Install OpenLDAP slapd.conf
Environment
- CentOS 7.6 x64
slapd2.4.44 (Jan 29 2019 17:42:45)
Excerpt http://www.zytrax.com/books/ldap/ch7/
Log 2019 / 11
1. Provider (Source)
1.1. Installation
root@athos:~# yum -y update
root@athos:~# yum -y install openldap-servers openldap-clients
root@athos:~# slapd -VVV
@(#) $OpenLDAP: slapd 2.4.44 (Jan 29 2019 17:42:45) $
mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/
openldap-2.4.44/servers/slapd
Included static backends:
config
ldif
monitor
bdb
hdb
mdb
1.2. slapd.conf
root@athos:~# rm -rf /etc/openldap/slapd.conf /etc/openldap/slapd.d/ /var/lib/ldap/*
root@athos:~# cat <<EOF > /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
modulepath /usr/lib64/openldap/
moduleload syncprov.la
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel any
database bdb
suffix "dc=athos,dc=local"
rootdn "cn=admin,dc=athos,dc=local"
rootpw p@ssw0rd
directory /var/lib/ldap
index objectClass eq
index uid eq
index entryUUID eq
checkpoint 512 15
overlay syncprov
syncprov-checkpoint 100 10
EOF
root@athos:~# systemctl enable --now slapd
Created symlink from /etc/systemd/system/multi-user.target.wants/slapd.service
to /usr/lib/systemd/system/slapd.service.
1.3. DIT
root@athos:~# ldapadd -H ldap:// -D "cn=admin,dc=athos,dc=local" -w p@ssw0rd <<EOF
dn: dc=athos,dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: athos
dc: athos
description: athos.local
dn: ou=GIT,dc=athos,dc=local
objectClass: top
objectClass: organizationalUnit
ou: GIT
description: Group IT
dn: cn=Group IT,ou=GIT,dc=athos,dc=local
objectClass: posixGroup
objectClass: top
gidNumber: 40010
cn: Group IT
dn: uid=zuhdi,ou=GIT,dc=athos,dc=local
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: shadowAccount
givenName: zuhdi
sn: najib
displayName: Zuhdi Najib
homeDirectory: /home/zuhdi
loginShell: /bin/bash
cn: Zuhdi Najib
uidNumber: 5000
gidNumber: 40010
uid: zuhdi
gecos: Zuhdi Najib
shadowFlag: 0
shadowMin: 0
shadowMax: 99999
shadowWarning: 0
shadowInactive: 99999
shadowLastChange: 12011
shadowExpire: 99999
EOF
1.4. rsyslog
root@athos:~# journalctl -e -u slapd
root@athos:~# ldapsearch -H ldap:// -x -LLL -b "" -s base namingContexts
root@athos:~# ldapsearch -H ldap:// -x -LLL -b "dc=athos,dc=local"
root@athos:~# rpm -qa | grep rsyslog
rsyslog-8.24.0-41.el7_7.2.x86_64
root@athos:~# echo "local4.* /var/log/openldap/openldap.log" >> /etc/rsyslog.conf
root@athos:~# mkdir /var/log/openldap/
root@athos:~# systemctl restart rsyslog
root@athos:~# systemctl restart slapd
2. Consumer (Destination)
2.1. Installation
root@chimera:~# yum -y update
root@chimera:~# yum -y install openldap-servers openldap-clients
2.2. slapd.conf
root@chimera:~# rm -rf /etc/openldap/slapd.conf /etc/openldap/slapd.d/ /var/lib/ldap/*
root@chimera:~# cat <<EOF > /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
modulepath /usr/lib64/openldap/
moduleload syncprov.la
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
loglevel any
database bdb
suffix "dc=athos,dc=local"
rootdn "cn=admin,dc=athos,dc=local"
rootpw p@ssw0rd
directory /var/lib/ldap
index objectClass eq
index uid eq
index entryUUID eq
checkpoint 512 15
syncrepl rid=001
provider="ldap://athos.host"
bindmethod=simple
binddn="cn=admin,dc=athos,dc=local"
credentials=p@ssw0rd
searchbase="dc=athos,dc=local"
type=refreshAndPersist
retry="30 30 300 +"
attrs="*,+"
EOF
root@chimera:~# systemctl enable --now slapd