Configuration of LDAP Directory (OpenLDAP)

This section describes how to do a basic setup of OpenLDAP for CentOS. Also see public sources like [Set up OpenLDAP on CentOS].

First, a password hash needs to be generated for the directory server's root account using the OpenLDAP password utility ("slappasswd"). This value is required to edit the main configuration file:

vi /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif

Perform the following steps.

  1. Add or modify the following entries to look like this:

    olcRootDN: cn=Manager,dc=imagemaster,dc=de

    olcRootPW: {SSHA}A/G+9x34BXnh1lWgDkjli7e94txcV22j

    olcSuffix: dc=imagemaster,dc=de

    Be sure to set the value for olcRootPW to the value slappasswd printed out. For this walkthrough use dc=imagemaster, dc=de as the root to everything.

  2. Create the root node:

    [root@vm ~]# cat imagemaster.ldif

    dn: dc=imagemaster,dc=de

    objectClass: dcObject

    objectClass: organization

    dc: imagemaster

    o: imagemaster

    [root@vm ~]# ldapadd -f imagemaster.ldif -D cn=Manager,dc=imagemaster,dc=de -w geheim

  3. Check if it works:

    [root@vm ~]# ldapsearch -x -LLL -b dc=imagemaster,dc=de

    dn: dc=imagemaster,dc=de

    objectClass: dcObject

    objectClass: organization

    dc: imagemaster

    o: imagemaster

  4. As the system is being prepared for testing purposes only, deactivate the firewall (permanently):

    [root@vm ~]# yum install system-config-firewall-tui

    [root@vm ~]# system-config-firewall-tui

    The configuration program will (on the first screen) ask if the firewall shall be enabled. Just say no and the configuration terminates.

  5. Create Organizational Unit (OU) node for users:

    [root@vm ~]# cat users.ldif

    dn: ou=Users,dc=imagemaster,dc=de

    objectClass: organizationalUnit

    ou: Users

     

    [root@vm ~]# ldapadd -f users.ldif -D cn=Manager,dc=imagemaster,dc=de -w geheim

    adding new entry "ou=Users,dc=imagemaster,dc=de"

  6. Check that it works:

    [root@vm ~]# ldapsearch -x -LLL -b dc=imagemaster,dc=de objectClass=organizationalUnit

    dn: ou=Users,dc=imagemaster,dc=de

    objectClass: organizationalUnit

    ou: Users

  7. Create a user:

    [root@vm ~]# slappasswd -s foobar

    {SSHA}tjAF77hIE1Ovzo6lEa4U/PdbI6QGbtf/

     

    [root@vm ~]# cat eric.ldif

    dn: cn=Hagbard_Celine,ou=Users,dc=imagemaster,dc=de

    cn: Hagbard Celine

    sn: Celine

    objectClass: inetOrgPerson

    objectClass: imageMasterUser

    userPassword: {SSHA}tjAF77hIE1Ovzo6lEa4U/PdbI6QGbtf/

    uid: hagbard

    imageMasterRole: tenant1 powerUser

    This user has access to ImageMaster (tenant with name "tenant1") and will get the role "powerUser" on login.

    [root@vm ~]# ldapadd -f eric.ldif -D cn=Manager,dc=imagemaster,dc=de -w geheim

    adding new entry "cn=Hagbard_Celine,ou=Users,dc=imagemaster,dc=de"

Now the configuration is ready.

Example properties for MS Active Directory

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">

<properties>

<comment>set up LDAP authentication in unit tests</comment>

<entry key="providerUrl">ldap://localhost:10389</entry>

<entry key="useSSL">false</entry>

 

<entry key="requireManagerBind">true</entry>

<entry key="managerDN">cn=Administrator,cn=Users,dc=ek,dc=im</entry>

<entry key="managerPassword">P@ssw0rd</entry>

<entry key="managerAuthMethods">simple</entry>

 

<entry key="userFilter"><![CDATA[(&(imageMasterRole=*)(cn={user}))]]></entry>

<entry key="userDNTemplate">cn={user},cn=Users,dc=ek,dc=im</entry>

<entry key="userAuthMethods">simple</entry>

<entry key="userBaseTemplate">cn=Users,dc=ek,dc=im</entry>

<entry key="userSearchScope">subtree</entry>

</properties>