Openldap Setup - nijov/micro-services GitHub Wiki

https://www.howtoforge.com/linux_ldap_authentication

Create a new pwd

[root@vmname9999 ~]# slappasswd -h {md5} New password: abcd Re-enter new password: abcd cn=config.ldif #abcd= {SSHA}cVZo6Pq+n344LcJGmEUKcs0D38Bw6iV8 olcRootPW:{SSHA}cVZo6Pq+n344LcJGmEUKcs0D38Bw6iV8

Start LDAP server /etc/init.d/slapd start

URI ldap://vmname9999.lp.company.com ldap://vmname9999.lp.company.com:666

/etc/init.d/slapd stop /etc/init.d/slapd start -f slapd.conf -T test -d 65535 -h ldap://localhost

ldapsearch -x -D "cn=Manager,dc=ldaptest,dc=com" -W

ldapsearch -v -d 63 -W -D 'cn=manager,dc=ldaptest,dc=com' -b "" -s base

1093 ps -ef | grep ldap 1094 ldapsearch -x -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base -H ldap://localhost 1098 /etc/init.d/slapd start -T test -f slapd.conf -d 65535 -h ldap://localhost 1100 ldapsearch -v -d 63 -W -D 'cn=Manager,dc=example,dc=com' -b "" -s base

1104 /etc/init.d/slapd start -T test -f slapd.conf -d 65535 -h ldap://localhost 1105 ldapsearch -v -d 63 -W -D 'cn=Manager,dc=ldaptest,dc=com' -b "" -s base 1107 ldapsearch -x -W -D 'cn=Manager,dc=ldaptest,dc=com' -b "" -s base -H ldap://localhost

ldapsearch -x -b 'dc=ldaptest,dc=com' '(objectclass=*)' ldapadd -x -D "cn=Manager,dc=ldaptest,dc=com" -W -f second.ldif ldapsearch -x -b "dc=ldaptest,dc=com"

installation directory: /etc/openldap/

vi second.ldif

Add new entries

ldapadd -x -D "cn=Manager,dc=ldaptest,dc=com" -W -f second.ldif

Enter LDAP Password:abcd adding new entry "dc=ldaptest,dc=com"

adding new entry "ou=users,dc=ldaptest,dc=com"

adding new entry "ou=groups,dc=ldaptest,dc=com"

get LDAP ROOT user pwd: ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW | tee ~/newpasswd.ldif

get LDAP user pwd: ldapsearch -h vmname9999.poclab.company.com -LLL -x -b "cn=myappuser,ou=systemids,dc=ldaptest,dc=com"

ldapsearch -h vmname9999.poclab.company.com -LLL -x -b "cn=myappuser,ou=systemids,dc=ldaptest,dc=com" ldapwhoami -vvv -h vmname9999.poclab.company.com -D "cn=myappuser,ou=systemids,dc=ldaptest,dc=com" -x -w "test"

CHANGE USER PWD - you wish to change user password using root DN ldappasswd -H ldap://vmname9999.poclab.company.com -x -D "cn=Manager,dc=ldaptest,dc=com" -W -S "cn=myappuser,ou=systemids,dc=ldaptest,dc=com" You will be prompted for Bob's new password and then you will be prompted for the password needed to bind to

-- standard search ldapsearch -x -W -D 'cn=Manager,dc=ldaptest,dc=com' -b "" -s base -H ldap://localhost --debug search ldapsearch -v -d 63 -W -D 'cn=Manager,dc=ldaptest,dc=com' -b "" -s base

How to ENABLE LOG

Be sure that local4 facility is enabled in /etc/rsyslog.conf: local4.* /var/log/slapd
Be sure to disable rate limiting in /etc/rsyslog.conf: $SystemLogRateLimitInterval 0
Modify loglevel: $ cat modify-loglevel.ldif dn: cn=config changetype: modify replace: olcLogLevel olcLogLevel: any

ldapmodify -Y EXTERNAL -H ldapi:/// -f modify-loglevel.ldif

Monitor /var/log/slapd for changes:

tail -f /var/log/slapd

ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config

String X.500 AttributeType

CN commonName L localityName ST stateOrProvinceName O organizationName OU organizationalUnitName C countryName STREET streetAddress DC domainComponent UID userid

dn - distinguished name - is the complete path to the object in the directory information tree (DIT)

[root@vmname9999 openldap]# vi second.ldif

Root level - already added

#dn: dc=ldaptest,dc=com #objectClass: dcObject #objectClass: organization #o: ldaptest

Added

#dn: ou=systemids,dc=ldaptest,dc=com #objectClass: organizationalUnit #ou: systemids

#added #dn: cn=myappuser,ou=systemids,dc=ldaptest,dc=com #objectClass: inetOrgPerson #cn: myappuser #sn: test #givenName: myappuser #userPassword: myappuser

you wish to change user password using root DN ldappasswd -H ldap://vmname9999.poclab.company.com -x -D "cn=Manager,dc=ldaptest,dc=com" -W -S "cn=myappuser,ou=systemids,dc=ldaptest,dc=com" You will be prompted for Bob's new password and then you will be prompted for the password needed to bind to