LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Blogs > unni.kpr@gmail.com
User Name
Password

Notices

Rate this Entry

LDAP SERVER on CENTOS 6

Posted 12-23-2011 at 05:22 AM by unni.kpr@gmail.com

Hi to all
I searched a lot to find a way to configure LDAP 2.4.X in my centos 6 server.Please help me to configure the ldap in centos 6 if possible provide help for Ldap + SMB .Please :|

Regards
Unnikrishnan P R
unni.kpr@gmail.com
Posted in Uncategorized
Views 3210 Comments 1
« Prev     Main     Next »
Total Comments 1

Comments

  1. Old Comment
    I have this Working

    yum install openldap-server openldap-client

    slappasswd -- genarate a password

    /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}bdb.ldif (look for *dbd.ldif file to update password )

    add a line at lsat
    olcRootPW: <Password> <-- Keep the format

    change dc=my-domain,dc=com as u r DN like (cange Manager to desier auth name)

    etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}monitor.ldif (look for *monitor.ldif to update ) monitoring valuses chande DN and manager to sesierd..

    cp /usr/share/openldap-servers-2.4.19/ DB_CONFIG.example /var/lib/ldap/DB_CONFIG

    chown -R ldap:ldap /var/lib/ldap/
    Check for message
    # slaptest -u <--command
    config file testing succeeded

    install migration tools and create base.ldif file file and import


    SCRIPT TO MANAGE LDAP AND SAMAB USERS


    #!/bin/sh
    user_loop()
    {
    value_user=`expr $value_user + 1`
    getent passwd | cut -d: -f 3 | grep -x $value_user &> /dev/null
    if [ $? = 0 ]
    then
    user_loop
    echo $value_user > /root/.uid
    else
    pw_ldif
    gp_ldif
    adduser
    addgroup
    smb_add
    perm
    file_rm
    echo $value_user > /root/.uid
    fi
    }
    file_check()
    {
    if [ -f /root/.uid -a -f /root/.admin -a -f /root/.path -a -f /root/.dn ]
    then
    #echo Last UID : `cat /root/.uid`
    echo Ldap Admin Manager Name : `cat /root/.admin`
    echo Ldap DN Valuses "[dc=example,dc=com ]" : `cat /root/.dn`
    echo Ldap User Default Directory : `cat /root/.path`
    mkdir -p `cat /root/.path` &>/dev/null
    else
    echo 999 > /root/.uid
    read -p "Ldap Admin Manager Name :" nam
    echo $nam > /root/.admin
    read -p "Ldap DN Valuses [dc=example,dc=com ] :" dn
    echo $dn > /root/.dn
    read -p "Ldap User Default Directory [Enter Last without /]:" dir
    echo $dir > /root/.path
    fi
    }
    perm()
    {
    mkdir `cat /root/.path`/$u &> /dev/null
    chmod 2770 `cat /root/.path`/$u
    chown root:$u `cat /root/.path`/$u
    cp /home/$HOSTNAME/.* `cat /root/.path`/$u &>/dev/null
    }
    file_rm()
    {
    rm -rf /tmp/1.ldif /tmp/2.ldif
    }
    pw_ldif()
    {
    touch /tmp/1.ldif
    echo dn: uid=$u,ou=People,`cat /root/.dn` >> /tmp/1.ldif
    echo uid: $u >> /tmp/1.ldif
    echo cn: $u >> /tmp/1.ldif
    echo objectClass: account >> /tmp/1.ldif
    echo objectClass: posixAccount >> /tmp/1.ldif
    echo objectClass: top >> /tmp/1.ldif
    echo objectClass: shadowAccount >> /tmp/1.ldif
    echo userPassword: $p >> /tmp/1.ldif
    echo shadowLastChange: 15335 >> /tmp/1.ldif
    echo shadowMin: 0 >> /tmp/1.ldif
    echo shadowMax: 99999 >> /tmp/1.ldif
    echo shadowWarning: 7 >> /tmp/1.ldif
    echo loginShell: /bin/bash >> /tmp/1.ldif
    echo uidNumber: $value_user >> /tmp/1.ldif
    echo gidNumber: $value_user >> /tmp/1.ldif
    echo homeDirectory: `cat /root/.path`/$u >> /tmp/1.ldif
    }
    gp_ldif()
    {
    touch /tmp/2.ldif
    echo dn: cn=$u,ou=Group,`cat /root/.dn`>> /tmp/2.ldif
    echo objectClass: posixGroup >> /tmp/2.ldif
    echo objectClass: top >> /tmp/2.ldif
    echo cn: $u >> /tmp/2.ldif
    echo userPassword: {crypt}x >> /tmp/2.ldif
    echo gidNumber: $value_user >> /tmp/2.ldif
    }
    checkuid_f()
    {
    id $u &>/dev/null
    if [ $? = 0 ]
    then
    echo User Name $u Exist
    exit 0
    fi
    }
    checkuid_f_del()
    {
    id $u &>/dev/null
    if [ $? = 1 ]
    then
    echo User $u not Found in DataBase
    exit 0
    fi
    }
    adduser()
    {
    ldapadd -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" -w $l -f /tmp/1.ldif &>/dev/null
    }
    addgroup()
    {
    ldapadd -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" -w $l -f /tmp/2.ldif &>/dev/null
    }
    smb_add()
    {
    (echo $p;echo $p) | smbpasswd -a -s -U $u &>/dev/null
    smbpasswd -e $u &>/dev/null
    service smb restart &>/dev/null
    }
    input()
    {
    echo "Welcome to Ldap Admin"
    echo -e "---------------------\n"
    stty -echo
    read -p "Enter a valid Password for User [$u] :" p
    echo
    read -p "Ldap Password :" l
    stty echo
    echo
    ldapsearch -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" -w $l &> /dev/null
    if [ $? == 0 ]
    then
    checkuid_f
    main_pro
    else
    echo "Wrong Ldap Password"
    exit 0
    fi
    #echo -e "\n$u\n$p\n$l"
    }
    input_del()
    {
    echo "Welcome to Ldap Admin"
    echo -e "---------------------\n"
    stty -echo
    read -p "Enter a valid Password for User [$u] :" p
    echo
    read -p "Ldap Password :" l
    stty echo
    echo
    ldapsearch -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" -w $l &> /dev/null
    if [ $? == 0 ]
    then
    checkuid_f_del
    main_pro
    else
    echo "Wrong Ldap Password"
    exit 0
    fi
    #echo -e "\n$u\n$p\n$l"
    }

    # Delete Section
    #================================
    userdel()
    {
    read -p "Enable Recursion [yes/no]: " rec
    if [ $rec == yes -o $rec == y -o $rec == ye ]
    then
    smbpasswd -x $u
    ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "uid=$u,ou=People,`cat /root/.dn`" -w $l
    ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "cn=$u,ou=Group,`cat /root/.dn`" -w $l
    rm -rf `cat /root/.path`/$u
    else
    smbpasswd -x $u
    ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "uid=$u,ou=People,cn=`cat /root/.dn`" -w $l
    ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "cn=$u,ou=Group,cn=`cat /root/.dn`" -w $l
    fi
    }
    userdel_modify()
    {
    value_user=`id -u $u`
    smbpasswd -x $u &>/dev/null
    ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "uid=$u,ou=People,`cat /root/.dn`" -w $l
    ldapdelete -x -D "cn=`cat /root/.admin`,`cat /root/.dn`" "cn=$u,ou=Group,`cat /root/.dn`" -w $l
    }
    # MOdify User Section
    #====================================
    ## Main Section
    main_pro()
    {
    getent passwd | grep 1000 &> /dev/null
    if [ $? = 1 ]
    then
    useradd -u 1000 $HOSTNAME
    user_loop
    else
    value_user=1000
    echo $value_user > /root/.uid
    user_loop
    fi
    }
    main_section()
    {
    PS3="Select an option to Manage LDAP users : "
    select value in USERADD USERDEL PASSWORD; do
    case $value in
    USERADD)
    file_check
    input
    break;;
    USERDEL)
    file_check
    input_del
    userdel
    break;;
    PASSWORD)
    file_check
    input_del
    userdel_modify
    pw_ldif
    gp_ldif
    adduser
    addgroup
    smb_add
    perm
    file_rm
    break;;
    *)echo Invalid Choice; break;;
    esac
    done
    }
    if [ $# == 0 ]
    then
    echo Key in Required
    pgrep slapd &>/dev/null && pgrem smb &>/dev/null
    if [ $? = 1 ]
    then
    echo Samba or Ldap Server Not Running
    exit 0
    fi
    else
    u=$1
    pgrep slapd &>/dev/null && pgrep smb &>/dev/null
    if [ $? == 0 ]
    then
    getent passwd | grep 1000 >/dev/null
    if [ $? == 1 ]
    then
    useradd -u 1000 $HOSTNAME &>/dev/null
    echo Initial user was configured Please Re run
    else
    main_section
    fi
    else
    echo Samba or Ldap Server Not Running
    fi
    fi
    Posted 01-17-2012 at 05:17 AM by unni.kpr@gmail.com unni.kpr@gmail.com is offline
 

  



All times are GMT -5. The time now is 10:11 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration