#Step 1: first we need to install the required packages: yum install openldap-servers openldap-clients #Step2: As the configuration for

LDAP is stored inside the LDAP server itself th e configuration is in this /etc/openldap/slapd.d/ directory. #First of all we need set the password for administrator(we called it Manager) b y using this command. slappasswd -s 123 {SSHA}r2or9f2vYlvieCu0LP6wTnSdYfrddsuV vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif :%s/dc=my-domain,dc=com/dc=example,dc=com/g olcRootPW: {SSHA}r2or9f2vYlvieCu0LP6wTnSdYfrddsuV olcTLSCertificateFile: /etc/pki/tls/certs/example.pem olcTLSCertificateKeyFile: /etc/pki/tls/certs/examplekey.pem #Step 4: Now we have to specify the monitoring privileges vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif :%s/cn=manager,dc=my-domain,dc=com/cn=Manager,dc=example,dc=com/g #Step 5: Now its time for the Database Cache updatedb cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown -Rf ldap:ldap /var/lib/ldap/ #Step 6: Now we will need to set up a certificate for TLS. First we need to edit /etc/sysconfig/ldap and change SLAPD_LDAPS= options in this manner vim /etc/sysconfig/ldap SLAPD_LDAPS=yes -----(default is no) openssl req -new -x509 -nodes -out /etc/pki/tls/certs/example.pem -keyout /etc/p ki/tls/certs/examplekey.pem -days 365 chown -Rf root:ldap /etc/pki/tls/certs/example.pem chmod -Rf 640 /etc/pki/tls/certs/examplekey.pem #Step 7: Time to test our configuration slaptest -u #Step 8: Start the ldap server service sladp start ldapsearch -x -b dc=example,dc=com

#Step 9: Configure the base domain cach tao file ldif yum install migrationtools cd /usr/share/migrationtools/ vim migrate_common.ph # Default DNS domain $DEFAULT_MAIL_DOMAIN = "dnson.local"; //s?a l?i cho gi?ng domain c?a b?n

# Default base $DEFAULT_BASE = "dc=dnson,dc=local"; //s?a l?i cho gi?ng domain c?a b?n ./migrate_base.pl > base.ldif #./migrate_passwd.pl passwd > alluser.ldif #./migrate_group.pl group > group.ldif

#now we import our base information to the ldap directory: ldapadd -x -W -D cn=Manager,dc=example,dc=com -f /usr/share/migrationtools/base.ld if #ldapadd -x -W -D cn=Manager,dc=example,dc=com r.ldif #ldapadd -x -W -D cn=Manager,dc=example,dc=com ldif -f /usr/share/migrationtools/alluse -f /usr/share/migrationtools/group.

#Step 10: add the users in ldap #now time to add the users into ldap database. Fo Do that only we need to create a .ldif file and we can add it into ldap. vim /root/users.ldif dn: uid=vishvendra,ou=People,dc=example,dc=com uid: vishvendra cn: vishvendra Chauhan givenName: vishvendra Singh Chauhan sn: 1 mail: vishvendra.singh.chauhan@example.com objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {SSHA}2RxVB3Cb+JZxqLDD4EucbGKEew9bhXNB shadowLastChange: 12797 shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 911 gidNumber: 911 homeDirectory: /home/vishvendra gecos: Vishvendra's userusers.ldif ldapadd -x -W -D cn=Manager,dc=example,dc=com -f /root/users.ldif #Step 11: Testing the ldap server. We check is user vishvendra exists ldapsearch -x cn=vishvendra -b dc=example,dc=com #Ldap Client Configuration yum install openldap-clients

authconfig-gtk or authconfig-tui or system-config-authentication

################################ cach tao file ldif yum install migrationtools cd /usr/share/migrationtools/ vim migrate_common.ph # Default DNS domain $DEFAULT_MAIL_DOMAIN = "dnson.local"; //s?a l?i cho gi?ng domain c?a b?n # Default base $DEFAULT_BASE = "dc=dnson,dc=local"; //s?a l?i cho gi?ng domain c?a b?n ./migrate_base.pl > base.ldif ./migrate_passwd.pl passwd > alluser.ldif ./migrate_group.pl group > group.ldif ldapadd -c -x -D "cn=Manager,dc=dnson,dc=local" -W -f base.ldif ldapadd -c -x -D "cn=Manager,dc=dnson,dc=local" -W -f alluser.ldif ldapadd -c -x -D "cn=Manager,dc=dnson,dc=local" -W -f group.ldif Gi?i thch m?t cht ? ?y nh : -x -W -D -f l ch? ??nh khng s? d?ng sasl nh?p m?t kh?u ???c xc ??nh ai l administrator xc ??nh ldapadd tm d? li?u ? ?u

smbldap-populate