Friday, April 30, 2010

RHCE OpenLDAP Server / Client Setup (30/04/2010)

OpenLDAP Server

compat-openldap.i386 0:2.1.30-6.4E
openldap-clients.i386 0:2.2.13-6.4E
openldap-devel.i386 0:2.2.13-6.4E
openldap-servers.i386 0:2.2.13-6.4E
openldap-servers-sql.i386 0:2.2.13-6.4E
ou can install them using the command:
yum install *openldap* -y

-----------------------------------------------------------
vi /etc/openldap/sldap.conf

openssl passwd

add in /etc/openldap/sldap.conf

suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw {crypt}BreLcru48OqmA
-------------------------------------------------------------------------
service ldap restart
tail -f /var/log/messages


useradd -d /home/users/system1-user01 system1-user01
useradd -d /home/users/system2-user02 system2-user02
useradd -d /home/users/system3-user03 system3-user03
useradd -d /home/users/system4-user04 system4-user04
useradd -d /home/users/system5-user05 system5-user05
useradd -d /home/users/system6-user06 system6-user06
useradd -d /home/users/system7-user07 system7-user07
useradd -d /home/users/system8-user08 system8-user08
useradd -d /home/users/system9-user09 system9-user09
useradd -d /home/users/system10-user10 system10-user10

passwd system1-user01

passwd system2-user02

passwd system3-user03

passwd system4-user04

passwd system5-user05

passwd system6-user06

passwd system7-user07

passwd system8-user08

passwd system9-user09

passwd system10-user10

groupadd -g 10000 system01

groupadd -g 10001 system02

usermod -G 10000 system1-user01

usermod -G 10000 system2-user02

usermod -G 10001 system3-user03

--------------------------------------------------------------------------------------

vi /etc/exports

/home/users 192.168.0.0/255.255.255.0(rw,sync)

----------------------------------------------------------------------------------

vi /etc/openldap/init.ldif

dn: dc=example,dc=com

objectClass: dcObject

objectClass: organization

o: example

dc: example

dn: cn=Manager,dc=example,dc=com

objectClass: organizationalRole

cn: Manager

dn: ou=Account,dc=example,dc=com

objectClass: organizationalUnit

ou: Account

dn: ou=Group,dc=example,dc=com

objectClass: organizationalUnit

ou: Group

#ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f init.ldif

#ldapsearch -x -LLL -b "dc=example, dc=com" "(objectClass=*)"

----------------------------------------------------------------------------------------

vi /etc/openldap/group.ldif

dn: cn=system01,ou=Group,dc=example,dc=com

objectClass: posixGroup

objectClass: top

cn: system01

gidNumber: 10000

dn: cn=system02,ou=Group,dc=example,dc=com

objectClass: posixGroup

objectClass: top

cn: system02

gidNumber: 10001

ldapadd -x -D "cn=Manager, dc=example, dc=com" -W -f group.ldif

before create user.ldif

su - system1-user01

id <-- check user id

openssl passwd

copy and paste on

---------------------------------------------------------------

vi /etc/openldap/user.ldif

dn: uid=system1-user01,ou=Account,dc=example,dc=com

uid: system1-user01

cn: test user 01

objectClass: account

objectClass: posixAccount

objectClass: top

userPassword: {crypt}FLVvKA5gz4RUk

loginShell: /bin/bash

uidNumber: 511

gidNumber: 10000

homeDirectory: /home/users/system1-user01


dn: uid=system2-user02,ou=Account,dc=example,dc=com

uid: system2-user02

cn: test user 02

objectClass: account

objectClass: posixAccount

objectClass: top

userPassword: {crypt}9oB/59btUGpGM

loginShell: /bin/bash

uidNumber: 512

gidNumber: 10000

homeDirectory: /home/users/system2-user02

dn: uid=system3-user03,ou=Account,dc=example,dc=com

uid: system3-user03

cn: test user 03

objectClass: account

objectClass: posixAccount

objectClass: top

userPassword: {crypt}xopW7X41D.w/6

loginShell: /bin/bash

uidNumber: 513

gidNumber: 10001

homeDirectory: /home/users/system3-user03

ldapadd -x -D "cn=Manager, dc=example, dc=com" -W -f user.ldif

---------------------------------------------------------------------

export home directory on server1.example.com

/home/users 192.168.0.0/255.255.255.0(rw,sync)

--------------------------------------------------------------------

### LDAP Clients ###

authconfig-tui

- Use LDAP

- Use LDAP Authentication

ldap://server1.example.com

dc=example,dc=com

---------------------------------------------------------------------

vi /etc/auto.master

/home/users /etc/auto.users --timeout=60

vi /etc/auto.users

* -fstype=nfs,rw,soft,intr server1.example.com:/home/users/&


No comments:

Quote of the Day