======OpenLDAP on CentOS 7======
=====Preparation=====
  * Do a clean minimal installation
  * Install chronyd and configure timeserver
  * Install initial firewall rules
  * Download my superscript {{:ldap-el7.tar.gz|}} or when using EL6: {{:ldap-el6.tar.gz|}}

=====Installation=====
====Base====
  yum install openldap-servers openldap-clients

Install my created superscript, including LDIF files! Answer all the questions and you have an empty LDAP server.
  cd /root
  tar -xvzf ldap-el7.tar.gz
  cd ldap
  ./generate_slapd.sh

  firewall-cmd --permanent --zone=management --add-service=ldap
  firewall-cmd --permanent --zone=management --add-service=ldaps
  firewall-cmd --permanent --zone=local --add-service=ldap
  firewall-cmd --permanent --zone=local --add-service=ldaps

====phpldapadmin====
  yum install phpldapadmin mod_ssl

=====Configuration=====
  vi /etc/phpldapadmin/config.php
Change line 397 en 398 in the following:
  // $server->setValue('login','attr','uid');
  $server->setValue('login','attr','dn');

  vi /etc/httpd/conf.d/phpldapadmin.conf
Change
  Require local
in
  Require all granted

  setsebool -P httpd_can_connect_ldap 1

  firewall-cmd --permanent --zone=management --add-service=http
  firewall-cmd --permanent --zone=management --add-service=https
  firewall-cmd --permanent --zone=local --add-service=http
  firewall-cmd --permanent --zone=local --add-service=https
<code>
systemctl enable httpd
systemctl enable slapd
systemctl start httpd
systemctl start slapd
firewall-cmd --reload
</code>
=====Apache configuration=====
<code - etc/httpd/conf.d/namevirtualhost>
NameVirtualHost 172.16.2.27:80
NameVirtualHost 172.16.2.27:443
NameVirtualHost [2a02:22a0:bbb7:402::27]:80
NameVirtualHost [2a02:22a0:bbb7:402::27]:443
</code>
<code - /etc/httpd/conf.d/ldap.mngt.bh.helux.nl.conf>
<VirtualHost ldap.mngt.bh.helux.nl:80>
    ServerAdmin webmaster@ldap.mngt.bh.helux.nl
    ServerName ldap.mngt.bh.helux.nl

    RewriteEngine on
    RewriteRule ^/(.*)$ https://ldap.mngt.bh.helux.nl/$1 [R,L]

    ErrorLog /var/log/httpd/ldap-error.log
    CustomLog /var/log/httpd/ldap-access.log common
</VirtualHost>

<VirtualHost ldap.mngt.bh.helux.nl:443>
    ServerAdmin webmaster@ldap.mngt.bh.helux.nl
    ServerName ldap.mngt.bh.helux.nl

    DocumentRoot /usr/share/phpldapadmin/htdocs/
    <Directory /usr/share/phpldapadmin/htdocs>
      Require all granted
    </Directory>

    SSLEngine On
    SSLCertificateFile    /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

    ErrorLog /var/log/httpd/ldap-error.log
    CustomLog /var/log/httpd/ldap-access.log common
</VirtualHost>
</code>
=====Notes=====
  * Problem: When creating a Samba user with phpldapadmin, you will get a user must change password on the first login.
  * Solution: add attribute "sambaPwdLastSet" and set the value to 1.

{{tag>centos}}