Christian WellsOpenLDAP is a powerful and versatile software implementation of the Lightweight Directory Access Protocol (LDAP). It allows for efficient management of user information and authentication within a network. In this comprehensive guide, we will walk you through the step-by-step process of installing OpenLDAP Server on your AlmaLinux 9 machine. By the end of this tutorial, you will have a fully functional OpenLDAP Server up and running, ready to be integrated into your applications.
Prerequisites
Before we dive into the installation process, let’s make sure we have all the necessary prerequisites in place:
- An AlmaLinux 9 machine: For this demonstration, we will assume the hostname of our server is
ldapand the IP address is192.168.10.50. - A non-root user with administrator privileges: Ensure that you have a non-root user account with sudo privileges to carry out the installation and configuration steps.
Setting Up FQDN
Before installing the OpenLDAP server, it is essential to configure the Fully Qualified Domain Name (FQDN) and ensure it points to the correct IP address. Follow these steps to set up the FQDN on your AlmaLinux machine:
- Set up the FQDN of your AlmaLinux machine by running the following command:
sudo hostnamectl set-hostname ldap.example.local
- Open the
/etc/hostsfile with the nano editor using the following command:
sudo nano /etc/hosts
- Insert the following configuration into the file, making sure to replace the IP address, FQDN, and hostname with your own values:
192.168.10.50 ldap.example.local ldap
- Save the file and exit the editor.
- To verify that the FQDN is correctly set up and pointing to the proper IP address, run the following commands:
sudo hostname -f ping -c3 ldap.example.local
If successful, you should see the FQDN ldap.example.local associated with the IP address 192.168.10.50.
Installing OpenLDAP Server
To install the OpenLDAP server on your AlmaLinux machine, follow these steps:
- Add the EPEL repository to your AlmaLinux server by running the following command:
sudo dnf install epel-release -y
- Install the OpenLDAP server and client packages by running the following command:
sudo dnf install openldap-servers openldap-clients
- When prompted, type
yto confirm the installation, and press ENTER. - When asked to add the GPG key of the EPEL repository, type
yand press ENTER. - Start and enable the OpenLDAP service by running the following commands:
sudo systemctl start slapd sudo systemctl enable slapd
- Verify that the slapd service is running by executing the following command:
sudo systemctl status slapd
If running, you should see an output indicating that the service is active (running).
- Open both the LDAP and LDAPS services on firewalld to allow client connections. Run the following firewall-cmd commands, and then reload firewalld to apply the changes:
sudo firewall-cmd --add-service={ldap,ldaps} --permanent sudo firewall-cmd --reload
- Verify the list of firewalld rules by running the following command:
sudo firewall-cmd --list-all
If successful, you should see both LDAP and LDAPS services listed.
Congratulations! You have successfully installed the OpenLDAP server on your AlmaLinux machine. In the next section, we will guide you through the basic configuration steps for your OpenLDAP server.
Basic OpenLDAP Server Configuration
After installing the OpenLDAP server, it is crucial to configure it properly. In this section, we will cover the initial configuration steps, including setting up the domain name and base domain, creating an administrator user, and importing basic schemas.
Setting Up Domain and Base Domain
To set up the domain name and base domain on your OpenLDAP server, follow these steps:
- Create a new LDIF file named
chdomain.ldifusing the nano editor:
nano chdomain.ldif
- Add the following configuration to the file, replacing the domain name
dc=example,dc=localwith your desired domain name and the hashed password with your own:
# chdomain.ldif
# replace to your own domain name for [dc=***,dc=***] section
# specify the password generated above for [olcRootPW] section
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
read by dn.base="cn=Manager,dc=example,dc=local" read by * none
dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=local
dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=example,dc=local
dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}yK9Dk+Kz9S9CLu3Y+ZtJVAYF+MPIRl1X
dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn="cn=Manager,dc=example,dc=local" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=example,dc=local" write by * read
- Save the file and exit the editor.
- Apply the new configuration to the OpenLDAP server by running the following command:
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
- Verify your configuration by running the following command:
sudo ldapsearch -H ldap:// -x -s base -b "" -LLL "namingContexts"
If successful, you should see the namingContexts containing the domain name of your OpenLDAP server.
Adding New User on OpenLDAP Server
Now that the initial configuration is complete, let’s create a new user on your OpenLDAP server. Follow these steps:
- Generate a hashed password for the new user by running the following command:
slappasswd
- Copy the generated hash as it will be used in the next step.
- Create a new LDIF file named
newuser.ldifusing the nano editor:
nano newuser.ldif
- Add the following configuration to the file, replacing the domain name, username, group GID and UID, home directory, and password hash with your own values:
# basedomain.ldif # replace to your own domain name for [dc=***,dc=***] section dn: dc=example,dc=local objectClass: top objectClass: dcObject objectclass: organization o: Example Local dc: example dn: cn=Manager,dc=example,dc=local objectClass: organizationalRole cn: Manager description: Directory Manager dn: ou=People,dc=example,dc=local objectClass: organizationalUnit ou: People dn: ou=Group,dc=example,dc=local objectClass: organizationalUnit ou: Group
- Save the file and exit the editor.
- Add the new user and group to your OpenLDAP server by running the following command:
sudo ldapadd -x -D cn=Manager,dc=example,dc=local -W -f newuser.ldif
- Enter your OpenLDAP password when prompted and press ENTER to confirm.
- Verify the presence of the new user and group by running the following commands:
sudo ldapsearch -x -b "ou=People,dc=example,dc=local" sudo ldapsearch -x -b "ou=Group,dc=example,dc=local"
If successful, you should see the user alma and the group alma listed.
Conclusion
Congratulations! You have successfully installed and configured the OpenLDAP server on your AlmaLinux 9 machine. You are now ready to leverage its powerful features for efficient user management and authentication within your network. For further security and scalability, consider setting up SSL/TLS for your OpenLDAP server and explore web-based frontends such as php OpenLDAP. Shape.host offers reliable and secure cloud hosting solutions, including Linux SSD VPS, to empower your business with efficient and scalable infrastructure. Happy LDAP-ing!
