LDAP SERVER on CENTOS 6
Posted 12-23-2011 at 05:22 AM by unni.kpr@gmail.com
Hi to all
I searched a lot to find a way to configure LDAP 2.4.X in my centos 6 server.Please help me to configure the ldap in centos 6 if possible provide help for Ldap + SMB .Please :|
Regards
Unnikrishnan P R
unni.kpr@gmail.com
I searched a lot to find a way to configure LDAP 2.4.X in my centos 6 server.Please help me to configure the ldap in centos 6 if possible provide help for Ldap + SMB .Please :|
Regards
Unnikrishnan P R
unni.kpr@gmail.com
Total Comments 1
Comments
-
I have this Working
yum install openldap-server openldap-client
slappasswd -- genarate a password
/etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}bdb.ldif (look for *dbd.ldif file to update password )
add a line at lsat
olcRootPW: <Password> <-- Keep the format
change dc=my-domain,dc=com as u r DN like (cange Manager to desier auth name)
etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}monitor.ldif (look for *monitor.ldif to update ) monitoring valuses chande DN and manager to sesierd..
cp /usr/share/openldap-servers-2.4.19/ DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown -R ldap:ldap /var/lib/ldap/
Check for message
# slaptest -u <--command
config file testing succeeded
install migration tools and create base.ldif file file and import
SCRIPT TO MANAGE LDAP AND SAMAB USERS
#!/bin/sh
user_loop()
{
value_user=`expr $value_user + 1`
getent passwd | cut -d: -f 3 | grep -x $value_user &> /dev/null
if [ $? = 0 ]
then
user_loop
echo $value_user > /root/.uid
else
pw_ldif
gp_ldif
adduser
addgroup
smb_add
perm
file_rm
echo $value_user > /root/.uid
fi
}
file_check()
{
if [ -f /root/.uid -a -f /root/.admin -a -f /root/.path -a -f /root/.dn ]
then
#echo Last UID : `cat /root/.uid`
echo Ldap Admin Manager Name : `cat /root/.admin`
echo Ldap DN Valuses "[dc=example,dc=com ]" : `cat /root/.dn`
echo Ldap User Default Directory : `cat /root/.path`
mkdir -p `cat /root/.path` &>/dev/null
else
echo 999 > /root/.uid
read -p "Ldap Admin Manager Name :" nam
echo $nam > /root/.admin
read -p "Ldap DN Valuses [dc=example,dc=com ] :" dn
echo $dn > /root/.dn
read -p "Ldap User Default Directory [Enter Last without /]:" dir
echo $dir > /root/.path
fi
}
perm()
{
mkdir `cat /root/.path`/$u &> /dev/null
chmod 2770 `cat /root/.path`/$u
chown root:$u `cat /root/.path`/$u
cp /home/$HOSTNAME/.* `cat /root/.path`/$u &>/dev/null
}
file_rm()
{
rm -rf /tmp/1.ldif /tmp/2.ldif
}
pw_ldif()
{
touch /tmp/1.ldif
echo dn: uid=$u,ou=People,`cat /root/.dn` >> /tmp/1.ldif
echo uid: $u >> /tmp/1.ldif
echo cn: $u >> /tmp/1.ldif
echo objectClass: account >> /tmp/1.ldif
echo objectClass: posixAccount >> /tmp/1.ldif
echo objectClass: top >> /tmp/1.ldif
echo objectClass: shadowAccount >> /tmp/1.ldif
echo userPassword: $p >> /tmp/1.ldif
echo shadowLastChange: 15335 >> /tmp/1.ldif
echo shadowMin: 0 >> /tmp/1.ldif
echo shadowMax: 99999 >> /tmp/1.ldif
echo shadowWarning: 7 >> /tmp/1.ldif
echo loginShell: /bin/bash >> /tmp/1.ldif
echo uidNumber: $value_user >> /tmp/1.ldif
echo gidNumber: $value_user >> /tmp/1.ldif
echo homeDirectory: `cat /root/.path`/$u >> /tmp/1.ldif
}
gp_ldif()
{
touch /tmp/2.ldif
echo dn: cn=$u,ou=Group,`cat /root/.dn`>> /tmp/2.ldif
echo objectClass: posixGroup >> /tmp/2.ldif
echo objectClass: top >> /tmp/2.ldif
echo cn: $u >> /tmp/2.ldif
echo userPassword: {crypt}x >> /tmp/2.ldif
echo gidNumber: $value_user >> /tmp/2.ldif
}
checkuid_f()
{
id $u &>/dev/null
if [ $? = 0 ]
then
echo User Name $u Exist
exit 0
fi
}
checkuid_f_del()
{
id $u &>/dev/null
if [ $? = 1 ]
then
echo User $u not Found in DataBase
exit 0
fi
}
adduser()
{
ldapadd -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" -w $l -f /tmp/1.ldif &>/dev/null
}
addgroup()
{
ldapadd -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" -w $l -f /tmp/2.ldif &>/dev/null
}
smb_add()
{
(echo $p;echo $p) | smbpasswd -a -s -U $u &>/dev/null
smbpasswd -e $u &>/dev/null
service smb restart &>/dev/null
}
input()
{
echo "Welcome to Ldap Admin"
echo -e "---------------------\n"
stty -echo
read -p "Enter a valid Password for User [$u] :" p
echo
read -p "Ldap Password :" l
stty echo
echo
ldapsearch -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" -w $l &> /dev/null
if [ $? == 0 ]
then
checkuid_f
main_pro
else
echo "Wrong Ldap Password"
exit 0
fi
#echo -e "\n$u\n$p\n$l"
}
input_del()
{
echo "Welcome to Ldap Admin"
echo -e "---------------------\n"
stty -echo
read -p "Enter a valid Password for User [$u] :" p
echo
read -p "Ldap Password :" l
stty echo
echo
ldapsearch -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" -w $l &> /dev/null
if [ $? == 0 ]
then
checkuid_f_del
main_pro
else
echo "Wrong Ldap Password"
exit 0
fi
#echo -e "\n$u\n$p\n$l"
}
# Delete Section
#================================
userdel()
{
read -p "Enable Recursion [yes/no]: " rec
if [ $rec == yes -o $rec == y -o $rec == ye ]
then
smbpasswd -x $u
ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "uid=$u,ou=People,`cat /root/.dn`" -w $l
ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "cn=$u,ou=Group,`cat /root/.dn`" -w $l
rm -rf `cat /root/.path`/$u
else
smbpasswd -x $u
ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "uid=$u,ou=People,cn=`cat /root/.dn`" -w $l
ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "cn=$u,ou=Group,cn=`cat /root/.dn`" -w $l
fi
}
userdel_modify()
{
value_user=`id -u $u`
smbpasswd -x $u &>/dev/null
ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "uid=$u,ou=People,`cat /root/.dn`" -w $l
ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "cn=$u,ou=Group,`cat /root/.dn`" -w $l
}
# MOdify User Section
#====================================
## Main Section
main_pro()
{
getent passwd | grep 1000 &> /dev/null
if [ $? = 1 ]
then
useradd -u 1000 $HOSTNAME
user_loop
else
value_user=1000
echo $value_user > /root/.uid
user_loop
fi
}
main_section()
{
PS3="Select an option to Manage LDAP users : "
select value in USERADD USERDEL PASSWORD; do
case $value in
USERADD)
file_check
input
break;;
USERDEL)
file_check
input_del
userdel
break;;
PASSWORD)
file_check
input_del
userdel_modify
pw_ldif
gp_ldif
adduser
addgroup
smb_add
perm
file_rm
break;;
*)echo Invalid Choice; break;;
esac
done
}
if [ $# == 0 ]
then
echo Key in Required
pgrep slapd &>/dev/null && pgrem smb &>/dev/null
if [ $? = 1 ]
then
echo Samba or Ldap Server Not Running
exit 0
fi
else
u=$1
pgrep slapd &>/dev/null && pgrep smb &>/dev/null
if [ $? == 0 ]
then
getent passwd | grep 1000 >/dev/null
if [ $? == 1 ]
then
useradd -u 1000 $HOSTNAME &>/dev/null
echo Initial user was configured Please Re run
else
main_section
fi
else
echo Samba or Ldap Server Not Running
fi
fiPosted 01-17-2012 at 05:17 AM by unni.kpr@gmail.com