Introduction
The OpenLDAP is an implementation of the Lightweight Directory Access Protocol that serves to provide network clients with directory services. You can use the directory server to store organization information in a centralized location and make available the information to applications or users through LDAP. Records may be searched, read and modified according to the permissions you give your users on the network. OpenLDAP is mainly used to provide network-based authentication services to users.
Before You Get Started
- OpenLDAP server installed on your CentOS 7 Dedicated Server or VPS. You can learn How to Configure the Lightweight Directory Access Protocol Server on a CentOS 7 VPS or Dedicated Server here.
- Second VPS to act as a client. It should be running a CentOS 7 configured with a non-root user with sudo privileges.
This guide assumes that you are familiar with LDAP protocol and OpenLDAP and the terminologies used.
Steps
Ensure the domain names can be resolved by both your server and client VPS/Dedicated server. Open your hosts file and add the hostnames and corresponding IP addresses on both the server and client nodes.
$ vim /etc/hosts
192.168.56.104 server.hostadvice.local 192.168.56.105 client.hostadvice.local
On your LDAP dedicated server or virtual server
.
$ mkdir ldap-scripts $ cd ldap-scripts
that will contain the details of the new user that you will be creating and paste in the following details. Make sure to replace the domain details with your specific ones.
$ vim linuxuser.ldif
dn: uid=linuxuser,ou=People,dc=hostadvice,dc=local objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount cn: linuxuser uid: linuxuser uidNumber: 9998 gidNumber: 100 homeDirectory: /home/linuxuser loginShell: /bin/bash gecos: Linuxuser [Admin (at) HostAdvice] userPassword: {crypt}x shadowLastChange: 17058 shadowMin: 0 shadowMax: 99999 shadowWarning: 7
Once created, you can
by using the following command:
$ ldapadd -x -W -D "cn=ldapadm,dc=hostadvice,dc=local" -f linuxuser.ldif
Enter LDAP Password: adding new entry "uid=linuxuser,ou=People,dc=hostadvice,dc=local"
You can
by searching the newly entered record:
$ ldapsearch -x cn=linuxuser -b dc=hostadvice,dc=local
# extended LDIF # # LDAPv3 # base <dc=hostadvice,dc=local> with scope subtree # filter: cn=linuxuser # requesting: ALL # # linuxuser, People, hostadvice.local dn: uid=linuxuser,ou=People,dc=hostadvice,dc=local objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount cn: linuxuser uid: linuxuser uidNumber: 9998 gidNumber: 100 homeDirectory: /home/linuxuser loginShell: /bin/bash gecos: Linuxuser [Admin (at) HostAdvice] shadowLastChange: 17058 shadowMin: 0 shadowMax: 99999 shadowWarning: 7 userPassword:: e1NTSEF9eVoraStkZTc4dW94TmY2NmJ3WWx0YmRUU1dsSnRud3U= # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
$ ldappasswd -s pa55word@HostAdvice -W -D "cn=ldapadm,dc=hostadvice,dc=local" -x "uid=linuxuser,ou=People,dc=hostadvice,dc=local"
Configure Client
On the client VPS, you need to install the OpenLDAP client packages and dependencies.
$ yum install -y openldap-clients nss-pam-ldapd
The client then needs to be configured to authenticate from the specified server IP address. Replace the server IP address and domain controller with your own. This will allow a new home directory to be created once you enter the single sign on (SSO) password.
$ authconfig --enableldap --enableldapauth --ldapserver=192.168.56.104 --ldapbasedn="dc=hostadvice,dc=local" --enablemkhomedir --update
You can confirm the created user exists in the server by querying it with the username.
$ getent passwd linuxuser
linuxuser:x:9998:100:Linuxuser [Admin (at) HostAdvice]:/home/linuxuser:/bin/bash
You can now log into the newly created account user.
$ su - linuxuser
Conclusion
If you have succeeded without errors, you have just learned how to add a new user on the LDAP server. The client has been configured to authenticate with the LDAP server through a given password. You can now try adding more users with different permission levels. With OpenLDAP, you can also migrate local users to its database without having to enter them one by one.
Check out these top 3 Linux hosting services
- Click here to know more about the Best website hosting.