=== Server: Configure OpenLDAP and add users === Let's get started by logging into our server and installing OpenLDAP: sudo apt-get -y install slapd ldap-utils When prompted, enter a password for your LDAP ''admin'' user and press enter. For the purposes of this tutorial we will use ''1234567'' for the password. Confirm the password and press enter again. Now we need to finalize the OpenLDAP configuration by running ''dpkg-reconfigure'' to specify settings: sudo dpkg-reconfigure slapd Configure slapd, the LDAP service; enter the following settings when prompted: Omit OpenLDAP server configuration: No DNS domain name: itsm.unt.edu Org name: UNT Admin password: 1234567 Confirm passwd: 1234567 Database backend: MDB Remove database when purged: No Move old database: Yes Allow LDAPv2: No Using your favorite editor, modify ''/etc/ldap/ldap.conf'' to contain the following, non-comment lines: TLS_CACERT /etc/ssl/certs/ca-certificates.crt BASE dc=itsm,dc=unt,dc=edu URI ldap://localhost:389 Restart the ldap service to reload the new configuration: sudo service slapd restart Confirm the slapd service is running; you should see a line, ''active (running)'', in the output of your ''service'' command: service slapd status ● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol) Loaded: loaded (/etc/init.d/slapd; bad; vendor preset: enabled) Active: active (running) since Wed 2016-12-14 00:23:38 CST; 52min ago Docs: man:systemd-sysv-generator(8) Tasks: 3 Memory: 9.6M CPU: 52ms CGroup: /system.slice/slapd.service └─2632 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d Confirm your ldap server is answering requests by giving it a simple request: ldapsearch -x # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # itsm.unt.edu dn: dc=itsm,dc=unt,dc=edu objectClass: top objectClass: dcObject objectClass: organization o: unt.edu dc: itsm # admin, itsm.unt.edu dn: cn=admin,dc=itsm,dc=unt,dc=edu objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 like this Now that we have our LDAP server running, lets populate it with some users. Create a file named ''users.ldif'' which includes the following user data: dn: uid=tom,dc=itsm,dc=unt,dc=edu objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount cn: tom uid: tom uidNumber: 5010 gidNumber: 9010 homeDirectory: /nfs/cls-kvm1/tom loginShell: /bin/bash gecos: tom userPassword: {SHA}JzP8b+cWb3X2Q6v6Ulz2ADkL+VE= shadowLastChange: 17531 shadowMax: 0 shadowWarning: 0 dn: uid=olive,dc=itsm,dc=unt,dc=edu objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount cn: olive uid: olive uidNumber: 5011 gidNumber: 9011 homeDirectory: /nfs/cls-kvm1/olive loginShell: /bin/bash gecos: olive userPassword: {SHA}JzP8b+cWb3X2Q6v6Ulz2ADkL+VE= shadowLastChange: 17531 shadowMax: 0 shadowWarning: 0 dn: uid=kevin,dc=itsm,dc=unt,dc=edu objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount cn: kevin uid: kevin uidNumber: 5012 gidNumber: 9012 homeDirectory: /nfs/cls-kvm1/kevin loginShell: /bin/bash gecos: kevin userPassword: {SHA}JzP8b+cWb3X2Q6v6Ulz2ADkL+VE= shadowLastChange: 17531 shadowMax: 0 shadowWarning: 0 Create a second file named ''groups.ldif'' containing this LDAP group information: dn: cn=kevin,dc=itsm,dc=unt,dc=edu objectclass: top objectclass: posixGroup cn: kevin gidnumber: 9012 memberuid: kevin dn: cn=olive,dc=itsm,dc=unt,dc=edu objectclass: top objectclass: posixGroup cn: olive gidnumber: 9011 memberuid: olive dn: cn=tom,dc=itsm,dc=unt,dc=edu objectclass: top objectclass: posixGroup cn: tom gidnumber: 9010 memberuid: tom Now that we have our user and group data files, we can import them into our LDAP database using the ''ldapadd'' command, entering our password when prompted: ldapadd -a -D 'cn=admin,dc=itsm,dc=unt,dc=edu' -W -f ~/users.ldif Enter LDAP Password: adding new entry "uid=tom,dc=itsm,dc=unt,dc=edu" adding new entry "uid=olive,dc=itsm,dc=unt,dc=edu" adding new entry "uid=kevin,dc=itsm,dc=unt,dc=edu" Do the same for the ''groups.ldif'' file: ldapadd -a -D 'cn=admin,dc=itsm,dc=unt,dc=edu' -W -f ~/groups.ldif Enter LDAP Password: adding new entry "cn=kevin,dc=itsm,dc=unt,dc=edu" adding new entry "cn=olive,dc=itsm,dc=unt,dc=edu" adding new entry "cn=tom,dc=itsm,dc=unt,dc=edu" We can confirm the users were added by performing another ''ldapsearch'' command as follows: ldapsearch -x objectClass=account dn cn uidnumber gidnumber # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: objectClass=account # requesting: dn cn uidnumber gidnumber # # tom, itsm.unt.edu dn: uid=tom,dc=itsm,dc=unt,dc=edu cn: tom uidNumber: 5010 gidNumber: 9010 # olive, itsm.unt.edu dn: uid=olive,dc=itsm,dc=unt,dc=edu cn: olive uidNumber: 5011 gidNumber: 9011 # kevin, itsm.unt.edu dn: uid=kevin,dc=itsm,dc=unt,dc=edu cn: kevin uidNumber: 5012 gidNumber: 9012 # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 And likewise with the groups to confirm they were added as well: ldapsearch -x objectClass=posixGroup # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: objectClass=posixGroup # requesting: ALL # # kevin, itsm.unt.edu dn: cn=kevin,dc=itsm,dc=unt,dc=edu objectClass: top objectClass: posixGroup cn: kevin gidNumber: 9012 memberUid: kevin # olive, itsm.unt.edu dn: cn=olive,dc=itsm,dc=unt,dc=edu objectClass: top objectClass: posixGroup cn: olive gidNumber: 9011 memberUid: olive # tom, itsm.unt.edu dn: cn=tom,dc=itsm,dc=unt,dc=edu objectClass: top objectClass: posixGroup cn: tom gidNumber: 9010 memberUid: tom # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 Now that we've confirmed all of our LDAP attributes are populated, that completes this lesson. Join me in the next section as we configure NFS to export home directories.