Openldap | James Tanner

Recovered from the older tannerjc.net wiki snapshot dated January 23, 2016.

Installation and configuration

Installing openldap:

    6  yum install openldap
   23  rpm -ivh openldap-2.3.27-8.i386.rpm
   24  rpm -ivh openldap-clients-2.3.27-8.i386.rpm
   25  rpm -ivh openldap-servers-2.3.27-8.i386.rpm
   26  yum install openldap-servers
   27  cd /etc/openldap/
   30  cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
   31  service ldap start
   32  chkconfig ldap on
   33  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f /tmp/ldapinit.ldif

ldapinit.ldif - ldif files can contain multiple commands, separated by a blank line. Ensure there are no trailing spaces on any line.

[root@server1 ldif-files]# cat /tmp/ldapinit.ldif
dn: dc=gibsonhax,dc=com
dc: gibsonhax
objectClass: top
objectClass: domain
objectClass: domainRelatedObject
associatedDomain: gibsonhax.com

dn: ou=People,dc=gibsonhax,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: gibsonhax.com

dn: ou=Group,dc=gibsonhax,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: gibsonhax.com

dn: ou=sales,dc=gibsonhax,dc=com
ou: sales
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: gibsonhax.com

Managing Users

Querying LDAP users:**

[root@server1 scripts]# cat /root/scripts/queryusers
for i in `ldapsearch -x -b 'dc=gibsonhax,dc=com' 'objectclass=*' | grep uid:  | cut -d  -f2`; do id $i |  cut -d  -f1,2 ; done;
[root@server1 scripts]# /root/scripts/queryusers
uid=1001(jsterling) gid=1000(hackers)
uid=1002(kendrickg) gid=1000(hackers)
uid=1003(pdiddy) gid=1001(sales)
uid=1004(wgates) gid=1001(sales)
uid=1007(oprah) gid=1002(hr)
uid=1008(geraldo) gid=1002(hr)
uid=1005(sjobs) gid=1003(marketing)
uid=1006(foxnews) gid=1003(marketing)
uid=1000(jtanner) gid=1000(hackers)
uid=1009(drpepper) gid=1001(sales)

Adding a user:**

[root@server1 ldif-files]# cat pdiddy.ldif
dn: uid=pdiddy,ou=People,dc=gibsonhax,dc=com
uid: pdiddy
cn: pdiddy
sn: pdiddy
mail: pdiddy@gibsonhax.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$wa6gvLhw$fxMijjdVAnnhY5wh6bks8/
shadowLastChange: 13773
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1003
gidNumber: 1001
homeDirectory: /home/ldap/pdiddy
[root@server1 scripts]# ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f pdiddy.ldif
adding new entry uid=pdiddy,ou=People,dc=gibsonhax,dc=com

After adding the user to ldap, a homedirectory has to be created manually

 1017  cd /home/ldap
 1019  mkdir drpepper
 1020  id drpepper
 1021  chown drpepper:sales drpepper
 1022  chmod 700 drpepper

sendmail/dovecot/squirrelmail should all be aware of the new user immediately without further configuration.
Deleting a user:**
use ldapvi
delete the entire entry for the user
Reset user’s password to redhatpwd**

[root@server1 ldif-files]# cat changepass.ldif
dn: uid=jtanner,ou=People,dc=gibsonhax,dc=com
changetype: modify
replace: userPassword
userPassword: {crypt}$1$wa6gvLhw$fxMijjdVAnnhY5wh6bks8/
[root@server1 ldif-files]# ldapmodify -x -f changepass.ldif -D cn=Manager,dc=gibsonhax,dc=com -w redhat
modifying entry uid=jtanner,ou=People,dc=gibsonhax,dc=com

To set a different password, use slappasswd

[root@server1 ~]# slappasswd -s newpasswd -h {CRYPT}
{CRYPT}nzZNMcuxWYiMU

Changing user password -as- the user**
package openldap-clients must be installed and ldappasswd command available on the client.

Changing LDAP user’s group:**

[root@server1 ldif-files]# cat changegroup.ldif
dn: uid=foxnews,ou=People,dc=gibsonhax,dc=com
changetype: modify
replace: gidNumber
gidNumber: 510
[root@server1 ldif-files]# ldapmodify -x -f changegroup.ldif -D cn=Manager,dc=gibsonhax,dc=com -w redhat
modifying entry uid=geraldo,ou=People,dc=gibsonhax,dc=com

Managing Groups

Adding a group:

[root@server1 ldif-files]# cat marketing.ldif
dn: cn=marketing,ou=Group,dc=gibsonhax,dc=com
objectClass: posixGroup
objectClass: top
cn: marketing
userPassword: {crypt}x
gidNumber: 1003
[root@server1 scripts]# ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f marketing.ldif

Installation command history

  6  yum install openldap
   23  rpm -ivh openldap-2.3.27-8.i386.rpm
   24  rpm -ivh openldap-clients-2.3.27-8.i386.rpm
   25  rpm -ivh openldap-servers-2.3.27-8.i386.rpm
   26  yum install openldap-servers
   27  cd /etc/openldap/
   30  cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
   31  service ldap start
   32  chkconfig ldap on
   33  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f /tmp/ldapinit.ldif
   37  vi ldapinit.ldif
   38  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f /tmp/ldapinit.ldif
   41  vi ldapusergroup.ldif
   42  ldapadd -x -D cn=Manager,dc=example,dc=com -w redhat -f /tmp/ldapusergroup.ldif
   44  vi ldapusergroup.ldif
   45  ldapadd -x -D cn=Manager,dc=example,dc=com -w redhat -f /tmp/ldapusergroup.ldif
   46  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f /tmp/ldapusergroup.ldif
   47  vi ldapusergroup.ldif
   49  ldapadd -x -D cn=jtanner,dc=gibsonhax,dc=com -w redhat -f /tmp/ldapusergroup.ldif
   50  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f /tmp/ldapusergroup.ldif
   52  vi ldapusergroup.ldif
   53  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f /tmp/ldapusergroup.ldif
   57  cd /etc/openldap/
   72  cd /var/lib/ldap/
   74  man ldapadd
   75  ldapsearch
   76  ldapsearch gibsonhax.com
   77  ldapsearch gibsonhax
  109  ldapsearch -x -b 'dc=gibsonhax,dc=com' 'objectclass=*'
  114  ldapadd -f newentry
  116  ldapadd -f newentry
  117  cat ldapinit.ldif
  119  cat ldapinit.ldif
  120  vi ldapinit.ldif
  122  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f /tmp/ldapinit.ldif
  123  ldapsearch -x -b 'dc=gibsonhax,dc=com' 'objectclass=*'
  126  rm ldapusergroup.ldif
  127  vi ldapusergroup.ldif
  128  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f /tmp/ldapusergroup.ldif
  129  ldapadd -x -D dc=gibsonhax,dc=com -w redhat -f /tmp/ldapusergroup.ldif
  130  ldapsearch -x -s base -b o=ITB,c=ID
  131  ldapsearch -x -s base -b dc=gibsonhax,dc=com
  132  ldapsearch -x -b 'dc=gibsonhax,dc=com' 'objectclass=*'
  134  vi ldapusergroup.ldif
  135  ldapsearch -x -b 'dc=gibsonhax,dc=com' 'objectclass=*'
  136  ldapadd -x -D dc=gibsonhax,dc=com -w redhat -f /tmp/ldapusergroup.ldif
  137  ldapadd -x -D dc=gibsonhax,dc=com -w secret -f /tmp/ldapusergroup.ldif
  138  ldapadd -x -D dc=gibsonhax,dc=com  -f /tmp/ldapusergroup.ldif
  139  ldapadd -x -D dc=gibsonhax,dc=com -w f*ck -f /tmp/ldapusergroup.ldif
  141  ldapadd -x -D dc=gibsonhax,dc=com -w redhat -f /tmp/ldapusergroup.ldif
  142  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f /tmp/ldapusergroup.ldif
  145  less ldapusergroup.ldif
  148  mkdir /save/ldap
  149  cp ldapinit.ldif /save/ldap/
  150  cp ldapusergroup.ldif /save/ldap/
  152  vi ldapusergroup.ldif
  153  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f /tmp/ldapusergroup.ldif
  154  ldapsearch -x -b 'dc=gibsonhax,dc=com' 'objectclass=*'
  156  mkdir /save/ldap/scripts
  157  cp ldapusergroup.ldif /save/ldap/scripts/jess.ldif
  158  cd /save/ldap/scripts/jess.ldif
  159  cd /save/ldap/scripts/
  164  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f jsterling.ldif
  172  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f kendrickg.ldif
  173  ldapsearch -x -b 'dc=gibsonhax,dc=com' 'objectclass=*'
  179  cd openldap/
  184   netstat -tulpn | grep ldap
  326  history | grep ldap
  972  ldapsearch -x -b 'dc=gibsonhax,dc=com' 'objectclass=*'
  981  cd ldap/
  987  ldapadd -f pdiddy.ldif
  988  ldapadd -b 'dc=gibsonhax,dc=com' 'cn=Manager' -w redhat -f pdiddy.ldif
  989  ldapadd -b 'cn=Manager,dc=gibsonhax,dc=com' -w redhat -f pdiddy.ldif
  990  history | fgrep ldap
  991  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f pdiddy.ldif
  994  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f wgates.ldif
  995  ldapsearch -x -b 'dc=gibsonhax,dc=com' 'objectclass=*'  /tmp/ldap.out
  996  less /tmp/ldap.out
  997  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f hr-marketing.ldif
  998  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f hr-marketing.ldif
  999  ldapadd -x -D cn=Manager,dc=gibsonhax,dc=com -w redhat -f marketing.ldif
 1001  history | fgrep ldap

ldapvi editor

Program invokes a vi-like editor with all the data from ldap’s database
Information can be edited and saved in the same way vi operates
After quitting, you will be presented with a list of options… hit y to accept and finish

Installing

 1014  yum install openldap-devel
 1015  yum install ncurses-devel ncurses readline readline-devel
 1016  yum install glib2 glib2-devel openssl openssl-devel
 1021  cd /tmp
 1023  wget http://www.lichteblau.com/download/ldapvi-1.7.tar.gz
 1025  tar -xzvf ldapvi-1.7.tar.gz
 1026  cd ldapvi-1.7
 1030  ./configure --prefix=/opt/ldapvi
 1031  ./make
 1032  make
 1033  make install

Running

/opt/ldapvi/bin/ldapvi -D cn=Manager,dc=gibsonhax,dc=com -w redhat --host localhost

Installation and configuration

Managing Users

Managing Groups

Installation command history

ldapvi editor

References