LDAP Configuration and Install on CentOS 7 / RHEL 7

How to LDAP Configuration and Install on CentOS 7 / RHEL 7 / SL7 / OL7. LDAP is abbreviated as Light Weight Directory Access Protocol. It is a type of authentication mechanism which provide centralized authentication to the users and across different systems.This LDAP is independent mechanism which provide centralized login from Linux to other operating system remotely such as, Linux & windows, etc. This mechanism is purely works on two default ports such as 389 & 636.

Directory Services In all and different platforms

  1. Microsoft: Active directory Services
  2. MAC: Apple DIR Services
  3. NOVEL: Novel DIR Service
  4. Sun Solaris: Sun DIR Services
  5. Linux: Redhat DIR Services, Fedora DIR Services, etc.

OpenLDAP Servers

This is a default application in Linux versions which implement LDAP Server practically This application is a free source & open source application which comes inbuilt with OS to configure LDAP.

  1. Centralized Login Services in Linux
  2. NIS (LXL) Login
  3. NIS + = LXW Login
  4. Samba PDC( Primary Domain Controller)= LXW Login
  5. Samba windbind = WXL Login
  6. LDAP = LXW &LXL Login

LDAP & NIS Servers

This both are the default services in Linux which can be implement by using ypserv & open LDAP – Servers. Default applications to provide centralized login to the user and across different system, but there are some difference between these two:

  1. NIS
  2. LDAP

1. NIS: It is platform Dependent. It works on random ports. Its is less secure because it transfers the passwords in decrypted format. It has no firewall support. It has no domain hierarchy support.

2. LDAP: It is a platform independent. It works on standard ports like 389, 636. It is more secure because it transfers the user’s password by encrypting it with the help of 636 port. Firewall supported because it works on standard ports. It has Hierarchy domain support. BDB (Berkeley Database) is the LDAP Database by default comes with BDB application which maintain LDAP database.

Structure of LDAP Database:

LDAP structure can be maintain with the help of object class and schema

  1. Object Class: The collection of properties like DN(Distinguish Name), DC (Domain Container), OU (Organizational Unit) & UID is called object class.
  2. Schema: The collection of users properties like Pin code, emp ID, etc is called schema.

Requirement of LDAP

  • Software = openldap* ldap* nss* db*
  • Config file = vi / etc/ openldap / sladp.conf
  • Files= /usr/share / openldap/ migration / migrate_common.ph
  • Data Base = /var / lib / ldap
  • Service = Ldap
  • Port = 389, 636
  • Daemon = ldap
  • DBfile == DB_CONFIG.sample

To configure LDAP (In LDAP server)

Step-1 (Check & install the s/w)
# yum install openldap* ldap* nss* db* -y
Step-2 (Check & change the hostname)
# hostname ldap.techbrown.com

# vi /etc/sysconfig/network

# vi /etc/hosts
Step-3 (Edit 1st ldap file)
# vi /etc/openldap/sladp.conf

In 85th line change domain

“dc=techbrown, dc=com”

In 86th line

“cn=manager, dc=techbrown, d=com”

In last line provide password

Rootpw a

:wq

Step-4 (Edit 2nd ldap file)
# vi /user/openldap/migration/migrate_common.ph

:l, $ /padl/techbrown

:wq

Step-5(Copy DB file into Default Dir)
# cd /var/lib/ldap

# cp – rv /etc/openldap/DB_CONFIG.example /var/lib/ldap
Step-6 (Rename filename)
# mvDB_CONFIG.example DB_CONFIG

# chown Ldap.ldap DB_CONFIG

# systemctl restart ldap
Step-7 (Create Domain File)
# cd /etc/openldap

# vi techbrown.com.ldif

Dn:<>dc=techbrown, dc=com
Dc:<>techbrown
Object class :<> dc objecrt
Object class : <>organizational Unit
Ou: <>people

:wq

# vi ou.ldif

Dn: ou=people, dc=techbrown, dc=com
Ou:people
Object Class : Organizational Unit

:wq

Step-8 (Add user and passwords)
# user add techbrown
Passwd techbrown
Step-9 (Create ldap DB)
# grep techbrown /etc/paswd >> /etc/openldap/techbrown.passwd

# grep /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/techbrown.passwd

# cat /etc/openldap?techbrown.ldif
Step-10 (Add all 3 filesinto LDAP DB)
# ldapadd –x –D “ cn=Manager,, dc= techbrown, dc= com” –w –f /etc/openldap/techbrown.com.ldif
Passwd techbrown

Note:- Follow above same command to add ou.ldif and techbrown.com.ldif (repeat the process)

Configure NFS Server

# yum install nfs* -y

# vi /etc/exports/home* (rw, sync)

:wq

# systemctl restart nfs

To check in client system

# authconfig –twi > ldap >
Server 192.168.0.1 (ldap server lp)
Dc = techbrown, dc = com [ok]
Step-1 (Mount to server home dir to share user dir)
# mount 192.168.0.1: /home/techbrown

# su –techbrown

# mkdir data{192.168.0.1}
Step-2 (To check user data, move to server & check)
# ls /home/techbrown
Step-3 (Inclient system to login from GUI)
# vi/etc/fstab

192.168.0.1: /home/home. Nfs defaults

:wq

Step-4 (Restart the services permanent)
# systemctl enable network

# systemctl enable portmap

# reboot
Step-5 (To give client User No login permission)
# usermod –s /sbin/nologin techbrown

# grep techbrown /etc/passwd >> /etc/openldap/techbrown.passwd

# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/techbrown.passwd /etc/openldap/techbrown.ldif

# ldapmodify –x –D “cn= Manager, dc = techbrown, dc = com” –w –f /etc/openldap/techbrown.ldif

# ldapsearch –x –b “dc = techbrown,dc = com(object class = *)’

Note:- To give the user –No login permission the service should started permanently

# systemctl enable network
# systemctl enable portmap

Final Results

LDAP is the authentication protocol that must be added on each enterprise Linux distributions to increase security and usage of Linux based distributions. For more support on this article use the comment section below. and congratulations now you have added the LDAP on your servers.

Hot Right Now

Related Post

COMMENTS