The Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. This service allow you to store your users and passwords in a central location. Now, I will guide you how to setup network authentication with LDAP.
1- Prepare LDAP Server
Step 1. Install required LDAP Server packages
# yum install -y openldap openldap-servers openldap-clients openldap-devel nss_ldap
Step 2. Create directory to store LDAP database. This directory will hold all the bdb database files.
# mkdir /var/lib/ldap/itbox4vn.com # chown ldap:ldap /var/lib/ldap/itbox4vn.com |
Step 3. Create ldap admin password
Step 4. Edit /etc/openldap/slapd.conf
database bdb suffix "dc=itbox4vn,dc=com" rootdn "cn=Manager,dc=itbox4vn,dc=com" rootpw {SSHA}rwfbf8wrOQiXtbzWQeYBWu97RPju+7kH directory /var/lib/ldap/itbox4vn.com |
Step 5. Create a test account named ldapuser
Step 6. Create LDAP Database
The password conversion script is named migrate_common.ph. Edit the file and replace all instances of the string “padl” with the string “itbox4vn”.
# vi /usr/share/openldap/migration/migrate_common.ph # updatedb # cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/itbox4vn.com/DB_CONFIG # /usr/share/openldap/migration/migrate_all_offline.sh |
Step 7. Start the LDAP Server
2- Configure Linux Clients
Step 1. Install the necessary packages:
# yum install -y openldap nss_ldap openldap_clients openldap-devel
Step 2. Choose LDAP authentication
# authconfig-tui
The /etc/nsswitch.conf and /etc/ldap.conf file is automatically edited for you. There is no LDAP client service that needs to be started. When the config file is in place, you are all set to start authenticating via the network. When troubleshooting network client authentication, check the /var/log/secure file for the errors.
Step 3. Create The Home Directory For ldapuser On The LDAP Client
Step 4. Login and change password of ldapuser
3- Configure Windows Clients
pGina and LDAPAuth plugin are very useful applications for Windows System join LDAP Server. You can down load these from www.pgina.org.
After installation, we start to configure:
Now we restart Windows System and login to LDAP Server. I created a user called ldapwin for Windows using.
4- Common LDAP Administrative Tasks
Step 1. Change user password
Step 2. Create Modify LDAP User Script
#!/bin/bash grep $1 /etc/passwd > /tmp/modifyldapuser.tmp /usr/share/openldap/migration/migrate_passwd.pl /tmp/modifyldapuser.tmp /tmp/modifyldapuser.ldif.tmp cat /tmp/modifyldapuser.ldif.tmp > /tmp/modifyldapuser.ldif ldapmodify -x -D "cn=Manager,dc=itbox4vn,dc=com" -W -f /tmp/modifyldapuser.ldif rm -f /tmp/modifyldapuser.* |
Step 3. Create Add User Script
#!/bin/bash grep $1 /etc/passwd > /tmp/changeldappasswd.tmp /usr/share/openldap/migration/migrate_passwd.pl /tmp/changeldappasswd.tmp /tmp/changeldappasswd.ldif.tmp cat /tmp/changeldappasswd.ldif.tmp > /tmp/changeldappasswd.ldif ldapadd -x -D "cn=Manager,dc=itbox4vn,dc=com" -W -f /tmp/changeldappasswd.ldif rm -f /tmp/changeldappasswd.* |
Step 4. Create Delete User Script
#!/bin/bash ldapdelete -x -W -D "cn=Manager,dc=itbox4vn,dc=com" "uid=$1,ou=People,dc=itbox4vn,dc=com" |
Have fun!