=== Server: Configure OpenLDAP and add users ===
Let's get started by logging into our server and installing OpenLDAP:
sudo apt-get -y install slapd ldap-utils
When prompted, enter a password for your LDAP ''admin'' user and press enter. For the purposes of this tutorial we will use ''1234567'' for the password. Confirm the password and press enter again.
Now we need to finalize the OpenLDAP configuration by running ''dpkg-reconfigure'' to specify settings:
sudo dpkg-reconfigure slapd
Configure slapd, the LDAP service; enter the following settings when prompted:
Omit OpenLDAP server configuration: No
DNS domain name: itsm.unt.edu
Org name: UNT
Admin password: 1234567
Confirm passwd: 1234567
Database backend: MDB
Remove database when purged: No
Move old database: Yes
Allow LDAPv2: No
Using your favorite editor, modify ''/etc/ldap/ldap.conf'' to contain the following, non-comment lines:
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
BASE dc=itsm,dc=unt,dc=edu
URI ldap://localhost:389
Restart the ldap service to reload the new configuration:
sudo service slapd restart
Confirm the slapd service is running; you should see a line, ''active (running)'', in the output of your ''service'' command:
service slapd status
● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
Loaded: loaded (/etc/init.d/slapd; bad; vendor preset: enabled)
Active: active (running) since Wed 2016-12-14 00:23:38 CST; 52min ago
Docs: man:systemd-sysv-generator(8)
Tasks: 3
Memory: 9.6M
CPU: 52ms
CGroup: /system.slice/slapd.service
└─2632 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
Confirm your ldap server is answering requests by giving it a simple request:
ldapsearch -x
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# itsm.unt.edu
dn: dc=itsm,dc=unt,dc=edu
objectClass: top
objectClass: dcObject
objectClass: organization
o: unt.edu
dc: itsm
# admin, itsm.unt.edu
dn: cn=admin,dc=itsm,dc=unt,dc=edu
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
like this
Now that we have our LDAP server running, lets populate it with some users. Create a file named ''users.ldif'' which includes the following user data:
dn: uid=tom,dc=itsm,dc=unt,dc=edu
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: tom
uid: tom
uidNumber: 5010
gidNumber: 9010
homeDirectory: /nfs/cls-kvm1/tom
loginShell: /bin/bash
gecos: tom
userPassword: {SHA}JzP8b+cWb3X2Q6v6Ulz2ADkL+VE=
shadowLastChange: 17531
shadowMax: 0
shadowWarning: 0
dn: uid=olive,dc=itsm,dc=unt,dc=edu
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: olive
uid: olive
uidNumber: 5011
gidNumber: 9011
homeDirectory: /nfs/cls-kvm1/olive
loginShell: /bin/bash
gecos: olive
userPassword: {SHA}JzP8b+cWb3X2Q6v6Ulz2ADkL+VE=
shadowLastChange: 17531
shadowMax: 0
shadowWarning: 0
dn: uid=kevin,dc=itsm,dc=unt,dc=edu
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: kevin
uid: kevin
uidNumber: 5012
gidNumber: 9012
homeDirectory: /nfs/cls-kvm1/kevin
loginShell: /bin/bash
gecos: kevin
userPassword: {SHA}JzP8b+cWb3X2Q6v6Ulz2ADkL+VE=
shadowLastChange: 17531
shadowMax: 0
shadowWarning: 0
Create a second file named ''groups.ldif'' containing this LDAP group information:
dn: cn=kevin,dc=itsm,dc=unt,dc=edu
objectclass: top
objectclass: posixGroup
cn: kevin
gidnumber: 9012
memberuid: kevin
dn: cn=olive,dc=itsm,dc=unt,dc=edu
objectclass: top
objectclass: posixGroup
cn: olive
gidnumber: 9011
memberuid: olive
dn: cn=tom,dc=itsm,dc=unt,dc=edu
objectclass: top
objectclass: posixGroup
cn: tom
gidnumber: 9010
memberuid: tom
Now that we have our user and group data files, we can import them into our LDAP database using the ''ldapadd'' command, entering our password when prompted:
ldapadd -a -D 'cn=admin,dc=itsm,dc=unt,dc=edu' -W -f ~/users.ldif
Enter LDAP Password:
adding new entry "uid=tom,dc=itsm,dc=unt,dc=edu"
adding new entry "uid=olive,dc=itsm,dc=unt,dc=edu"
adding new entry "uid=kevin,dc=itsm,dc=unt,dc=edu"
Do the same for the ''groups.ldif'' file:
ldapadd -a -D 'cn=admin,dc=itsm,dc=unt,dc=edu' -W -f ~/groups.ldif
Enter LDAP Password:
adding new entry "cn=kevin,dc=itsm,dc=unt,dc=edu"
adding new entry "cn=olive,dc=itsm,dc=unt,dc=edu"
adding new entry "cn=tom,dc=itsm,dc=unt,dc=edu"
We can confirm the users were added by performing another ''ldapsearch'' command as follows:
ldapsearch -x objectClass=account dn cn uidnumber gidnumber
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: objectClass=account
# requesting: dn cn uidnumber gidnumber
#
# tom, itsm.unt.edu
dn: uid=tom,dc=itsm,dc=unt,dc=edu
cn: tom
uidNumber: 5010
gidNumber: 9010
# olive, itsm.unt.edu
dn: uid=olive,dc=itsm,dc=unt,dc=edu
cn: olive
uidNumber: 5011
gidNumber: 9011
# kevin, itsm.unt.edu
dn: uid=kevin,dc=itsm,dc=unt,dc=edu
cn: kevin
uidNumber: 5012
gidNumber: 9012
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
And likewise with the groups to confirm they were added as well:
ldapsearch -x objectClass=posixGroup
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: objectClass=posixGroup
# requesting: ALL
#
# kevin, itsm.unt.edu
dn: cn=kevin,dc=itsm,dc=unt,dc=edu
objectClass: top
objectClass: posixGroup
cn: kevin
gidNumber: 9012
memberUid: kevin
# olive, itsm.unt.edu
dn: cn=olive,dc=itsm,dc=unt,dc=edu
objectClass: top
objectClass: posixGroup
cn: olive
gidNumber: 9011
memberUid: olive
# tom, itsm.unt.edu
dn: cn=tom,dc=itsm,dc=unt,dc=edu
objectClass: top
objectClass: posixGroup
cn: tom
gidNumber: 9010
memberUid: tom
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
Now that we've confirmed all of our LDAP attributes are populated, that completes this lesson. Join me in the next section as we configure NFS to export home directories.