CentOSRHEL Based

How To Install OpenLDAP on CentOS Stream 10

Install OpenLDAP on CentOS Stream 10

In this tutorial, we will show you how to install OpenLDAP on CentOS Stream 10. OpenLDAP is a powerful, open-source implementation of the Lightweight Directory Access Protocol (LDAP), widely used for centralized authentication and directory services in Linux environments. It provides a robust framework for managing user identities, permissions, and access control across networks. In this comprehensive guide, we will walk through the process of installing OpenLDAP on CentOS Stream 10, covering all necessary steps from preparation to configuration and troubleshooting.

Introduction to OpenLDAP

OpenLDAP is a versatile tool that simplifies the management of user accounts and access rights across multiple systems. Its flexibility and scalability make it an ideal choice for both small and large-scale networks. By centralizing user data, OpenLDAP facilitates easier administration and enhances security by ensuring consistent access policies.

For system administrators and IT professionals, understanding how to set up and manage OpenLDAP is crucial for maintaining efficient and secure network operations. This guide is designed to provide a step-by-step walkthrough of the installation process, ensuring that you can successfully deploy OpenLDAP on CentOS Stream 10.

Prerequisites for Installation

Before proceeding with the installation, ensure you have the following prerequisites in place:

  • CentOS Stream 10 Environment: Make sure you have CentOS Stream 10 installed and updated. This ensures compatibility with the latest packages and security patches.
  • Basic Linux Knowledge: Familiarity with basic Linux commands and administration tasks is essential for navigating through the installation and configuration process.
  • Internet Connection: An active internet connection is required to download the necessary packages.

Step-by-Step Installation of OpenLDAP

Installing OpenLDAP on CentOS Stream 10 involves several key steps. Follow these instructions carefully to ensure a successful setup.

1. Install OpenLDAP Packages

To begin, you need to install the OpenLDAP packages. Open a terminal and execute the following command:

sudo dnf install -y openldap openldap-servers openldap-clients

This command installs the core OpenLDAP server and client packages, which are essential for running and interacting with the LDAP service.

2. Start and Enable OpenLDAP Service

After installation, start the OpenLDAP service and enable it to run automatically on boot. Use the following commands:

sudo systemctl start slapd
sudo systemctl enable slapd

The slapd service is the OpenLDAP server daemon responsible for managing the LDAP directory.

3. Verify Service Status

To ensure that the service is running correctly, check its status with:

sudo systemctl status slapd

This command provides real-time information about the service’s operational state.

4. Create Administrative User and Password

To manage your LDAP directory securely, you need to create an administrative user and password. First, generate a hashed password using slappasswd:

slappasswd -h {SSHA} -s "your_admin_password"

Replace "your_admin_password" with your desired password. This command generates a hashed password that will be used in your LDAP configuration.

Next, create an LDIF (LDAP Data Interchange Format) file to add the admin user to the LDAP directory. For example, create a file named admin.ldif with the following content:

dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}your_hashed_password

dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,dc=example,dc=com

dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcSuffix
olcSuffix: dc=example,dc=com

Replace your_hashed_password with the output from slappasswd, and adjust dc=example,dc=com to match your domain.

Apply these changes using ldapmodify:

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f admin.ldif

5. Configure LDAP Database

To ensure optimal performance, configure the LDAP database settings. Copy the DB_CONFIG.example file to /var/lib/ldap/DB_CONFIG:

sudo cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Set appropriate permissions:

sudo chown ldap:ldap /var/lib/ldap/DB_CONFIG

Configuring OpenLDAP

After installing and starting the OpenLDAP service, you need to configure it to suit your environment.

1. Modify LDAP Configuration

Create another LDIF file, e.g., config.ldif, to modify the LDAP configuration:

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}your_hashed_password

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=admin,dc=example,dc=com

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com

Apply these changes using ldapmodify:

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f config.ldif

2. Set Up Access Control

To control access to your LDAP directory, you need to configure access control lists (ACLs). Create an LDIF file, e.g., access.ldif, with the following content:

dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcAccess
olcAccess: to attrs=userPassword by self write by anonymous auth by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to * by * read

Apply these changes:

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f access.ldif

3. Add Base DN

Create an LDIF file, e.g., base.ldif, to add your base DN:

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: example
o: Example Organization

dn: cn=admin,dc=example,dc=com
objectClass: organizationalRole
cn: admin

Add this entry to the LDAP directory:

sudo ldapadd -x -D cn=admin,dc=example,dc=com -w your_admin_password -f base.ldif

Replace your_admin_password with the password you created earlier.

4. Import LDAP Schemas

To support additional attributes and object classes, import standard LDAP schemas. CentOS typically includes these schemas by default, but you can manually import them if needed:

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

Testing OpenLDAP Configuration

After configuring OpenLDAP, it’s crucial to test your setup to ensure everything is working as expected.

1. Use ldapsearch to Verify Configuration

Run ldapsearch to verify that your LDAP directory is correctly configured and accessible:

sudo ldapsearch -x -b dc=example,dc=com

This command queries the LDAP directory and displays all entries under your base DN.

2. Check Service Logs

Inspect the OpenLDAP service logs for any errors or issues during startup or operations:

sudo journalctl -u slapd

This command provides detailed logs that can help diagnose problems.

3. Network Connectivity

Verify that the LDAP service is listening on port 389 using netstat or ss:

sudo ss -tlnp | grep 389

This ensures that the service is accessible over the network.

Troubleshooting Common Issues

During the installation and configuration process, you might encounter several common issues. Here are some troubleshooting tips:

  • Service Not Starting: Check the service logs for errors. Common issues include incorrect configuration files or insufficient permissions.
  • LDAP Connection Issues: Ensure that the firewall allows incoming connections on port 389. Use firewalld to add the necessary rule:
sudo firewall-cmd --permanent --zone=public --add-port=389/tcp
sudo firewall-cmd --reload
  • Authentication Errors: Verify that your admin password is correct and that the hashed password in your configuration matches the one generated by slappasswd.

Congratulations! You have successfully installed OpenLDAP. Thanks for using this tutorial for installing the OpenLDAP on your CentOS Stream 10 system. For additional or useful information, we recommend you check the official OpenLDAP website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button