How To Configure the Lightweight Directory Access Protocol Server on a CentOS 7 VPS or Dedicated Server

How To Configure the Lightweight Directory Access Protocol Server on a CentOS 7 VPS or Dedicated Server

Introduction

LDAP protocol allows for location of organizations, individuals and other resources over the internet or in an organization’s intranet using TCP/IP. It is arranged in a hierarchical structure:

  • The root which is the source and branches to
  • Countries which branches out to
  • Organizations which branches out to
  • Organizational units which finally branches out to
  • Individuals ( including files, directories, and other resources)

OpenLDAP is an implementation of the LDAP protocol. It is an optimized non-relational database which is an address book that is used to emulate a domain controller by providing controlled access to backend services which may include samba services etc.

Prerequisite

Steps

Update System Packages

$ sudo yum update

Install OpenLDAP services

$ sudo yum install openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel compat-openldap

Start the LDAP services

$ sudo systemctl enable slapd
$ sudo systemctl start slapd

Create a new password

$ sudo slappasswd

Special Note: Ensure you save the hashed password output, you will need it later.

Configure OpenLDAP

Create a file called db.ldif using your favorite text editor copy paste in the below content. In my case my domain is example.hostadvice.local hence, you should replace your dc and cn values the following configuration:

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=hostadvice,dc=local
 
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=example,dc=hostadvice,dc=local

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: hashed_output_from_the_slappasswd_command

Deploy the following configuration:

$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif

Restrict access to monitor to ldapadm user alone. Create another file called monitor.ldif and paste the contents below. Remember to replace the dc and cn names.

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth"readby dn.base="cn=ldapadm,dc=example,dc=hostadvice,dc=local"readby * none

Deploy the configuration:

$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif

For secure communication, we will generate a certificate and a private key
$ sudo openssl req -new -x509 -nodes -out /etc/openldap/certs/myldap.example.local.cert -keyout /etc/openldap/certs/myldap.example.local.key -days 365

Follow the prompts; filling in your details
Change the access rights of the cert folder to read-only

$ sudo chown -R ldap:ldap /etc/openldap/certs

Configure the OpenLDAP to use the LDAP protocol. Create a file called certs.ldif and paste in the following contents while replacing your cert and key names:

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/myldap.example.hostadvice.local.cert

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.example.hostadvice.local.key

Setting up the Database

We need to copy the configuration file and change its permission

$ sudo cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
$ sudo chown -R ldap:ldap /var/lib/ldap

Add the database schemas as follows:

$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

Lastly, create a base.ldif file for the domain and write the following while replacing your dc values:

dn: dc=example,dc=hostadvice,dc=local
dc: example
objectClass: top
objectClass: domain

dn: cn=ldapadm,dc=example,dc=hostadvice,dc=local
objectClass: organizationalRole
cn: ldapadm
description: LDAP Manager

dn: ou=People,dc=example,dc=hostadvice,dc=local
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=example,dc=hostadvice,dc=local
objectClass: organizationalUnit
ou: Group

Deploy the configurations using the ldapadm user:

$ ldapadd -x -W -D "cn=ldapadm,dc=example,dc=hostadvice,dc=local" -f base.ldif

Conclusion

If you have not run any errors, it means you have successfully installed OpenLDAP on your CentOS 7 successfully. Now you can add new users to the server. It is always easier to manage the LDAP server via a GUI, so make sure to check out How to Install and Configure phpLDAP on CentOS 7 / Ubuntu 18.04.

Check out these top 3 VPS services:

Kamatera
$4.00 /mo
Starting price
Visit Kamatera
Rating based on expert review
  • User Friendly
    3.5
  • Support
    3.0
  • Features
    3.9
  • Reliability
    4.0
  • Pricing
    4.3
Hostinger
$2.99 /mo
Starting price
Visit Hostinger
Rating based on expert review
  • User Friendly
    4.7
  • Support
    4.7
  • Features
    4.8
  • Reliability
    4.8
  • Pricing
    4.7
Webdock
$0.95 /mo
Starting price
Visit Webdock
Rating based on expert review
  • User Friendly
    3.8
  • Support
    4.5
  • Features
    4.5
  • Reliability
    4.3
  • Pricing
    4.3
  • Do you need the best VPS? Read about our different offers.

How to Set Up LDAP Authentication with OpenLDAP on CentOS 7

In an organization, different access levels to data ought to be given to differe
less than a minute
Vladimir Rakov
Vladimir Rakov
Hosting Expert

How to Install phpLDAPadmin on CentOS 7

Sometimes performing tasks may be so much easier on a GUI. phpLDAPadmin is an ad
less than a minute
Kennedy Mbuvi
Kennedy Mbuvi
Author

How To Install CachetHQ On a CentOS 7 VPS or Dedicated Server

This tutorial will help you install CacheHQ on your CentOS 7 server. CacheHQ is
less than a minute
David Malcom
David Malcom
Author

How to Install MongoDB on Your CentOS 7 VPS or Dedicated Server

MongoDB is designed for extensive databases and is mainly used for data analytic
less than a minute
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top