Today, we will show you, How to install LDAP on CentOS 7. LDAP, or Lightweight Directory Access Protocol, is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. It can be used to store any kind of information and it is often used as one component of a centralized authentication system. Installing and configuring an OpenLDAP server on CentOS 7, it’s fairly easy task, just carefully follow the tutorial below and you should have it installed in less than 10 minutes.
Update the system
As usual before installing new software, update all your system packages to the newest available version first:
# yum update
Install OpenLDAP
We are going to begin by installing the packages required for OpenLDAP functionality:
# yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel
We will also start the LDAP daemon and enable it on boot:
# systemctl start slapd.service # systemctl enable slapd.service
Run the slappasswd command to set a LDAP root password and save the output because we are going to need it to configure OpenLDAP:
# slappasswd
We’ll configure the OpenLDAP server now. We’ll create a few LDIF files and then we will use the ldapmodify command to deploy the configuration to the server. The files will be stored in ‘/etc/openldap/slapd.d’ and they shouldn’t be edited manually.
The ‘db.ldif’ file will update the olcSuffix variable which will add the distinguished name to queries that will be passed to the backend database, it will configure the domain name for which your LDAP server will provide account information, and it will update the olcRootDN variable which specifies the root distinguished name user that will have administrator access to the LDAP server.
Our domain is field.linuxhostsupport.com, and written inside the ‘db.ldif’ file it looks like this ‘dc=field,dc=linuxhostsupport,dc=com’ and our root distinguished name is ‘cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com’.
Configure OpenLDAP
Create the db.ldif file using nano or an editor of your preference and paste the following content in:
# nano db.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=field,dc=linuxhostsupport,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: hashed_output_from_the_slappasswd_command
Deploy the configuration using ldapmodify:
# ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
Now restrict monitor access only to the ldapadm user:
# nano monitor.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com" read by * none
Deploy the configuration change again:
# ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
Now we will generate a certificate and a private key so we can communicate securely with the OpenLDAP server. We will use the command below to do that:
openssl req -new -x509 -nodes -out \ /etc/openldap/certs/myldap.field.linuxhostsupport.com.cert \ -keyout /etc/openldap/certs/myldap.field.linuxhostsupport.com.key \ -days 365
Change the owner and group permissions so OpenLDAP can read the files:
# chown -R ldap:ldap /etc/openldap/certs
Now create certs.ldif to configure OpenLDAP to use the LDAPS protocol:
# nano certs.ldif dn: cn=config changetype: modify replace: olcTLSCertificateFile olcTLSCertificateFile: /etc/openldap/certs/myldap.field.linuxhostsupport.com.cert dn: cn=config changetype: modify replace: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.field.linuxhostsupport.com.key
We can then deploy the configuration again:
# ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif
Now test the configuration using the following command:
# slaptest -u
Setting up the OpenLDAP database
Now we can set up the LDAP database, start by copying the sample database configuration file to ‘/var/lib/ldap’ and change the file permissions:
# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG # chown -R ldap:ldap /var/lib/ldap
Add the LDAP schemas:
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
And now create a base.ldif file for your domain:
# nano base.ldif dn: dc=field,dc=linuxhostsupport,dc=com dc: field objectClass: top objectClass: domain dn: cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com objectClass: organizationalRole cn: ldapadm description: LDAP Manager dn: ou=People,dc=field,dc=linuxhostsupport,dc=com objectClass: organizationalUnit ou: People dn: ou=Group,dc=field,dc=linuxhostsupport,dc=com objectClass: organizationalUnit ou: Group
We will deploy these configuration changes to the OpenLDAP server using the ldapadm user:
# ldapadd -x -W -D "cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com" -f base.ldif
Enter the root password when prompted.
If you need to add users it’s easier to add them with a GUI, we recommend using Apache Directory Studio or JXplorer for this.
That’s it you should now have successfully installed LDAP on CentOS 7.
Of course you don’t have to install LDAP on CentOS 7, if you use one of our Linux server support services, in which case you can simply ask our expert Linux admins to configure this for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post, on how to install LDAP on CentOS 7, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.
Finally a Open Ldap tutorial that works!!!!! a billion stars for the author!
Hi Getting the below error .Please let me know what to do.
systemctl start slapd
Job for slapd.service failed because the control process exited with error code. See “systemctl status slapd.service” and “journalctl -xe”
Hi Sriram,
You can run the
systemctl status slapd.servicecommand as suggested, for more details about the issue.[root@mspildapsrv lib]# systemctl status slapd.service
● slapd.service – OpenLDAP Server Daemon
Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2018-08-22 03:51:49 IST; 18s ago
Docs: man:slapd
man:slapd-config
man:slapd-hdb
man:slapd-mdb
file:///usr/share/doc/openldap-servers/guide.html
Process: 3571 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=1/FAILURE)
Process: 3555 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
Aug 22 03:51:45 mspildapsrv.com slapd[3571]: ldif_read_file: checksum error on “/etc/openld…if”
Aug 22 03:51:49 mspildapsrv.com slapd[3571]: Could not get the realpath: No such file or di…ory
Aug 22 03:51:49 mspildapsrv.com slapd[3571]: main: TLS init def ctx failed: -1
Aug 22 03:51:49 mspildapsrv.com slapd[3571]: DIGEST-MD5 common mech free
Aug 22 03:51:49 mspildapsrv.com slapd[3571]: slapd stopped.
Aug 22 03:51:49 mspildapsrv.com slapd[3571]: connections_destroy: nothing to destroy.
Aug 22 03:51:49 mspildapsrv.com systemd[1]: slapd.service: control process exited, code=exi…s=1
Aug 22 03:51:49 mspildapsrv.com systemd[1]: Failed to start OpenLDAP Server Daemon.
Aug 22 03:51:49 mspildapsrv.com systemd[1]: Unit slapd.service entered failed state.
Aug 22 03:51:49 mspildapsrv.com systemd[1]: slapd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
I hope your found your answer, you can just reinstall openldap services again and start the process if you did not go far
sudo yum reinstall openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel
I had this same problem. The default config of the database has directives that point to certain paths and files for certificates. You most likely don’t have those certificates in place yet. What you need to do is either comment out those lines that are looking for certs, or create certs and place them where those directives are looking for.
Ofcourse, since slapd is not running you cannot use ldapmodify to make these changes. See the answer to this post: https://serverfault.com/questions/863274/modify-openldap-cn-config-without-slapd-running
Once you either comment out those lines that are looking for certs, or place certs in the correct locations, you will be able to start slapd and use ldapmodify from then on.
I encountered this on Centos 7. The problem was SElinux.
edit /etc/selinux/config
SELINUX=enforcing can be changed to SELINUX=disabled
See if that fixes it.
which password exactly i should enter? The one I created in slappassword line or the one who terminal back to me when i entered? Anyway, in the last last step none of them dont’t work, i’ve tried severeal times, i couldn’t type wrong one so many times.
Thanks in advance
When deploying configuration changes to the OpenLDAP server you need to enter the LDAP root password you set up earlier. Thanks
Hi, I have an same problem , after following all steps to the one character , I got the message for the last step : Enter LDAP Password: ldap_bind: Invalid credentials (49).. I tried to change the password, once again and the same. Only error I got from the OS , was after edit the certs.ldif.
ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif
…
modifying entry “cn=config”
ldap_modify: Other (e.g., implementation specific) error (80)
I will little play with that 🙂 but I typing the password correctly
Nice day and thank you for post.. Really helpfull
Regarding the error with certs.ldif, try changin the order and put the key first, like this:
——————————————————–
dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.field.linuxhostsupport.com.key
dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/myldap.field.linuxhostsupport.com.cert
—————————————————————–
Regarding the password, you are supposed to use the plain text version of the password. So if your password is “supersecretpassword”, write that. You might want to check that you entered hashed version at the bottom of the db.ldif file.
It’s a generic line there that should be changed to the hashed password.
….
olcRootPW: hashed_output_from_the_slappasswd_command
A couple of questions:
1. What is meant by “monitor access”?
2. Why was the ldapadm user created? Where is it used?
1. When the monitoring interface is enabled, LDAP clients may be used to access information provided by the monitor backend, subject to access and other controls
2. We created ldapadm user so we can deploy configuration changes to the OpenLDAP server.
Ran all the steps without errors.
Using ldap_bind() and ldap_search from PHP, I can see users (can’t see ldapadm, though).
Using ldap_bind(user,password), the binding fails.
How do I add a user which can then be authenticated using PHP? A non-OS user, one that exists in the LDAP only.
Are you getting an error message when trying to authenticate using ldap_bind(user,password)?
yes…what to do?
[root@linuxhostsupport ~]# ldapadd -x -W -D “cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com” -f base.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Please help on this..
Please double check the credentials you are using. The password you are entering seems to be incorrect.
I have the same problem and the password is definitely correct. The ldapadm dn is mine too.
What else could the problem be?
I got around this by doing:
ldapadd -x -W -D “cn=ldapadm,dc=xys,dc=co,dc=uk” -f base.ldif -H ldap://localhost
ldapadd -x -W -D “cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com” -f base.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I confirm that password entered is correct one.
You need to use your own domain name instead dc=linuxhostsupport.
this is my base.ldif:
dn: dc=cycleon,dc=com
dc: admin
objectClass: top
objectClass: domain
dn: cn=admin,dc=cycleon,dc=com
objectClass: organizationalRole
cn: admin
description: LDAP Admin
dn: ou=People,dc=cycleon,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=field,dc=com
objectClass: organizationalUnit
ou: Group
when trying the last command:
]# ldapadd -x -W -D “cn=admin,dc=cycleon,dc=com” -f base.ldif
Enter LDAP Password:
adding new entry “dc=cycleon,dc=com”
ldap_add: Naming violation (64)
additional info: value of single-valued naming attribute ‘dc’ conflicts with value present in entry
the base.ldif looks correct to me, can you please help?
Hi Ruben,
Try using ‘dc=cycleon’ instead of ‘dc: admin’ on the second line of the file.
Meanwhile, congratulations for the guide. I have a problem with the last step:
ldapadd -x -W -D “cn=ldapadm,dc=ldap,dc=halldis,dc=cloud” -f base.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I need to use encrypted password o clear password?
It does not work in both cases.
Thanks
After deploy of db.ldif:
[root@X slapd.d]# vim db.ldif
[root@X slapd.d]# ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldapmodify: wrong attributeType at line 5, entry “olcDatabase={2}hdb,cn=config”
It was a space in a new line.
What do you mean ? I have the same error, can you send the correct version please ?
OK i have it :D. To all others. In the 2 new lines there are white spaces you must delete them ;).
thanks 🙂
thanks a lot!
centos]# ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry “cn=config”
ldap_modify: Other (e.g., implementation specific) error (80)
Please try to change the permissions of the ‘/etc/openldap/certs’ directory:
chown -R ldap:ldap /etc/openldap/certs
I encountered the similar problem, I found a workaround by splitting the file in two, and load each section in two different ldap_modify command. Perhaps try that?
fixed this by swapping the order of the key/cert entries in certs.ldif.
It works for me. Thanks a lot Mike!
ive done both, swapping the sequence nor chown..but still get the same error
I have exactly the same issue nothing helps, chmod, swapping key with cert order. any other suggestions??
I’ve enabled debug mode and get this output from ldapmodify command
ber_scanf fmt ({) ber:
ber_dump: buf=0x5640523751a0 ptr=0x5640523751a5 end=0x564052375205 len=96
0000: 66 5e 04 09 63 6e 3d 63 6f 6e 66 69 67 30 51 30 f^..cn=config0Q0
0010: 4f 0a 01 02 30 4a 04 18 6f 6c 63 54 4c 53 43 65 O…0J..olcTLSCe
0020: 72 74 69 66 69 63 61 74 65 4b 65 79 46 69 6c 65 rtificateKeyFile
0030: 31 2e 04 2c 2f 65 74 63 2f 6f 70 65 6e 6c 64 61 1..,/etc/openlda
0040: 70 2f 63 65 72 74 73 2f 6c 64 61 70 2d 63 70 34 p/certs/ldap-cp4
0050: 73 2e 64 61 72 6b 64 6f 74 2e 63 6f 2e 6b 65 79 s.darkdot.co.key
ber_flush2: 101 bytes to sd 4
0000: 30 63 02 01 02 66 5e 04 09 63 6e 3d 63 6f 6e 66 0c…f^..cn=conf
0010: 69 67 30 51 30 4f 0a 01 02 30 4a 04 18 6f 6c 63 ig0Q0O…0J..olc
0020: 54 4c 53 43 65 72 74 69 66 69 63 61 74 65 4b 65 TLSCertificateKe
0030: 79 46 69 6c 65 31 2e 04 2c 2f 65 74 63 2f 6f 70 yFile1..,/etc/op
0040: 65 6e 6c 64 61 70 2f 63 65 72 74 73 2f 6c 64 61 enldap/certs/lda
0050: 70 2d 63 70 34 73 2e 64 61 72 6b 64 6f 74 2e 63 p-cp4s.darkdot.c
0060: 6f 2e 6b 65 79 o.key
ldap_write: want=101, written=101
0000: 30 63 02 01 02 66 5e 04 09 63 6e 3d 63 6f 6e 66 0c…f^..cn=conf
0010: 69 67 30 51 30 4f 0a 01 02 30 4a 04 18 6f 6c 63 ig0Q0O…0J..olc
0020: 54 4c 53 43 65 72 74 69 66 69 63 61 74 65 4b 65 TLSCertificateKe
0030: 79 46 69 6c 65 31 2e 04 2c 2f 65 74 63 2f 6f 70 yFile1..,/etc/op
0040: 65 6e 6c 64 61 70 2f 63 65 72 74 73 2f 6c 64 61 enldap/certs/lda
0050: 70 2d 63 70 34 73 2e 64 61 72 6b 64 6f 74 2e 63 p-cp4s.darkdot.c
0060: 6f 2e 6b 65 79 o.key
ldap_result ld 0x564052367480 msgid 2
wait4msg ld 0x564052367480 msgid 2 (timeout 100000 usec)
wait4msg continue ld 0x564052367480 msgid 2 all 1
** ld 0x564052367480 Connections:
* host: (null) port: 0 (default)
refcnt: 2 status: Connected
last used: Sun Jul 26 21:20:28 2020
** ld 0x564052367480 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x564052367480 request count 1 (abandoned 0)
** ld 0x564052367480 Response Queue:
Empty
ld 0x564052367480 response count 0
ldap_chkResponseList ld 0x564052367480 msgid 2 all 1
ldap_chkResponseList returns ld 0x564052367480 NULL
ldap_int_select
read1msg: ld 0x564052367480 msgid 2 all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 02 67 07 0a 0….g..
ldap_read: want=6, got=6
0000: 01 50 04 00 04 00 .P….
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x5640523761f0 ptr=0x5640523761f0 end=0x5640523761fc len=12
0000: 02 01 02 67 07 0a 01 50 04 00 04 00 …g…P….
read1msg: ld 0x564052367480 msgid 2 message type modify
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x5640523761f0 ptr=0x5640523761f3 end=0x5640523761fc len=9
0000: 67 07 0a 01 50 04 00 04 00 g…P….
read1msg: ld 0x564052367480 0 new referrals
read1msg: mark request completed, ld 0x564052367480 msgid 2
request done: ld 0x564052367480 msgid 2
res_errno: 80, res_error: , res_matched:
ldap_free_request (origid 2, msgid 2)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_dump: buf=0x5640523761f0 ptr=0x5640523761f3 end=0x5640523761fc len=9
0000: 67 07 0a 01 50 04 00 04 00 g…P….
ber_scanf fmt (}) ber:
ber_dump: buf=0x5640523761f0 ptr=0x5640523761fc end=0x5640523761fc len=0
ldap_msgfree
ldap_err2string
ldap_modify: Other (e.g., implementation specific) error (80)
ldap_free_connection 1 1
ldap_send_unbind
ber_flush2: 7 bytes to sd 4
0000: 30 05 02 01 03 42 00 0….B.
ldap_write: want=7, written=7
0000: 30 05 02 01 03 42 00 0….B.
ldap_free_connection: actually freed
[root@localhost ~]# ldapadd -x -W -D “cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com” -f base.ldif
Enter LDAP Password:
ldap_bind: Server is unwilling to perform (53)
additional info: unauthenticated bind (DN with no password) disallowed
i need change the password
[root@centos user]# hostname
field
[root@centos user]# cat /etc/resolv.conf
# Generated by NetworkManager
search linuxhostsupport.com
nameserver 8.8.8.8
nameserver 8.8.4.4
Above line is my hostname.
When I was try to modify certs.ldif file .
I got ” modifying entry “cn=config”
ldap_modify: Other (e.g., implementation specific) error (80) ”
vim certs.ldif
dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/myldap.field.linuxhostsupport.com.cert
dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.field.linuxhostsupport.com.key
May I how how can I trace to solve it.
# ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry “cn=config”
ldap_modify: Other (e.g., implementation specific) error (80)
Please may I know which state has wrong?
Did you generate a certificate and private key for your server hostname?
i am having password issues as most i see on here is, i do not see a fix or way to reset it…
i believe the ;password is linked to the cn. how can i see the username and password i should be using or reset it.. mainly the username
may be the same mistake as I did initially…in step Configure OpenLDAP you should enter as password the complete line returned from slappasswd command, including {SSHA}…at least this was the issue I had
ldapmodify: wrong attributetype at line 9, entry “olcDatabase={2}hdb,cn=config”
At certs.ldif i have change order to olcTLSCertificateKeyFile first and olcTLSCertificateFile after. Its works for me
Getting the following error :
[root@LDAP slapd.d]# ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldapmodify: wrong attributeType at line 5, entry “olcDatabase={2}hdb,cn=config”
here my db.ldif
[root@LDAP slapd.d]# cat db.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=field,dc=tenedis,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=field,dc=tenedis,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: hashed_output_from_the_slappasswd_command
any ideas ?
Please check each line for trailing spaces.
Greg, if you edit in vi use :set list to view the hidden characters. You will find an extra character on line 5 that you need to delete.
Mike
Hello,
I had the same problem.
Be careful when copying and pasting, a space can be added between each block.
Make sure there is no space.
Three things:
1 – I changed the admin user from ldapadm to ldap since openldap is running as user ldap on my centos 7 installation.
2 – I had to change this line ‘ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif’ to this ‘ldapmodify -H ldapi:/// -f certs.ldif’ for it to work.
3 – I cannot get past this error:
[ldapadm@openldapserver ~]$ sudo ldapadd -x -W -D “cn=ldap,dc=field,dc=linuxhostsupport,dc=com” -f base.ldif
[sudo] password for ldapadm:
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
Any ideas?
Thanks, Mike
Argh… figured #3 out. Changed “dc=field,dc=linuxhostsupport” to match my server and it worked….
In my test environment, i need to use “O=” style schema. Do i just replace dc= to o=? Any guidance would be really helpful.
I am using “yum update” command, but getting below error. how to resolve it?
[root@Linux-reg1 ~]# yum update
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was
14: curl#7 – “Failed to connect to 2a05:d012:8b5:6503:9efb:5cad:348f:e826: Network is unreachable”
One of the configured repositories failed (Unknown),
and yum doesn’t have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work “fix” this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Run the command with the repository temporarily disabled
yum –disablerepo= …
4. Disable the repository permanently, so yum won’t use it by default. Yum
will then just ignore the repository until you permanently enable it
again or use –enablerepo for temporary usage:
yum-config-manager –disable
or
subscription-manager repos –disable=
5. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager –save –setopt=.skip_if_unavailable=true
Cannot find a valid baseurl for repo: base/7/x86_64
Please make sure that your system is connected to the Internet.