Today, we will show you, How to install LDAP on CentOS 7. LDAP, or Lightweight Directory Access Protocol, is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. It can be used to store any kind of information and it is often used as one component of a centralized authentication system. Installing and configuring an OpenLDAP server on CentOS 7, it’s fairly easy task, just carefully follow the tutorial below and you should have it installed in less than 10 minutes.
Update the system
As usual before installing new software, update all your system packages to the newest available version first:
# yum update
Install OpenLDAP
We are going to begin by installing the packages required for OpenLDAP functionality:
# yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel
We will also start the LDAP daemon and enable it on boot:
# systemctl start slapd.service # systemctl enable slapd.service
Run the slappasswd command to set a LDAP root password and save the output because we are going to need it to configure OpenLDAP:
# slappasswd
We’ll configure the OpenLDAP server now. We’ll create a few LDIF files and then we will use the ldapmodify command to deploy the configuration to the server. The files will be stored in ‘/etc/openldap/slapd.d’ and they shouldn’t be edited manually.
The ‘db.ldif’ file will update the olcSuffix variable which will add the distinguished name to queries that will be passed to the backend database, it will configure the domain name for which your LDAP server will provide account information, and it will update the olcRootDN variable which specifies the root distinguished name user that will have administrator access to the LDAP server.
Our domain is field.linuxhostsupport.com, and written inside the ‘db.ldif’ file it looks like this ‘dc=field,dc=linuxhostsupport,dc=com’ and our root distinguished name is ‘cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com’.
Configure OpenLDAP
Create the db.ldif file using nano or an editor of your preference and paste the following content in:
# nano db.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=field,dc=linuxhostsupport,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: hashed_output_from_the_slappasswd_command
Deploy the configuration using ldapmodify:
# ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
Now restrict monitor access only to the ldapadm user:
# nano monitor.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com" read by * none
Deploy the configuration change again:
# ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
Now we will generate a certificate and a private key so we can communicate securely with the OpenLDAP server. We will use the command below to do that:
openssl req -new -x509 -nodes -out \ /etc/openldap/certs/myldap.field.linuxhostsupport.com.cert \ -keyout /etc/openldap/certs/myldap.field.linuxhostsupport.com.key \ -days 365
Change the owner and group permissions so OpenLDAP can read the files:
# chown -R ldap:ldap /etc/openldap/certs
Now create certs.ldif to configure OpenLDAP to use the LDAPS protocol:
# nano certs.ldif dn: cn=config changetype: modify replace: olcTLSCertificateFile olcTLSCertificateFile: /etc/openldap/certs/myldap.field.linuxhostsupport.com.cert dn: cn=config changetype: modify replace: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.field.linuxhostsupport.com.key
We can then deploy the configuration again:
# ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif
Now test the configuration using the following command:
# slaptest -u
Setting up the OpenLDAP database
Now we can set up the LDAP database, start by copying the sample database configuration file to ‘/var/lib/ldap’ and change the file permissions:
# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG # chown -R ldap:ldap /var/lib/ldap
Add the LDAP schemas:
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
And now create a base.ldif file for your domain:
# nano base.ldif dn: dc=field,dc=linuxhostsupport,dc=com dc: field objectClass: top objectClass: domain dn: cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com objectClass: organizationalRole cn: ldapadm description: LDAP Manager dn: ou=People,dc=field,dc=linuxhostsupport,dc=com objectClass: organizationalUnit ou: People dn: ou=Group,dc=field,dc=linuxhostsupport,dc=com objectClass: organizationalUnit ou: Group
We will deploy these configuration changes to the OpenLDAP server using the ldapadm user:
# ldapadd -x -W -D "cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com" -f base.ldif
Enter the root password when prompted.
If you need to add users it’s easier to add them with a GUI, we recommend using Apache Directory Studio or JXplorer for this.
That’s it you should now have successfully installed LDAP on CentOS 7.
Of course you don’t have to install LDAP on CentOS 7, if you use one of our Linux server support services, in which case you can simply ask our expert Linux admins to configure this for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post, on how to install LDAP on CentOS 7, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.