roghuchi/OpenldapPublic

NotificationsYou must be signed in to change notification settings
Fork1
Star6

License

MIT license

6 stars 1 fork Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 72 Commits
lsc		lsc
roles		roles
sync-monitoring/scripts		sync-monitoring/scripts
LICENSE		LICENSE
README.md		README.md
openldap-client-configuration.yml		openldap-client-configuration.yml

Repository files navigation

Openldap

Installation

server side

configure FQDN hostname for your server

sudo nano /etc/hosts

192.168.56.111 ldap.example.com

sudo hostnamectl set-hostname ldap.example.com --static

Update Debian server

sudo apt  update -y

sudo apt  upgrade -y

Install OpenLDAP on Debian 11 / Debian 10 Linux

sudo apt  install slapd ldap-utils -y

sudo dpkg-reconfigure slapd

Answer these questions:

omit openldap server configuration? NoDNS domain name? example.comremove the database when slapd is purged? Nomove old database? Yes

check ldap configuration:

sudo slapcat

Add base dn for Users and Groups

nano basedn.ldif

dn: ou=people,dc=example,dc=com objectClass: organizationalUnitou: peopledn: ou=groups,dc=example,dc=comobjectClass: organizationalUnitou: groups

apply basedn.ldif

sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f basedn.ldif

Add User Accounts and Groups

Generate a password for the user account to add

sudo slappasswd

sample output:

New password:Re-enter new password:{SSHA}5D94oKzVyJYzkCq21LhXDZFNZpPQD9uE

Create ldif file for adding users

nano ldapusers.ldif

dn: uid=jmutai,ou=people,dc=example,dc=comobjectClass: inetOrgPersonobjectClass: posixAccountobjectClass: shadowAccountcn: Josphatsn: MutaiuserPassword: {SSHA}5D94oKzVyJYzkCq21LhXDZFNZpPQD9uEloginShell: /bin/bashhomeDirectory: /home/jmutaiuidNumber: 3000gidNumber: 300

apply ldapusers.ldif

sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f ldapusers.ldif

Create ldif file for adding group

nano ldapgroups.ldif

dn: cn=jmutai,ou=groups,dc=example,dc=comobjectClass: posixGroupcn: jmutaigidNumber: 3000memberUid: jmutai

sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f ldapgroups.ldif

Install LDAP Account Manager on Debian 11 / Debian 10

Download the latest release of ldap account manager deb package

wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_7.7-1_all.deb

sudo apt install -f ./ldap-account-manager_7.7-1_all.deb

Configure LDAP Account Manager on Debian 11 / Debian 10

check it on the web:

http://(server’s hostname or IP address)/lamhttp://192.168.56.111//lam

client side Debian

sudo apt update

sudo apt install libnss-ldap libpam-ldap ldap-utils

Answer these questions:

LDAP server URI ?

ldap://192.168.56.111/

Distinguished name of search base?

dc=example,dc=com

LDAP version to use?

3

LDAP account for root?

cn=admin,dc=example,dc=com

LDAP root account password?

admin password (smile)

Allow LDAP admin account to behave like local root?

Yes

Does the LDAP database require login?

No

LDAP administrative account?

cn=admin,dc=example,dc=com

LDAP administrative password?

admin password (smile)

First edit nsswitch : (/etc/nsswitch.conf)

passwd:            compat ldapgroup:             compat ldapshadow:            compat ldap

Then edit these files :

/etc/pam.d/common-account

account sufficient pam_unix.so

account required pam_ldap.so

/etc/pam.d/common-auth

auth sufficient pam_unix.so nullok_secureauth required pam_ldap.so use_first_passauth required pam_permit.so

/etc/pam.d/common-password

password sufficient pam_unix.so nullok obsecure md5password required pam_ldap.so

/etc/pam.d/common-session

session required pam_unix.sosession required pam_mkhomedir.so skel=/etc/skel umask=0022

Then restart nscd service

/etc/init.d/nscd restart

Run this command and select all parameters:

pam-auth-update --force

client side Centos

sudo yum update

sudo yum install  nss-pam-ldapd nscd openldap-clients -y

After install the packages you should run the following command for change configs:

authconfig-tui

in the next page you should enter ldap uri and base dn

also add these lines in this file:

sudo vi /etc/nslcd.conf

ldap_version 3binddn cn=admin,dc=example,dc=combindpw [admin password]

Then restart nscd service

service nslcd restart

Then add the line in this file for make home directory for the ldap users :

/etc/pam.d/sshd

session required pam_mkhomedir.so skel=/etc/skel umask=0022

Then restart sshd service

sudo service sshd restart

Commands

ldapsearch -x -D cn=admin,dc=test,dc=com -w [pass] -p 389 -h localhost

ldapadd -x -D cn=admin,dc=test,dc=com -w  [pass] -p 389 -h localhost -f sshPublicKey.ldif

ldapmodify -x -a -D cn=admin,dc=test,dc=com -w [pass] -p 389 -h localhost -f /etc/ldap/schema/ppolicy.ldif

LSC configuration

LSC Link

About

No description or website provided.

Releases

No releases published

Packages

No packages published

Contributors2

Languages

Python100.0%

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

License

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

Openldap

Installation

server side

Install OpenLDAP on Debian 11 / Debian 10 Linux

Install LDAP Account Manager on Debian 11 / Debian 10

client side Debian

client side Centos

Commands

LSC configuration

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages

Contributors2

Uh oh!

Languages

Movatterモバイル変換

License

roghuchi/Openldap

Folders and files

Latest commit

History

Repository files navigation

Openldap

Installation

server side

Install OpenLDAP on Debian 11 / Debian 10 Linux

Install LDAP Account Manager on Debian 11 / Debian 10

client side Debian

client side Centos

Commands

LSC configuration

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages0

Contributors2

Uh oh!

Languages

Packages