{"id":11744,"date":"2019-03-16T04:22:46","date_gmt":"2019-03-16T04:22:46","guid":{"rendered":"http:\/\/www.appservgrid.com\/paw92\/?p=11744"},"modified":"2019-03-16T04:22:46","modified_gmt":"2019-03-16T04:22:46","slug":"how-to-install-openldap-server-for-centralized-authentication","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/03\/16\/how-to-install-openldap-server-for-centralized-authentication\/","title":{"rendered":"How To Install OpenLDAP Server for Centralized Authentication"},"content":{"rendered":"

Lightweight Directory Access Protocol<\/strong>\u00a0(LDAP<\/strong>\u00a0in short) is an industry standard, lightweight, widely used set of protocols for accessing directory services. A directory service is a shared information infrastructure for accessing, managing, organizing, and updating everyday items and network resources, such as users, groups, devices, emails addresses, telephone numbers, volumes and many other objects.<\/p>\n

The\u00a0LDAP<\/strong>\u00a0information model is based on entries. An entry in a LDAP directory represents a single unit or information and is uniquely identified by what is called a\u00a0Distinguished Name<\/strong>\u00a0(DN<\/strong>). Each of the entry\u2019s attributes has a type and one or more values.<\/p>\n

An attribute is a piece of information associated with an entry. The types are typically mnemonic strings, such as \u201ccn<\/strong>\u201d for common name, or \u201cmail<\/strong>\u201d for email address. Each attribute is assigned one or more values consisting in a space-separated list.<\/p>\n

The following is an illustration of how information is arranged in the\u00a0LDAP<\/strong>\u00a0directory.<\/p>\n

\n

\"Ldap<\/a><\/p>\n

Ldap Information Model<\/p>\n<\/div>\n

<\/center>In this article, we will show how to install and configure\u00a0OpenLDAP<\/strong>\u00a0server for centralized authentication in\u00a0Ubuntu 16.04\/18.04<\/strong>\u00a0and\u00a0CentOS 7<\/strong>.<\/p>\n

Step 1: Installing LDAP Server<\/h3>\n

1.<\/strong>\u00a0First start by installing\u00a0OpenLDAP<\/strong>, an open source implementation of\u00a0LDAP<\/strong>\u00a0and some traditional LDAP management utilities using the following commands.<\/p>\n

# yum install openldap openldap-servers\t    #CentOS 7\r\n$ sudo apt install slapd ldap-utils\t    #Ubuntu 16.04\/18.04\r\n<\/pre>\n
On\u00a0Ubuntu<\/strong>, during the package installation, you will be prompted to enter the password for the admin entry in your LDAP directory, set a secure password and confirm it.<\/p>\n
\n
\"Configure<\/a><\/p>\n
Configure Slapd Admin Password<\/p>\n<\/div>\n
When the installation is complete, you can start the service as explained next.<\/p>\n
2.<\/strong>\u00a0On\u00a0CentOS 7<\/strong>, run the following commands to start the\u00a0openldap<\/strong>\u00a0server daemon, enable it to auto-start at boot time and check if its up and running (on\u00a0Ubuntu<\/strong>\u00a0the service should be auto-started under systemd, you can simply check its status):<\/p>\n
$ sudo systemctl start slapd\r\n$ sudo systemctl enable slapd\r\n$ sudo systemctl status slapd\r\n<\/pre>\n
3.<\/strong>\u00a0Next, allow requests to the\u00a0LDAP<\/strong>\u00a0server daemon through the firewall as shown.<\/p>\n
# firewall-cmd --add-service=ldap    #CentOS 7\r\n$ sudo ufw allow ldap                #Ubuntu 16.04\/18.04\r\n<\/pre>\n
Step 2: Configuring LDAP Server<\/h3>\n
Note<\/strong>: It is not recommended to manually edit the LDAP configuration, you need to add the configurations in a file and use the\u00a0ldapadd<\/strong>\u00a0or\u00a0ldapmodify<\/strong>\u00a0command to load them to the LDAP directory as shown below.<\/p>\n
4.<\/strong>\u00a0Now create a OpenLDAP administrative user and assign a password for that user. In the below command, a hashed value is created for the given password, take note of it, you will use it in the LDAP configuration file.<\/p>\n
$ slappasswd\r\n<\/pre>\n
\n
\"Create<\/a><\/p>\n
Create Ldap Admin User<\/p>\n<\/div>\n
5.<\/strong>\u00a0Then create an\u00a0LDIF<\/strong>\u00a0file (ldaprootpasswd.ldif<\/strong>) which is used to add an entry to the LDAP directory.<\/p>\n
$ sudo vim ldaprootpasswd.ldif\r\n<\/pre>\n
Add the following contents in it:<\/p>\n
dn: olcDatabase={0}config,cn=config\r\nchangetype: modify\r\nadd: olcRootPW\r\nolcRootPW: {SSHA}PASSWORD_CREATED\r\n<\/pre>\n
explaining the attribute-value pairs above:<\/p>\n