Skip to content

Instantly share code, notes, and snippets.

@imduffy15

imduffy15/LdapInstallnotes.md

Last active December 17, 2015 21:19
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save imduffy15/5673736 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save imduffy15/5673736 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
LdapInstallnotes.md

Ldap Install notes

Install packages:

yum -y install openldap openldap-clients openldap-servers

generate password hash for admin

slappasswd insert hash into /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif with attribute olcRootPW

Set domain...

sed -i -e 's/dc=my-domain,dc=com/dc=clouddev,dc=lan/g' /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif

sed -i -e 's/dc=my-domain,dc=com/dc=clouddev,dc=lan/g' /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif

Auto start...

chkconfig slapd on service slapd start

Populate tree....

echo "dn: dc=clouddev,dc=lan objectClass: dcObject objectClass: organization dc: clouddev o : clouddev

dn: ou=Users,dc=clouddev,dc=lan objectClass: organizationalUnit ou: Users

dn: cn=Ian Duffy,ou=Users,dc=clouddev,dc=lan cn: Ian Duffy sn: Duffy objectClass: inetOrgPerson userPassword: p@ssw0rd uid: iduffy

dn: cn=Cloudstack,ou=Users,dc=clouddev,dc=lan cn: Cloudstack objectClass: groupOfNames member: cn=Ian Duffy,ou=Users,dc=clouddev,dc=lan " > /tmp/clouddev.ldif

ldapadd -f /tmp/clouddev.ldif -D cn=Manager,dc=clouddev,dc=lan -w password

Modify iptables....

nano /etc/sysconfig/iptables insert: -A INPUT -p tcp --dport 389 -j ACCEPT

flush them: iptables --flush

Test query with ldap search

ldapsearch -h localhost -b dc=clouddev,dc=lan -xxx

Install phpldapadmin

Add epel repo

wget http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6 rpm --import RPM-GPG-KEY-EPEL-6 wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh epel-release-6-8.noarch.rpm

install phpldapadmin

yum --enablerepo=epel install phpldapadmin

nano /etc/httpd/conf.d/phpldapadmin.conf allow access from 10.10.1.0/24

/etc/init.d/httpd restart

sed -i -e "s/$servers->setValue('login','attr','uid');///$servers->setValue('login','attr','uid');/g" -e "s///$servers->setValue('login','attr','dn');/$servers->setValue('login','attr','dn');/g" /etc/phpldapadmin/config.php

browse to http://ldap.clouddev.lan/ldapadmin/ login with cn=Manager,dc=clouddev,dc=lan

Configure cloudstack

Login as admin

Create a new user account with clouddev.lan set as the domain and the username matching the uid on ldap. The password can be anything

Go into global settings and integration.api.port

Go to the following url: http://management.clouddev.lan:8096/client/api?command=ldapConfig&hostname=ldap.clouddev.lan&searchbase=OU%3DUsers,DC%3Dclouddev,DC%3Dlan&queryfilter=%28%26%28uid%3D%25u%29%29&binddn=CN%3DManager,DC%3Dclouddev,DC%3Dlan&bindpass=PASSWORD&port=389&response=json

Disable hashing of password on login by setting md5HashedLogin to false in /usr/share/cloud/management/webapps/client/scripts/sharedFunctions.js

Proceed to login with the user account you created earlier using their ldap password.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment