LDAP Server

[1] Install and Configure OpenLDAP.

[root@master ~]# yum -y install openldap-servers openldap-clients

# generate password for ldap admin
[root@master ~]# slappasswd -s password -h {MD5}
# (1) remember
{MD5}*********************

[root@master ~]# vi /etc/openldap/slapd.conf

# line 86: specify suffix
suffix "dc=server,dc=world"

# line 87: specify admin suffix
rootdn "cn=Manager,dc=server,dc=world"

# line 93: specify password generated (1)
rootpw {MD5}************************

# add at the bottom
access to attrs=userPassword
by self write
by dn="cn=Manager,dc=server,dc=world" write
by anonymous auth
by * none

access to *
by dn="cn=Manager,dc=server,dc=world" write
by self write
by * read

[root@master ~]# cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@master ~]# /etc/rc.d/init.d/ldap start
Checking configuration files for slapd: /etc/openldap/slapd.conf: line 116: rootdn is always granted unlimited privileges.
/etc/openldap/slapd.conf: line 121: rootdn is always granted unlimited privileges.
config file testing succeeded
[ OK ]
Starting slapd: [ OK ]
[root@master ~]# chkconfig ldap on

[2] Add initial information

[root@master ~]# cd /usr/share/openldap/migration
[root@master migration]# vi migrate_common.ph

# line 71: specify domain name
$DEFAULT_MAIL_DOMAIN = "server.world";

# line 74: specify suffix
$DEFAULT_BASE = "dc=server,dc=world";

[root@master migration]# ./migrate_base.pl > base.ldif
[root@master migration]# vi base.ldif

# edit only sections that are needed for your environment ( The follows is minimum requirement example )
dn: dc=server,dc=world
dc: server
objectClass: top
objectClass: domain

dn: ou=Hosts,dc=server,dc=world
ou: Hosts
objectClass: top
objectClass: organizationalUnit

dn: ou=People,dc=server,dc=world
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=server,dc=world
ou: Group
objectClass: top
objectClass: organizationalUnit

[root@master migration]# ldapadd -x -W -D "cn=Manager,dc=server,dc=world" -f base.ldif
Enter LDAP Password:# ldap admin password
adding new entry "dc=server,dc=world"

adding new entry "ou=Hosts,dc=server,dc=world"

adding new entry "ou=People,dc=server,dc=world"

adding new entry "ou=Group,dc=server,dc=world"

[3] Add Existing User and Group to LDAP Server

# get users from /etc/passwd
[root@master migration]# grep "x:[5-9][0-9][0-9]" /etc/passwd > passwd
# get groups from /etc/group
[root@master migration]# grep "x:[5-9][0-9][0-9]" /etc/group > group
[root@master migration]# ./migrate_passwd.pl passwd > passwd.ldif
[root@master migration]# ./migrate_group.pl group > group.ldif

# add user and group to LDAP Server
[root@master migration]# ldapadd -x -W -D "cn=Manager,dc=server,dc=world" -f passwd.ldif
Enter LDAP Password:
adding new entry "uid=fedora,ou=People,dc=server,dc=world"

adding new entry "uid=suse,ou=People,dc=server,dc=world"

adding new entry "uid=ubuntu,ou=People,dc=server,dc=world"

adding new entry "uid=cent,ou=People,dc=server,dc=world"

adding new entry "uid=debian,ou=People,dc=server,dc=world"

[root@master migration]# ldapadd -x -W -D "cn=Manager,dc=server,dc=world" -f group.ldif
Enter LDAP Password:
adding new entry "cn=fedora,ou=Group,dc=server,dc=world"

adding new entry "cn=suse,ou=Group,dc=server,dc=world"

adding new entry "cn=ubuntu,ou=Group,dc=server,dc=world"

adding new entry "cn=cent,ou=Group,dc=server,dc=world"

adding new entry "cn=debian,ou=Group,dc=server,dc=world"

[4] If you'd like to delete User or Group that is added in LDAP Server, Do as below.

[root@master ~]# ldapdelete -x -W -D 'cn=Manager,dc=server,dc=world' "uid=cent,ou=people,dc=server,dc=world"
Enter LDAP Password:
[root@master ~]# ldapdelete -x -W -D 'cn=Manager,dc=server,dc=world' "cn=cent,ou=group,dc=server,dc=world"
Enter LDAP Password: