Last active
December 17, 2024 18:57
-
-
Save abarrak/0529abb7624182a834f94ae7cfb97c35 to your computer and use it in GitHub Desktop.
The setup files for LDAP server / client.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # The basic, client, and server packages | |
| yum install -y openldap openldap-clients openldap-servers | |
| # ldap name service for local queries .. | |
| yum install -y nss-pam-ldapd | |
| # apache support .. | |
| yum install -y mod-ldap | |
| # comaptibilty libraries. | |
| yum install -y compat-openldap | |
| # support for to use rdbms for ldap. | |
| yum install -y openldap-sql-servers | |
| systemctl start slapd.service | |
| systemctl stop slapd.service | |
| ## | |
| # OpenLDAP Server Commands | |
| # | |
| # * slapacl - checks access to attributes | |
| # * slapadd - adds entries from LDIF file | |
| # * slapauth - checks IDs for authentication permissions | |
| # * slapcat - pulls entries and saves in LDIF format | |
| # * slapdn - checks DNs against schema | |
| # * slapindex - reindexes the directory | |
| # * slappasswd - creates encrypted user password | |
| # * slapschema - check compliance of DB with schema | |
| # * slaptest - check server configuration | |
| ## OpenLDAP Client Commands | |
| # | |
| # • Idapadd - adds entries to a directory | |
| # • Idapcompare - compares attributes with entry | |
| # • Idapdelete - deletes entry from directory | |
| # • Idapmodify - modifies entries in directory | |
| # • Idapmodrdn - modifies RDN value in directory | |
| # • Idappasswd - sets the password of LDAP user | |
| # • Idapsearch - searches LDAP directory entries | |
| # | |
| ## | |
| # LDIF Formatted File | |
| # -------- | |
| # dn: olcDatabase={2}hdb,cn=config | |
| # changetype: modify | |
| # replace: olcSuffix | |
| # olcSuffix: dc=rhhost, dc=local | |
| # | |
| # dn: olcDatabase={2}hdb, cn=config | |
| # changetype: modify | |
| # replace: olcRootDN | |
| # olcRootDN: cn=ldapadm, dc=rhhost, dc=local | |
| ## | |
| # prepare selinux flags to start ldap server | |
| # | |
| setsepool -P allow_ypbind=1 | |
| setsepool -P authlogin_nsswitch_use_ldap=1 | |
| systemctl enable sldap.service | |
| systemctl start sldap.service | |
| systemctl enable oddjobd | |
| systemctl start oddjobd | |
| ss -lntu | grep 389 | |
| ## | |
| # setup the server | |
| # | |
| # create the database, some schemas, organization and group, and directoy. | |
| # along with sample user. | |
| # | |
| firewall-cmd --permanent --zone=public --add-service=ntp | |
| firewall-cmd --permanent --zone=public --add-service=ldap | |
| firewall-cmd --reload | |
| tail /var/log/ldap.log | |
| ## | |
| # Setup clients: | |
| # | |
| yum install -y nss-pam-ldapd | |
| yum install -y authconfig-gtk | |
| # | |
| # Configure the system to use ldap authentication: | |
| # | |
| authconfig --enableldap --enableldapauth --ldapserver=ldaphost.example.com \ | |
| --ldapbasedn="dc=local,dc=com" --enablemkhomdir --update | |
| systemctl restart nslcd | |
| getent passwd admin_user | |
| getent passwd sample_user | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment