$ yum install openldap*
$rpm -qa | grep ldapTake backup for slapd.conf $ /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak Edit the file /etc/openldap/slapd.conf we need to change some lines suffix, rootdn and the two rootpw lines. Suffix is the high level descriptor you selected above. The rootdn is who (the user) that owns the server and should start with cn=. The first root password (rootpw) line should be set to secret. You can generate an encrypted password for the second rootpw line using the command: $ slappasswdJust cut and paste the output of the slappasswd command into the second rootpw line in slapd.conf $ vim /etc/openldap/slapd.conf suffix "dc=bloger,dc=com" bloger is a your domain name rootdn "cn=Manager,dc=bloger,dc=com" rootpw secret rootpw {SSHA}Install is simple.MRNBda83kd9f7d7did902mLA1x0AVO WMRBua save & exit this file. open ldap.conf file. $ vim /etc/openldap/ldap.conf change 2 line in this file HOST 127.0.0.1 BASE dc=bloger,dc=com save & exit this file. LDAP Migration tools-:These tools are located in /usr/share/openldap/migration. If you don't find them in your distribution you can download these tools from: http://www.padl.com/OSS/ MigrationTools.html
untar zxf MigrationTools.tgz
cd MigrationTools-47You then must edit migrate_common.ph and change the following site-specific variables to reflect your installation:
Now we need to add the base entries into the LDAP. Here is an example of a new base org. units you may need and a user new user. The file we will create in out example is bloger.com.ldif.# Default DNS domain $DEFAULT_MAIL_DOMAIN = "bloger.com"; # Default base $DEFAULT_BASE = "dc=blger,dc=com
Create a data file (bloger.ldif) & copy following content.
$ tuch bloger.ldifdn: dc=bloger,dc=com
objectclass: top objectclass: organization o: bloger description: Top level LDAP for bloger.com dn: ou=Group,dc=bloger,dc=com ou: Group objectClass: top objectClass: organizationalUnit dn: ou=People,dc=bloger,dc=com ou: People objectClass: top objectClass: organizationalUnit dn: ou=Services,dc=bloger,dc=com ou: Services objectClass: top objectClass: organizationalUnitsave this file.
$ /usr/share/openldap/
Import first record
$ ldapadd -a -W -x -D "cn=Manager,dc=bloger,dc=com"
$ ldapsearch -x -b 'dc=bloger,dc=com' 'objectclass=*
Create test user-:create file newrec.ldif for test user & add some content in this file.
$ touch bloger.ldif
note- You need an empty line before each line starting with "dn:"
$ vim bloger.ldif
# test1, < style="font-weight: bold;">bloger, com dn: uid=test,ou=People,dc=bloger,save & exit this file.dc=com cn: test sn: test objectClass: top objectClass: person objectClass: posixAccount objectClass: shadowAccount userPassword: {crypt}$!Z0ksiAKjsKLAsjuwyuAK! jksX uid: test uidNumber: 501 gidNumber: 501 loginShell: /bin/bash homeDirectory: /home/test shadowLastChange: 10877 shadowMin: 0 shadowMax: 999999 shadowInactive: -1 shadowWarning: 7 shadowFlag: 0 shadowExpire: -1
The dn: record must be uniqe and should include the include your suffix.
Add the record to your LDAP
To add a record to the ldap database we use the command ldapadd
$ ldapadd -W -x -D "cn=Manager,dc=bloger,dc=com" -W -f newrec.ldif
$ ldapsearch -x -b 'cn=test,dc=bloger,dc=com'$ getent passwdClient Side Authentication-:1. Click System, select Administration and click Authentication. This will launch the Authentication Configuration window. 2. Check Enable LDAP Support and click the Configure LDAP button 3. Fill in the LDAP Search Base DN and LDAP Server fields. Click Ok when you are done. 4. Click the Authentications tab and check Enable LDAP Support. To test this, create a user in your LDAP directory that is not in your machine. Then check the account by fingering the user. For example, if you add the test record for you should be able to essue the command:
$ finger test1
