Openldap for Rhel-6

OpenLDAP Software is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project. it is a simplified version of the X.500 protocol.LDAP can be used for authentication, to share directory, and address book, etc.

Through the following steps you can configure OpenLdap on RHEL-6.

Step-1 First You need to install all required package for Openldap

  ]#  yum  install    openldap-servers  openldap-clients  compat-openldap   migrationtools

Following are important configuration directories and files.

  • /etc/openldap/               --->  Main configuration folder which contains necessary openldap configuration files.
  • /etc/openldap/ldap.conf --->  Client side configuration file.
  • /etc/openldap/slapd.d/    --->  Server configuration directory.


Step-2 Now generate password hash, which will be used for setting Ldap Manager's (  administration ) password from the following command.

  ]#  slappasswd

       password : yourpassword

       retype-password : yourpassword

       r2or9fYlvieCu0LP6wTnSdYfrddsuVssdfdV  ( copy this hash value )


Step-3  Edit the following file to set your domain name, password and TLS certificates.

  ]#  vim   /etc/openldap/slapd.d/cn=config/olcDatabase{1}bdb.ldif 

   First of all search the following name and replace it with your domain name

  Now add following lines--- 
  olcRootPW:{SSHA} r2or9fYlvieCu0LP6wTnSdYfrddsuVssdfdV  ( paste above generated hash here)
  olcTLSCACertificateFile:/etc/pki/CA/my-ca.crt                ---> ( CA certificate )
  olcTLSCertificateFile:/etc/pki/tls/certs/openldap.crt         ---> ( Public certificate )
  olcTLSCertificateKeyFile:/etc/pki/tls/certs/openldap.key  ---> ( Private key ) 


Step-4  Edit the following file to set monitoring privileges.

  ]#  vim   /etc/openldap/slapd.d/cn=config/olcDatabase{2}monitor.ldif  

   Again  search the following name and replace it with your domain name



Step-5  Create Private  key and certificate signing request and get CA signed certificate for ldap server.

   To create private key run the following command.

 [root @server1~]#  openssl  genrsa  -out  /etc/pki/tls/certs/openldap.key   1024

  To Generate certificate signing request (CSR).

 [root @server1~]# openssl  req  -new  -key  /etc/pki/tls/certs/openldap.key   -out  /etc/pki/tls/certs/openldap.csr

  To create CA signed certificate from CSR. 

 [root @server1~]#  openssl  ca  -in  /etc/pki/tls/certs/openldap.csr   -out  /etc/pki/tls/certs/openldap.crt



Step-6  Now copy following database cache file, set required ownership and group ownership and enable TLS support.

  [root @server1~]#  cp  /usr/share/openldap-servers/DB_CONFIG.example    /var/lib/ldap/DB_CONFIG  

  [root @server1~]#  chown  -Rf  ldap:ldap   /var/lib/ldap/ 


  [root @server1~]#  vim   /etc/sysconfig/ldap  

           SLAPD_LDAP = yes 



Step-7  Test and enable openldap.

   To test configuration  

  [root @server1~]#  slaptest  -u    

    To enable and start openlap  

  [root @server1~]#  chkconfig   slapd  on

  [root @server1~]#  service  slapd  start 

    To search ldap objectclasses.  

  [root @server1~]#  ldapsearch  -x  -b  dc=example,dc=com 


Cheer !!