Set Up OpenLDAP On Fedora 7

This document describes how to set up OpenLDAP on Fedora 7. OpenLDAP is a directory server based on the LDAP protocol, that same protocol MS Active Directory is based on. OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol.

Here we go: first we install the OpenLDAP server like this:

yum -y install openldap openldap-clients openldap-devel openldap-servers

Next we modify some files in the /etc/openldap/ directory, using our favourite text editor (I'm using nano). First we edit the file ldap.conf, just like this:

nano /etc/openldap/ldap.conf
ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
HOST ngoprek.ibunk.or.id  --> add this line
BASE dc=ngoprek,dc=ibunk,dc=or.id --> add this line
#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

Next we need to do some bdb database definitions. Edit the slapd.conf file. At the bottom you will find bdb database definitions.

nano /etc/openldap/slapd.conf

Just add this stanza:

database bdb
suffix "dc=ngoprek,dc=ibunk,dc=or.id"
rootdn "uid=root,dc=ngoprek,dc=ibunk,dc=or.id"
rootpw

Next we create an OpenLDAP password:

slappasswd
{SSHA}0BO9AGrX8v24caBeVbzD3qUcCKLDQkgu

Then we add that encrypted password to/etc/openldap/slapd.conf, like this:

nano /etc/openldap/slapd.conf
database bdb
suffix "dc=ngoprek,dc=ibunk,dc=or.id"
rootdn "uid=root,dc=ngoprek,dc=ibunk,dc=or.id"
rootpw {SSHA}0BO9AGrX8v24caBeVbzD3qUcCKLDQkgu

Now we have to create a file in the /root folder called ibunk.ldif and put the following lines into it, like this:

nano /root/ibunk.ldif
dn: dc=ngoprek,dc=ibunk,dc=or.id
objectclass: dcobject
objectClass: organization
o: Ngoprek Yuk
dc: ngoprek

Finally we just run this command to add your root account in LDAP:

/usr/bin/ldapadd -x -D 'uid=root,dc=ngoprek,dc=ibunk,dc=or.id' -W -f /root/ibunk.ldif
Enter password : 
adding new entry dc=ngoprek,dc=ibunk,dc=or.id

If there is an error like this:

ldap_bind: Can't contact LDAP server (-1)

don't panic and keep smiling, just edit your /etc/hosts.allow and add:

nano /etc/hosts.allow
localhost
127.0.0.1

And please restart your network service. Before the OpenLDAP service starts, we must copy DB_CONFIG.Example from /etc/openldap/ to /var/lib/ldap. Just run this command:

mv /etc/openldap/DB_CONFIG.Example /var/lib/ldap/DB_CONFIG

We need to start the OpenLDAP service now:

/etc/init.d/ldap start
Share this page:

9 Comment(s)