Installation and Configuration OpenLDAP with DNS on CentOS 7

Installation and Configuration of OpenLDAP Server with DNS Server on CentOS 7

OpenLDAP means open source Lightweight Directory Access Protocol. The basic purpose of OpenLDAP is centralized the network resource for example User Access its personal home folders and files from Linux machine in our case CentOS Linux 7 by use of Network File Sharing (NFS) Server. OpenLDAP work as a directory service to store the user id's, user password, computers and etc. For communication OpenLDAP use a TCP port 389. Most of the corporate sectors use OpenLDAP in their infrastructure for Linux System Administration Team, Linux Database Administration Team and DevOps Team to secure their work.

DNS stands for Domain Name System and use a TCP and UDP Port 53. The purpose of DNS in OpenLDAP is to store the computer records in forward and reverse lookup zone file for centralized authentication environment. DNS help to locate computers and applications (inside operating systems) by use of IP and Name.

Requirement of this LAB Environment

 S.no Machines        Packages                                                                Name/IP Address 
 1. Server OpenLDAP Server and Bind "DNS Server" LDAP-DNS/192.168.10.215
 2. Client OpenLDAP Clients and NSS Pam LDAPD Linux2/192.168.10.216

Installation and Configuration of DNS Server for OpenLDAP Server Click on >>Read.

To Check the Host Name and IP configuration files of OpenLDAP Server type the below commands.

cat /etc/hostname
cat /etc/sysconfig/network-scripts/ifcfg-ens33

installation and configuration of openldap server with dns server on centos7

To check the hosts file of OpenLDAP Server type the below command.

cat /etc/hosts

installation and configuration of openldap server with dns server on centos 7

In the above image you can see that Host name and Full Qualified Domain Name (Host Name + Domain Name) has written with IP Address. This line is require in hosts file of OpenLDAP Server that is also a DNS Server, In client machine no need to edit Host name and Full Qualified Domain Name (Host Name + Domain Name) with IP address because in client side DNS Server use to resolve client Host Name with IP Address or IP Address with Host name.

To install OpenLDAP package with migration tools in CentOS Linux 7 machine type the below command.

yum -y install openldap* migrationtools

installation and configuration of openldap server with dns server on centos 7

OpenLDAP Server package has successfully installed on CentOS Linux 7 machine.

installation and configuration of openldap server with dns server on centos 7

To create OpenLDAP Administration password type the below command. This is the root password for OpenLDAP in CentOS 7.

slappasswd

After type slappasswd command enter your desire password twice and copy the encrypted password. This encrypted password will edit in configuration file of OpenLDAP.

installation and configuration of openldap server with dns server on centos 7

For trust relationship between client and server machine create a Self Signed Certificate on OpenLDAP Server. Type the below command to create a Self Signed Certificate for 1 year, you can set the period of this certificate means years as per your requirement.

openssl req -new -x509 -nodes -out /etc/pki/tls/certs/openldap.pem -keyout /etc/pki/tls/certs/openldapkey.pem -days 365

installation and configuration of openldap server with dns server on centos 7

Set the Country Name, State or Province Name, Locality Name, Organization Name, Organizational Unit Name, Common Name and Email Address to full fill the Certificate requirement.

installation and configuration of openldap server with dns server on centos 7

To Verify the Certificate has created type the below command.

ll /etc/pki/tls/certs/*.pem

how install and configure openldap server with dns server on centos 7

The result of list the Self Signed certificate file with key is shown below.

how install and configure openldap server with dns server on centos 7

To Configure the main configuration file of OpenLDAP Database "olcDatabase={2}hdb.ldif" that available in "/etc/openldap/slapd.d/cn=config" directory by use of vi editor.

First use cd command to enter in the directory "/etc/openldap/slapd.d/cn=config".

cd /etc/openldap/slapd.d/cn=config

Then use vi editor to edit the main configuration file of OpenLDAP Database "olcDatabase={2}hdb.ldif".

vi olcDatabase={2}hdb.ldif

installation and configuration of openldap server with dns server on centos 7

In this configuration file edit the below lines as per your environment. pakistan.local is the domain name of this lab environment, you must set your domain name in the below lines.

olcSuffix: dc=pakistan,dc=local
olcRootDN: cn=Manager,dc=pakistan,dc=local

Also Add the below lines at the end of Configuration File. These lines include the encrypted password of OpenLDAP root user, Self Signed certificate file path and Self Signed certificate key file path.

olcRootPW: {SSHA}oRziaj3hPpcqbF0qbiGbT4imbSELUifT
olcTLSCertificateFile: /etc/pki/tls/certs/openldap.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/openldapkey.pem

installation and configuration of openldap server with dns server on centos 7

To Monitor the OpenLDAP Server set the Domain Name in OpenLDAP Monitoring Database file "olcDatabase={1}monitor.ldif". Use vi editor to edit the "olcDatabase={1}monitor.ldif" file that available in "/etc/openldap/slapd.d/cn=config" directory.

vi olcDatabase={1}monitor.ldif

installation and configuration of openldap server with dns server on centos 7

Set the Domain Name pakistan.local that is showing in RED underline, you must set your Domain Name.

installation and configuration of openldap server with dns server on centos 7

Type the below command to verify the OpenLDAP Server configuration. If checksum error occurs just ignore it.

slaptest -u

installation and configuration of openldap server with dns server on centos 7

OpenLDAP service slapd run by use of ldap user by default, if you start OpenLDAP service slapd by use of root user it will give errors of incorrect permissions.

To Start the OpenLDAP service slapd give permissions to ldap user.

First Copy the "DB_CONFIG.example" file that available in "/usr/share/openldap-servers/DB_CONFIG.example" directory to "DB_CONFIG" file in "/var/lib/ldap/DB_CONFIG" directory. By default "DB_CONFIG" file is not available in "/var/lib/ldap/" directory. Type the below command to copy the file.

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Then give the permissions to ldap user of "/var/lib/ldap/" directory by use of below command.

chown -R ldap:ldap /var/lib/ldap/

how install and configure openldap server with dns server on centos 7

To Configure the Firewall "Firewalld" and SELinux in OpenLDAP Server Click on >>Read.

You can disable the Firewall "Firewalld" and SELinux in OpenLDAP Server.

To disable the Firewall "Firewalld", First stop Firewall "Firewalld" then disable Firewall "Firewalld". To stop and disable the Firewall "Firewalld" type the below command.

systemctl stop firewalld
systemctl disable firewalld

To Check the status of Firewall "Firewalld" type the below command.

systemctl status firewalld

To disable SELinux temporary type the below command.

setenforce 0

Above mention command disable SELinux temporary means after reboot the CentOS Linux operating system SELinux enforcing automatically. To Permanent disable SELinux edit "config" file of SELinux that available in "/etc/selinux/config" directory.

how install and configure openldap server with dns server on centos 7

In above image SELinux is in Enforcing mode, You can disabled by edit below line.

SELINUX=disabled

Prefer method is to enable Firewall "Firewalld" and SELinux.

Allow Firewall "Firewalld" rules and Configure SELinux for OpenLDAP Server click on >>Read or Disable Firewall "Firewalld" and Disable SELinux then Start OpenLDAP service "slapd", to start OpenLDAP service "slapd" on CentOS Linux 7 type the below command.

systemctl start slapd

how install and configure openldap server with dns server on centos 7

Check the status of OpenLDAP service "slapd" type the below command.

systemctl status slapd

how install and configure openldap server with dns server on centos 7

To grep the result OpenLDAP port 389 type the below command.

netstat -antup | grep -i 389

how install and configure openldap server with dns server on centos 7

To configure the schema of OpenLDAP server on CentOS Linux 7 type the below commands.

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

how install and configure openldap server with dns server on centos 7

Configure "migrate_common.ph" file that available in "/usr/share/migrationtools/migrate_common.ph" directory to migrate local users to OpenLDAP users in CentOS Linux 7.

Use cd command to enter in the "/usr/share/migrationtools/" directory then use vi editor to edit the "migrate_common.phfile.

cd /usr/share/migrationtools/
vi migrate_common.ph

how install and configure openldap with dns on centos 7

Type ":se nu" to show the file with line numbers.

how install and configure openldap with dns on centos 7

Edit the below lines in "migrate_common.ph" file. pakistan.local is the domain name of this lab environment, you must set your domain name and change the extended schema from 0 to 1.

Line Number: 71
$DEFAULT_MAIL_DOMAIN = "pakistan.local";
Line Number: 74
$DEFAULT_BASE = "dc=pakistan,dc=local";
Line Number: 90
$EXTENDED_SCHEMA = 1;

how install and configure openldap with dns on centos 7

To authenticate OpenLDAP users create "base.ldif" file in "/root/base.ldif" directory by use of vi editor, you can create the file by touch command then edit the file by use of vi editor. 

vi /root/base.ldif

how install and configure openldap with dns on centos 7

Edit the below lines in "base.ldif" file.

dn: dc=pakistan,dc=local
objectClass: top
objectClass: dcObject
objectclass: organization
o: pakistan local
dc: pakistan

dn: cn=Manager,dc=pakistan,dc=local
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=pakistan,dc=local
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=pakistan,dc=local
objectClass: organizationalUnit
ou: Group

how install and configure openldap with dns on centos 7

Create Local user then migrate local users to OpenLDAP users. To create local users and set their passwords type below commands.

useradd user1
useradd user2
passwd user1
passwd user2

how install and configure openldap with dns on centos 7

Check the local users "user1 and user2" has created type the below command. Here user "owais" has already created during the installation of CentOS Linux 7.

cat /etc/passwd

how install and configure openldap with dns on centos 7

To check the group of local users type the below command.

cat /etc/group

how install and configure openldap with dns on centos 7

User1 and User2 is not add in any group but user "owais" have a group name "owais" because this user create during the installation of CentOS Linux 7.

how install and configure openldap with dns on centos 7

To grep the users password and group to temporary password and group files that will create during the grep process then migrate data of users password and group from temporary files to OpenLDAP users and groups files respectively by use of below commands. The OpenLDAP users and groups files also create during the migration process.

grep ":10[0-9][0-9]" /etc/passwd > /root/passwd
grep ":10[0-9][0-9]" /etc/group > /root/group
./migrate_passwd.pl /root/passwd /root/users.ldif
./migrate_group.pl /root/group /root/groups.ldif

how install and configure openldap with dns on centos 7

To check the current path of user type below command.

pwd

how install and configure openldap on centos 7

To import the LDAP Data Interchange Format ".ldif" files base.ldif, users.ldif and groups.ldif to OpenLDAP Database type the below commands.

ldapadd -x -W -D "cn=Manager,dc=pakistan,dc=local" -f /root/base.ldif
ldapadd -x -W -D "cn=Manager,dc=pakistan,dc=local" -f /root/users.ldif
ldapadd -x -W -D "cn=Manager,dc=pakistan,dc=local" -f /root/groups.ldif

how install and configure openldap on centos 7

To Check user "user1" in OpenLDAP Database type the below command.

ldapsearch -x cn=user1 -b dc=pakistan,dc=local

how install and configure openldap on centos 7

To check All users in OpenLDAP Database type below command.

ldapsearch -x -b 'dc=pakistan,dc=local' '(objectclass=*)'

how install and configure openldap on centos 7

OpenLDAP Server configuration on CentOS Linux 7 has completed.

To Authenticate CentOS Linux 7 client Machine from OpenLDAP Server click on >>Read.

Thanks for Read this Article

Comments