User Tools

Site Tools

Trace: openldap_centos7
openldap_centos7

Table of Contents

OpenLDAP on CentOS 7

Preparation

  • Do a clean minimal installation
  • Install chronyd and configure timeserver
  • Install initial firewall rules
  • Download my superscript ldap-el7.tar.gz or when using EL6: ldap-el6.tar.gz

Installation

Base

yum install openldap-servers openldap-clients

Install my created superscript, including LDIF files! Answer all the questions and you have an empty LDAP server. 

cd /root
tar -xvzf ldap-el7.tar.gz
cd ldap
./generate_slapd.sh
firewall-cmd --permanent --zone=management --add-service=ldap
firewall-cmd --permanent --zone=management --add-service=ldaps
firewall-cmd --permanent --zone=local --add-service=ldap
firewall-cmd --permanent --zone=local --add-service=ldaps

phpldapadmin

yum install phpldapadmin mod_ssl

Configuration

vi /etc/phpldapadmin/config.php

Change line 397 en 398 in the following: 

// $server->setValue('login','attr','uid');
$server->setValue('login','attr','dn');
vi /etc/httpd/conf.d/phpldapadmin.conf

Change 

Require local

in 

Require all granted
setsebool -P httpd_can_connect_ldap 1
firewall-cmd --permanent --zone=management --add-service=http
firewall-cmd --permanent --zone=management --add-service=https
firewall-cmd --permanent --zone=local --add-service=http
firewall-cmd --permanent --zone=local --add-service=https
systemctl enable httpd
systemctl enable slapd
systemctl start httpd
systemctl start slapd
firewall-cmd --reload

Apache configuration

etc/httpd/conf.d/namevirtualhost
NameVirtualHost 172.16.2.27:80
NameVirtualHost 172.16.2.27:443
NameVirtualHost [2a02:22a0:bbb7:402::27]:80
NameVirtualHost [2a02:22a0:bbb7:402::27]:443
/etc/httpd/conf.d/ldap.mngt.bh.helux.nl.conf
<VirtualHost ldap.mngt.bh.helux.nl:80>
    ServerAdmin webmaster@ldap.mngt.bh.helux.nl
    ServerName ldap.mngt.bh.helux.nl

    RewriteEngine on
    RewriteRule ^/(.*)$ https://ldap.mngt.bh.helux.nl/$1 [R,L]

    ErrorLog /var/log/httpd/ldap-error.log
    CustomLog /var/log/httpd/ldap-access.log common
</VirtualHost>

<VirtualHost ldap.mngt.bh.helux.nl:443>
    ServerAdmin webmaster@ldap.mngt.bh.helux.nl
    ServerName ldap.mngt.bh.helux.nl

    DocumentRoot /usr/share/phpldapadmin/htdocs/
    <Directory /usr/share/phpldapadmin/htdocs>
      Require all granted
    </Directory>

    SSLEngine On
    SSLCertificateFile    /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

    ErrorLog /var/log/httpd/ldap-error.log
    CustomLog /var/log/httpd/ldap-access.log common
</VirtualHost>

Notes

  • Problem: When creating a Samba user with phpldapadmin, you will get a user must change password on the first login.
  • Solution: add attribute “sambaPwdLastSet” and set the value to 1.
openldap_centos7.txt · Last modified: by herwarth

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki