Advance

Tutorial Install LDAP Client On CentOS 7 & 8

Richard 23 Min Read
Tutorial Install LDAP Client On CentOS 7&8

LDAP is the abbreviation of Lightweight Directory Access Protocol. LDAP is a vendor-neutral application protocol that lets you assess and maintain distributed directory information services over an Internet Protocol network directory Access Protocol. There are many different ways to provide a directory. Using LDAP helps you to provide a central place to store usernames and passwords. So, there would be many different applications and services which could connect to the LDAP server to validate users. This article presents the Tutorial Install LDAP Client On Centos 7&8. Choose a suitable package due to your needs on Eldernode and purchase your own CentOS VPS.

To let this tutorial work better, please consider the below Prerequisites:

A non-root user with sudo privileges.

To set up, follow our initial set up centos 8.

Install LDAP Client On CentOS 7 | CentOS 8

Different kind of information is stored in the directory by different methods. You can consider different requirements on how that information can be referenced, queried, updated, and the way it is protected from authorized access.

Recommended Article: How to Configure Ajenti on CentOS 8 [complete]

How To Install And Configure LDAP Client On CentOS 7

Join us to go through the steps of this guide to install and configure OpenLDAP on CentOS 7. be careful to do every step correctly to finish the easy process of installation.

Step 1:

As usual, you are recommended to update your system for some security reasons. Use the command below to update all your system packages to the newest available version:

yum update

Step 2:

To install the packages required for OpenLDAP functionality, run:

yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel

Then, you must start the LDAP daemon and enable it on the root. So, type:

systemctl start slapd.service  systemctl enable slapd.service

Step 3:

To set an LDAP root password and save the output, use the command below to help you configure OpenLDAP in the following.

slappasswd

Step 4:

To start configuring the OpenLDAP, you need to create the db.idif file. Use nano or your favorite text editor and paste the following content in:

nano db.ldif
dn: olcDatabase={2}hdb,cn=config  changetype: modify  replace: olcSuffix  olcSuffix: dc=field,dc=eldernode,dc=com    dn: olcDatabase={2}hdb,cn=config  changetype: modify  replace: olcRootDN  olcRootDN: cn=ldapadm,dc=field,dc=eldernode,dc=com    dn: olcDatabase={2}hdb,cn=config  changetype: modify  replace: olcRootPW  olcRootPW: hashed_output_from_the_slappasswd_command

Now, deploy the configuration:

ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif

Next, you can restrict monitor access only to the ldapadm user:

nano monitor.ldif
dn: olcDatabase={1}monitor,cn=config  changetype: modify  replace: olcAccess  olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=field,dc=eldernode,dc=com" read by * none

Again, deploy the configuration change by running the following command:

ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif

Step 5:

In this step, you need to generate a certificate and private key to be able to communicate with the OpenLDAP server securely. Run the following command to pass this step.

openssl req -new -x509 -nodes -out \
/etc/openldap/certs/myldap.field.eldernode.com.cert \
-keyout /etc/openldap/certs/myldap.field.eldernode.com.key \
-days 365

To change the owner and group permissions, type the command below. It allows OpenLDAP to read the files:

chown -R ldap:ldap /etc/openldap/certs

Step 6:

To configure OpenLDAP and use the LDAPS protocol, you must create certs.ldif.

nano certs.ldif
dn: cn=config  changetype: modify  replace: olcTLSCertificateFile  olcTLSCertificateFile: /etc/openldap/certs/myldap.field.eldernode.com.cert
dn: cn=config  changetype: modify  replace: olcTLSCertificateKeyFile  olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.field.eldernode.com.key

And again, you can deploy the configuration:

ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif

You can also test the configuration by running the command below:

slaptest -u

How to setup the OpenLDAP database

When the above steps are passed, you are ready to set up the LDAP database. To start the process, you must copy the sample database configuration file to ‘/var/lib/ldap’ and change the file permissions.

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown -R ldap:ldap /var/lib/ldap

And then, add the LDAP schemas.

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldifv

Next, create a base.ldif file for your domain:

nano base.ldif
dn: dc=field,dc=eldernode,dc=com  dc: field  objectClass: top  objectClass: domain
dn: cn=ldapadm,dc=field,dc=eldernode,dc=com  objectClass: organizationalRole  cn: ldapadm  description: LDAP Manager
dn: ou=People,dc=field,dc=eldernode,dc=com  objectClass: organizationalUnit  ou: People
dn: ou=Group,dc=field,dc=eldernode,dc=com  objectClass: organizationalUnit  ou: Group

Deploy these configuration changes to the OpenLDAP server using the ldapadm user:

ldapadd -x -W -D "cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com" -f base.ldif

When you are asked, enter the root password. If you prefer to add users, you can use a GUI. Also, you are recommended to 0use Apache Directory Studio or JXplorer for this.

That’s that! LDAP should now have been installed on your CentOS 7 server.

Recommended Article: Tutorial Install LDAP Client On CentOS 7 & 8

How To Install And Configure LDAP Client On CentOS 8

CentOS 8 repositories do not have the latest version of OpenLDAP and the available version should be provided. Continue the steps of this guide to finish the LDAP installation process on CentOS 8.

Step 1:

To update your system packages, run the following command:

dnf update

Step 2:

Then, you need to install the required dependencies and build tools. To install the number of dependencies and build tools, run:

dnf install cyrus-sasl-devel make libtool autoconf libtool-ltdl-devel openssl-devel libdb-devel tar gcc perl perl-devel wget vim

Start 3:

Now, it is time to create OpenLDAP System Account. Since the OpenLDAP will run a non-privileged system user, use the command below to create the OpenLDAP system user with a custom user and group id.

useradd -r -M -d /var/lib/openldap -u 55 -s /usr/sbin/nologin ldap

Start 4:

To download OpenLDAP source tarball, it is better to navigate to the OpenLDAP download’s page and receive the latest stable release of that.

VER=2.4.57
wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-$VER.tgz

Step 5:

Now, you can extract the OpenLDAP Source tarball. Use the command below to do this:

tar xzf openldap-$VER.tgz

Step 6:

You need to run the configuration script to adapt OpenLDAP to your system to be able to compile OpenLDAP on CentOS 8. Use the following command to check if any required dependency is missing or not.

cd openldap-$VER

You can enable or disable various options while building OpenLDAP with configure script.

./configure --prefix=/usr --sysconfdir=/etc --disable-static \
--enable-debug --with-tls=openssl --with-cyrus-sasl --enable-dynamic \
--enable-crypt --enable-spasswd --enable-slapd --enable-modules \
--enable-rlookups --enable-backends=mod --disable-ndb --disable-sql \
--disable-shell --disable-bdb --disable-hdb --enable-overlays=mod

Note: If you need more information about the configuration options, get help:

./configure --help

Once the configuration script is completed with no issues, you will see the following command in the last line.

Please run "make depend" to build dependencies

As you guess, you need to run the make depend command to build OpenLDAP dependencies.

make depend

finally, to compile OpenLDAP on CentOS 8, type:

make

If you prefer to run the test suite to verify OpenLDAPbuild for any errors, type:

make test

Note: Running the above command is optional and may take time.

Step 7:

Once the compilation of OpenLDAP is successfully completed, you are ready to use the command below to install OpenLDAP on CentOS 8.

make install

OpenLDAP configuration files are now installed on /etc/openldap.

ls /etc/openldap/  certs ldap.conf ldap.conf.default schema slapd.conf slapd.conf.default slapd.ldif slapd.ldif.default

Note: The libraries are installed under /usr/libexec/openldap.

How to configure OpenLDAP on CentOS 8

When you have finished the process of OpenLDAP installation, you can start configuring that.

To create OpenLDAP data and database directories, run:

mkdir /var/lib/openldap /etc/openldap/slapd.d

Now, you can set the proper ownership and permissions on OpenLDAP directions and configuration files.

chown -R ldap:ldap /var/lib/openldap
chown root:ldap /etc/openldap/slapd.conf
chmod 640 /etc/openldap/slapd.conf

Conclusion

In this article, the Tutorial Install LDAP Client On CentOS 7 & 8 was presented to you. Some directory services are local, and others are global. local services provide service to a restricted context like the finger service on a single machine and the global service provides service to a much broader context. In case you are interested in reading more about LDAP, find our related article on How To Install LDAP Client On Ubuntu 20.04

View More Posts
Richard
Eldernode Writer
We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.

Leave a Reply

Your email address will not be published. Required fields are marked *

We are by your side every step of the way

Think about developing your online business; We will protect it compassionately

We are by your side every step of the way

+8595670151

7 days a week, 24 hours a day