How to Set Up LDAP Authentication with OpenLDAP on CentOS 7

How to Set Up LDAP Authentication with OpenLDAP on CentOS 7

Introduction

The OpenLDAP is an implementation of the Lightweight Directory Access Protocol that serves to provide network clients with directory services. You can use the directory server to store organization information in a centralized location and make available the information to applications or users through LDAP. Records may be searched, read and modified according to the permissions you give your users on the network. OpenLDAP is mainly used to provide network-based authentication services to users.

Before You Get Started

This guide assumes that you are familiar with LDAP protocol and OpenLDAP and the terminologies used.

Steps

Ensure the domain names can be resolved by both your server and client VPS/Dedicated server. Open your hosts file and add the hostnames and corresponding IP addresses on both the server and client nodes.

Replace the IP addresses with yours.
$ vim /etc/hosts
192.168.56.104        server.hostadvice.local
192.168.56.105        client.hostadvice.local

On your LDAP dedicated server or virtual server

create a folder that will be used to create your ldif scripts

.

$ mkdir ldap-scripts
$ cd ldap-scripts

Create an ldif file using your favorite editor

 that will contain the details of the new user that you will be creating and paste in the following details. Make sure to replace the domain details with your specific ones.

$ vim linuxuser.ldif
dn: uid=linuxuser,ou=People,dc=hostadvice,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: linuxuser
uid: linuxuser
uidNumber: 9998
gidNumber: 100
homeDirectory: /home/linuxuser
loginShell: /bin/bash
gecos: Linuxuser [Admin (at) HostAdvice]
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7

Once created, you can

add the user to your database

by using the following command:

$ ldapadd -x -W -D "cn=ldapadm,dc=hostadvice,dc=local" -f linuxuser.ldif
Enter LDAP Password: 
adding new entry "uid=linuxuser,ou=People,dc=hostadvice,dc=local"

You can

verify the user is added

by searching the newly entered record:

$ ldapsearch -x cn=linuxuser -b dc=hostadvice,dc=local
# extended LDIF
#
# LDAPv3
# base <dc=hostadvice,dc=local> with scope subtree
# filter: cn=linuxuser
# requesting: ALL
#

# linuxuser, People, hostadvice.local
dn: uid=linuxuser,ou=People,dc=hostadvice,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: linuxuser
uid: linuxuser
uidNumber: 9998
gidNumber: 100
homeDirectory: /home/linuxuser
loginShell: /bin/bash
gecos: Linuxuser [Admin (at) HostAdvice]
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
userPassword:: e1NTSEF9eVoraStkZTc4dW94TmY2NmJ3WWx0YmRUU1dsSnRud3U=

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
$ ldappasswd -s pa55word@HostAdvice -W -D "cn=ldapadm,dc=hostadvice,dc=local" -x "uid=linuxuser,ou=People,dc=hostadvice,dc=local"

Configure Client

On the client VPS, you need to install the OpenLDAP client packages and dependencies.

$ yum install -y openldap-clients nss-pam-ldapd

The client then needs to be configured to authenticate from the specified server IP address. Replace the server IP address and domain controller with your own. This will allow a new home directory to be created once you enter the single sign on (SSO) password.

$ authconfig --enableldap --enableldapauth --ldapserver=192.168.56.104 --ldapbasedn="dc=hostadvice,dc=local" --enablemkhomedir --update

You can confirm the created user exists in the server by querying it with the username.

$ getent passwd linuxuser
linuxuser:x:9998:100:Linuxuser [Admin (at) HostAdvice]:/home/linuxuser:/bin/bash

You can now log into the newly created account user.

$ su - linuxuser

Conclusion

If you have succeeded without errors, you have just learned how to add a new user on the LDAP server. The client has been configured to authenticate with the LDAP server through a given password. You can now try adding more users with different permission levels. With OpenLDAP, you can also migrate local users to its database without having to enter them one by one.

Check out these top 3 Linux hosting services

FastComet
$1.79 /mo
Starting price
Visit FastComet
Rating based on expert review
  • User Friendly
    4.7
  • Support
    5.0
  • Features
    4.8
  • Reliability
    4.5
  • Pricing
    5.0
HostArmada
$2.49 /mo
Starting price
Visit HostArmada
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.5
  • Features
    4.5
  • Reliability
    4.5
  • Pricing
    4.0
Hostinger
$2.99 /mo
Starting price
Visit Hostinger
Rating based on expert review
  • User Friendly
    4.7
  • Support
    4.7
  • Features
    4.8
  • Reliability
    4.8
  • Pricing
    4.7

Part One: How to Monitor Nginx using Elastic Stack on a CentOS 7 VPS or Dedicated Server

This is Part I of a two-part tutorial explaining how to use the different compon
5 min read
Idan Cohen
Idan Cohen
Marketing Expert

Part Two: How to Monitor Nginx using Elastic Stack on a CentOS 7 VPS or Dedicated Server

This tutorial will explain how to use the different components of the Elastic St
3 min read
Idan Cohen
Idan Cohen
Marketing Expert

How to Install cPanel on a CentOS 7 VPS or Dedicated Server

This article provides step by step instructions on how to install cPanel on a Vi
3 min read
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO

How to Install and Configure Linux Malware Detect on CentOS 7

This tutorial will help you install and configure Linux Malware Detect (LMD) on
4 min read
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top