Apple DIR Services
  3. NOVEL: Novel DIR Service
  4. Sun Solaris: Sun DIR Services
  5. Linux: Redhat DIR Services, Fedora DIR Services, etc.

OpenLDAP Servers

This is a default application in Linux versions which implement LDAP Server practically This application is a free source & open source application which comes inbuilt with OS to configure LDAP.

  1. Centralized Login Services in Linux
  2. NIS (LXL) Login
  3. NIS + = LXW Login
  4. Samba PDC( Primary Domain Controller)= LXW Login
  5. Samba windbind = WXL Login
  6. LDAP = LXW &LXL Login

LDAP & NIS Servers

This both are the default services in Linux which can be implement by using ypserv & open LDAP – Servers. Default applications to provide centralized login to the user and across different system, but there are some difference between these two:

  1. NIS
  2. LDAP

1. NIS: It is platform Dependent. It works on random ports. Its is less secure because it transfers the passwords in decrypted format. It has no firewall support. It has no domain hierarchy support.
2. LDAP: It is a platform independent. It works on standard ports like 389, 636. It is more secure because it transfers the user’s password by encrypting it with the help of 636 port. Firewall supported because it works on standard ports. It has Hierarchy domain support. BDB (Berkeley Database) is the LDAP Database by default comes with BDB application which maintain LDAP database.

Structure of LDAP Database:

LDAP structure can be maintain with the help of object class and schema

  1. Object Class: The collection of properties like DN(Distinguish Name), DC (Domain Container), OU (Organizational Unit) & UID is called object class.
  2. Schema: The collection of users properties like Pin code, emp ID, etc is called schema.

Requirement of LDAP

  • Software = openldap* ldap* nss* db*
  • Config file = vi / etc/ openldap / sladp.conf
  • Files= /usr/share / openldap/ migration / migrate_common.ph
  • Data Base = /var / lib / ldap
  • Service = Ldap
  • Port = 389, 636
  • Daemon = ldap
  • DBfile == DB_CONFIG.sample

To configure LDAP (In LDAP server)

Step-1 (Check & install the s/w)
# yum install openldap* ldap* nss* db* -y
Step-2 (Check & change the hostname)
# hostname ldap.techbrown.com
# vi /etc/sysconfig/network
# vi /etc/hosts
Step-3 (Edit 1st ldap file)
# vi /etc/openldap/sladp.conf

In 85th line change domain

“dc=techbrown, dc=com”

In 86th line

“cn=manager, dc=techbrown, d=com”

In last line provide password

Advertisement. Scroll to continue reading.
Rootpw a

:wq

Step-4 (Edit 2nd ldap file)
# vi /user/openldap/migration/migrate_common.ph
:l, $ /padl/techbrown

:wq

Step-5(Copy DB file into Default Dir)
# cd /var/lib/ldap
# cp – rv /etc/openldap/DB_CONFIG.example /var/lib/ldap
Step-6 (Rename filename)
# mvDB_CONFIG.example DB_CONFIG
# chown Ldap.ldap DB_CONFIG
# systemctl restart ldap
Step-7 (Create Domain File)
# cd /etc/openldap
# vi techbrown.com.ldif
Dn:<>dc=techbrown, dc=com
Dc:<>techbrown
Object class :<> dc objecrt
Object class : <>organizational Unit
Ou: <>people

:wq

# vi ou.ldif
Dn: ou=people, dc=techbrown, dc=com
Ou:people
Object Class : Organizational Unit

:wq

Step-8 (Add user and passwords)
# user add techbrown
Passwd techbrown
Step-9 (Create ldap DB)
# grep techbrown /etc/paswd >> /etc/openldap/techbrown.passwd
# grep /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/techbrown.passwd
# cat /etc/openldap?techbrown.ldif
Step-10 (Add all 3 filesinto LDAP DB)
# ldapadd –x –D “ cn=Manager,, dc= techbrown, dc= com” –w –f /etc/openldap/techbrown.com.ldif
Passwd techbrown

Note:- Follow above same command to add ou.ldif and techbrown.com.ldif (repeat the process)

Configure NFS Server

# yum install nfs* -y
# vi /etc/exports/home* (rw, sync)

:wq

Advertisement. Scroll to continue reading.
# systemctl restart nfs

To check in client system

# authconfig –twi > ldap >
Server 192.168.0.1 (ldap server lp)
Dc = techbrown, dc = com [ok]
Step-1 (Mount to server home dir to share user dir)
# mount 192.168.0.1: /home/techbrown
# su –techbrown
# mkdir data{192.168.0.1}
Step-2 (To check user data, move to server & check)
# ls /home/techbrown
Step-3 (Inclient system to login from GUI)
# vi/etc/fstab
192.168.0.1: /home/home. Nfs defaults

:wq

Step-4 (Restart the services permanent)
# systemctl enable network
# systemctl enable portmap
# reboot
Step-5 (To give client User No login permission)
# usermod –s /sbin/nologin techbrown
# grep techbrown /etc/passwd >> /etc/openldap/techbrown.passwd
# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/techbrown.passwd /etc/openldap/techbrown.ldif
# ldapmodify –x –D “cn= Manager, dc = techbrown, dc = com” –w –f /etc/openldap/techbrown.ldif
# ldapsearch –x –b “dc = techbrown,dc = com(object class = *)’

Note:- To give the user –No login permission the service should started permanently
# systemctl enable network
# systemctl enable portmap

Final Results

LDAP is the authentication protocol that must be added on each enterprise Linux distributions to increase security and usage of Linux based distributions. For more support on this article use the comment section below. and congratulations now you have added the LDAP on your servers.

Comments
Advertisement
Advertisement

Linux

DNF stands Dandified YUM and this is the default package manager for RHEL 8 / CentOS 8.  This tutorial explains you how to create...

Linux

If you forget a root password of your RHEL 8 and CentOS 8 and want to reset the password so that the RHEL 8...

Windows

How to auto upgrade JioFi firmware for JioFi 2 / JioFi 3 / JioFi 4 / JioFi 5 / JioFi 6 and other JioFi...

Linux

How to Upgrade WordPress Server from Ubuntu 16.04 to Ubuntu 18.04. Right now, Ubuntu 18.04 has been released with tons of new features. Upgrading...

Linux

How to Enable TLS 1.3 on Nginx Web Server. Nginx is a ultra fast web server optimized for modern web applications and servers. TLS...

Advertisement

You May Also Like

Windows

How to auto upgrade JioFi firmware for JioFi 2 / JioFi 3 / JioFi 4 / JioFi 5 / JioFi 6 and other JioFi...

Windows

How to download and install the Mobile Intel 4 Series Express Chipset Graphics Drivers for Windows 10.  Windows 10 is the one of the...

Windows

Internet is the most important public network for connecting to the WEB. For internet connection requirement the ISP is required as well as it...

Windows

How to Install and Configure PCSX2 on Windows 10. The Windows 10 is the most recommended operating system for the Games. In stream platform...