Build Openldap from source with password policy enabled. - madhusudana30/AlternativeJPAForWebSphere GitHub Wiki

 sudo su 
 tar -xvzf openldap-2.4.47.tgz
 cd openldap-2.4.47/     
 yum install make
 yum install gcc
 yum install openssl
 yum install openssl-devel
 yum install libtool-ltdl-devel
 yum install libdb-devel
 yum install cyrus-sasl
 yum install cyrus-sasl-devel
 ./configure --prefix=/etc/openldap  --sysconfdir=/etc  --localstatedir=/var  --libexecdir=/usr/lib64  --disable-static --with-tls=openssl  --with-cyrus-sasl  --enable-dynamic  --enable-crypt --enable-spasswd --enable-slapd  --enable-modules --enable-rlookups --enable-backends=mod --disable-ndb --disable-sql --disable-bdb --disable-hdb --enable-mdb --enable-overlays=mod --disable-perl
 make depend
 make
 reboot
 make test
 make install
 cd /etc/openldap
 tar -xvf ldifBundle.tar 
 cp ldifBundle_V3/*.ldif .
 /etc/openldap/sbin/slappasswd 
 mkdir /var/openldap-data
 mkdir slapd.d
 vi initSlapd.ldif
     #give plain password: secret and change olcPidFile, olcArgsFile location to /var/openldap-data/slapd.pid /var/openldap-data/slapd.args
	 olcRootDN: cn=admin,cn=config
     olcRootPW: secret
     olcArgsFile: /var/openldap-data/slapd.args
     olcPidFile: /var/openldap-data/slapd.pid
/etc/openldap/sbin/slapadd -n 0 -F  slapd.d -l initSlapd.ldif -d 16383
chmod -R 777 slapd.d/
adduser ldap
chown -R ldap:ldap /etc/openldap
chown -R ldap:ldap /var/openldap-data
vi slapd.conf
	#change olcPidFile, olcArgsFile location to /var/openldap-data/slapd.pid /var/openldap-data/slapd.args
	pidfile         /var/openldap-data/slapd.pid
	argsfile        /var/openldap-data/slapd.args

#Generate Password and update in below files (olcDatabase={0}config.ldif, olcDatabase={1}mdb.ldif) /etc/openldap/sbin/slappasswd vi olcDatabase={0}config.ldif #Update Hash Password olcRootDN: cn=admin,cn=config olcRootPW: {SSHA}MueeezwzT675HbaS0Jbm7tyM9PV/6elO

vi olcDatabase={1}mdb.ldif #Update Hash Password olcRootDN: cn=manager,dc=company,dc=com olcRootPW:: {SSHA}MueeezwzT675HbaS0Jbm7tyM9PV/6elO

./slaptest 5cefa519 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={0}config.ldif" 5cefa519 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}mdb.ldif" config file testing succeeded

  1. Create a service unit file so systemd can start and stop the server on boot and shutdown. a. Paste the following into the file /etc/systemd/system/slapd.service [Unit] Description=OpenLDAP Server Daemon After=syslog.target network-online.target [Service] Type=forking PIDFile=/var/openldap-data/slapd.pid EnvironmentFile=/etc/sysconfig/slapd ExecStart=/usr/lib64/slapd -u ldap -g ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS [Install] WantedBy=multi-user.target b. Create the environment file (/etc/sysconfig/slapd) specified in the previous step. It should have the following contents: SLAPD_OPTIONS="-F /etc/openldap/slapd.d" SLAPD_URLS="ldapi:/// ldap:/// " c. Now, load the unit file and start the server: systemctl daemon-reload systemctl start slapd Check the status with following command: systemctl status slapd
  • systemctl daemon-reload
  • systemctl start slapd (while starting if there are any permission issues, give full permissions and try again.)
  • cd /etc/openldap/bin/

  • update ldif files as per your needs (update to admin user and password to secret hashed in ../grantPermissions.ldif,serviceAccounts.ldif)

  • ./ldapadd -x -a -W -D "cn=manager,dc=company,dc=com" -f ../fraud.ldif -h angularmachine
  • chmod -R 777 slapd.d/
  • ./ldapadd -x -a -W -D "cn=manager,dc=company,dc=com" -f ../serviceAccounts.ldif -h angularmachine
  • chmod -R 777 slapd.d/
  • ./ldapadd -x -a -W -D "cn=admin,cn=config" -f ../grantPermissions.ldif -h angularmachine
  • chmod -R 777 slapd.d/
  • ./ldapadd -x -a -W -D "cn=manager,dc=company,dc=com" -f ../defaultTenant.ldif -h angularmachine
  • chmod -R 777 slapd.d/
  • ./ldapadd -x -a -W -D "cn=manager,dc=company,dc=com" -f ../defaultTenantGroup.ldif -h angularmachine
  • chmod -R 777 slapd.d/
  • ./ldapadd -x -a -W -D "cn=manager,dc=company,dc=com" -f ../user.ldif -h angularmachine
  • chmod -R 777 slapd.d/
  • ./ldapmodify -W -D cn=admin,ou=users,dc=company,dc=com -f ../addUserToGroup.ldif -h angularmachine
  • chmod -R 777 slapd.d/
  • ./ldapadd -x -a -W -D "cn=admin,cn=config" -f ../ppolicy_overlay.ldif -h angularmachine
  • chmod -R 777 slapd.d/
  • ./ldapadd -x -a -W -D "cn=manager,dc=company,dc=com" -f ../policy.ldif -h angularmachine
  • chmod -R 777 slapd.d/
  • ./ldapmodify -W -D cn=admin,ou=users,dc=company,dc=com -f ../addPPolicyToUser.ldif -h angularmachine
  • chmod -R 777 slapd.d/
  • ./ldapadd -x -a -W -D "cn=manager,dc=company,dc=com" -f ../addClients.ldif -h angularmachine
  • chmod -R 777 slapd.d/
  • ./ldapmodify -x -a -W -D "cn=admin,cn=config" -f ../resetPWD.ldif -h angularmachine
  • chmod -R 777 slapd.d/