https://www.youtube.com/watch?v=y0imb9SzNvA

It’s OpenLDAP tool

Step1. Install packages

yum  install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel migrationtools

Step2. Enable and start service

systemctl enable slapd
systemctl start  slapd

Step3. Check port

netstat -antup | grep -i 389

Step4. Generating LDAP admin password and change permission

slappasswd -h {SSHA} -s redhat
{SSHA}67DOgBxXJt09sSq3NGSG5rEIp4wnyiS6

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
cd /var/lib/ldap/
chown -R ldap:ldap DB_CONFIG 

Step5. Add the generated password to below file and change parameter

olcSuffix 
olcRootDN
olcRootPW

Default file:---------- cat /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 2ed88af0
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=my-domain,dc=com
olcRootDN: cn=Manager,dc=my-domain,dc=com
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
structuralObjectClass: olcHdbConfig
entryUUID: c92c2f9c-e1fb-1038-99b7-b743cff58a82
creatorsName: cn=config
createTimestamp: 20190323211009Z
entryCSN: 20190323211009.895380Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20190323211009Z

Updated file---- cat /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 2ed88af0
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=techservicedoc,dc=com
olcRootDN: cn=Manager,dc=techservicedoc,dc=com
olcRootPW: {SSHA}67DOgBxXJt09sSq3NGSG5rEIp4wnyiS6
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
structuralObjectClass: olcHdbConfig
entryUUID: c92c2f9c-e1fb-1038-99b7-b743cff58a82
creatorsName: cn=config
createTimestamp: 20190323211009Z
entryCSN: 20190323211009.895380Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20190323211009Z

Step6. Edit the file monitor.ldif dc=my-domain,dc=com to your domain as shown in below.

Default file--  cat /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 f591adab
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none
structuralObjectClass: olcDatabaseConfig
entryUUID: c92c2b82-e1fb-1038-99b6-b743cff58a82
creatorsName: cn=config
createTimestamp: 20190323211009Z
entryCSN: 20190323211009.895275Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20190323211009Z

Updated File -- cat /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif

# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 f591adab
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
 al,cn=auth" read by dn.base="cn=Manager,dc=techservicedoc,dc=com" read by * none
structuralObjectClass: olcDatabaseConfig
entryUUID: c92c2b82-e1fb-1038-99b6-b743cff58a82
creatorsName: cn=config
createTimestamp: 20190323211009Z
entryCSN: 20190323211009.895275Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20190323211009Z

Step7. Test your LDAP configuration using below command.

[root@localhost ~]# slaptest -u
5c96a29b ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"
5c96a29b ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif"
config file testing succeeded

Step8. Restart slapd service.

systemctl restart slapd

Step9. Change domain in migration common file

Default file- cat  /usr/share/migrationtools/migrate_common.ph  | grep padl.com

$DEFAULT_MAIL_DOMAIN = "padl.com";
#define(confLDAP_DEFAULT_SPEC',-h "ldap.padl.com"')dnl
# $DEFAULT_MAIL_HOST = "mail.padl.com";

Updated file--  cat  /usr/share/migrationtools/migrate_common.ph  | grep -A1 techservicedoc

# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "techservicedoc.com.com";

# Default base
$DEFAULT_BASE = "dc=techservicedoc,dc=com";
$EXTENDED_SCHEMA = 1;

Step10. Creating openLDAP database file.

cat /opt/ldif/base.ldif
dn: dc=techservicedoc,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: techservicedoc.com
dc: techservicedoc

dn: cn=Manager,dc=techservicedoc,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=techservicedoc,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=techservicedoc,dc=com
objectClass: organizationalUnit
ou: Group

Step11. Add users and password

useradd ldapuser1
useradd ldapuser2
useradd ldapuser3
passwd ldapuser1
passwd ldapuser2
passwd ldapuser3

Step12. Add schema

ldapadd -Y EXTERNAL -H ldapi:///  -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:///  -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:///  -f /etc/openldap/schema/inetorgperson.ldif 

Step13. Gather all the users and groups information to separate files

cat /etc/passwd| grep ldapu  > /opt/ldif/passwd
cat /etc/group| grep ldapu  > /opt/ldif/group

Step14. After that migrate your local users as openLDAP users

cd /usr/share/migrationtools
./migrate_passwd.pl  /opt/ldif/passwd /opt/ldif/user.ldif
./migrate_group.pl  /opt/ldif/group  /opt/ldif/group.ldif

Step15. Add in LDAP database.

ldapadd -x -wredhat -D "cn=Manager,dc=techservicedoc,dc=com" -f  /opt/ldif/base.ldif 
ldapadd -x -wredhat -D "cn=Manager,dc=techservicedoc,dc=com" -f /opt/ldif/user.ldif 
ldapadd -x -wredhat -D "cn=Manager,dc=techservicedoc,dc=com" -f /opt/ldif/group.ldif 

Step16. Now Run Ldap Search

ldapsearch -x -D 'cn=manager,dc=techservicedoc,dc=com' -b dc=techservicedoc,dc=com -wredhat

For Live Installation you may refer below youtube link:-

https://www.youtube.com/watch?v=y0imb9SzNvA

LEAVE A REPLY

Please enter your comment!
Please enter your name here