Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 11-13-2012, 12:05 PM   #1
Registered: Dec 2011
Location: Amish Country PA, USA
Distribution: CentOS 6.2
Posts: 104

Rep: Reputation: 3
LDAP server and NFS issues

First of all I'm using CentOS 6.3 and trying to install an LDAP server and NFS server. From there i want a client machine to access the server and authenticate using LDAP and mount the NFS directory. I'm having problems finding a how to guide for this. I have pieced together some different guides as best i could that made sense to me.

I have before set up a NFS server and a client to mount the NFS directory. I'm a little lost excatly how to make LDAP be used. i will post what i have done so fare here. Any help and or guidence would be very much appreciated. Both the server and the client are on VM's right now. i also did a
ldapsearch -x -H serverip
and the client could see the server.
Here is what i have done so far

TL;DR need help setting up a ldap and nfs server on a vm; and on the client authenticate using ldap to mount the nfs folder.

yum install openldap-servers openldap-clients migration tools

 Edit your ldap.conf file and enter the IP address or domain name of your server:
vi /etc/openldap/ldap.conf
URI ldap://
BASE dc=ldap,dc=com

Copy the sample files from /usr/share/openldap to /etc/openldap and var/lib/ldap:
cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
cp /usr/share/openldap-servers/DB_CONFIG.example  /etc/openldap/DB_CONFIG

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
cp /usr/share/openldap-servers/slapd.conf.obsolete /var/lib/ldap/slapd.conf

.Setup a new root password:
New password:   
Re-enter new password:
Copy the password as you need to enter the password in slapd.conf:

vi /etc/openldap/slapd.conf
:%s/dc=my-domain/dc=ldap/g  #This regex will replace all the instances of my-domain with your domain name.
rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

6. If this doesnt work i might want to look at another option at ldif files
Create a root.ldif file and enter the entries below:
vi /root/root.ldif
dn: dc=ldap,dc=com
dc: ldap
objectClass: dcObject
objectClass: organizationalUnit
dn: ou=staff,dc=ldap,dc=com
ou: staff
objectClass: organizationalUnit

Remove everything in slapd.d dir and tell the slapd for root.ldif file:
rm -rf /etc/openldap/slapd.d/*
slapadd -n 2 -l /root/root.ldif
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

Set the appropriate permissions:
chown -R ldap:ldap /var/lib/ldap
chown -R ldap:ldap /etc/openldap/slapd.d

Make sure the service is on on the runlevel 3:
chkconfig --level 235 slapd on
service slapd start

10. Might be able to skip this part
rm -rf /etc/openldap/slapd.d/*
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
chown -R ldap:ldap /etc/openldap/slapd.d
service slapd restart

Create an SSL certificate:
cd /etc/pki/tls/certs
rm slapd.pem
make slapd.pem
chmod 640 slapd.pem
chown :ldap slapd.pem
ln -s /etc/pki/tls/certs/slapd.pem /etc/openldap/certs/slapd.pem
vi /etc/sysconfig/ldap

vi /etc/openldap/slapd.conf
TLSCACertificatePath /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

vi /etc/openldap/ldap.conf
TLS_CACERTDIR /etc/openldap/certs

Test if everything is up and working fine:
rm -rf /etc/openldap/slapd.d/*
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
chown -R ldap:ldap /etc/openldap/slapd.d
service slapd restart
ldapsearch -x -ZZ -h localhost (TLS)
ldapsearch -x -H ldaps://localhost (SSL)  - i got an error here not too concerned right now

13. misc things i forgot to do

iptables -F
iptables -L

useradd testuser
passwd testuser
useradd m
passwd m

14. i didnít have any users in the ldap so....

The directory is to be used to manage the users, groups, hosts etc., openldap comes with a number of scripts that can be used to copy existing values into the directory. These scripts are installed into/usr/share/openldap/migration. Start by editing the script and replace all instances of the domain with the domain that you are using for your directory.

For example, in our case we are using the domain so substitute all string occurances of "padl" with "el01".

more than likely you will have errors that can be ignored.

Configuring a client to use LDAP


The client will need most of the programs we installed on the server.

yum install openldap{,-clients,-devel,} nss_ldap

On the client we can install NFS as follows 

yum install nfs-utils nfs-utils-lib

First edit the /etc/openldap.conf file to specify the directory server host IP address and the base DN used.
base dc=ldap,dc=com
Edit the /etc/nsswitch.conf file to specify all the entries that you would like to have resolved in ldap, specifying the resolution order. For example:-
passwd: files ldap
shadow: files ldap
group: files ldap

[root@dlp ~]# 
vi /etc/idmapd.conf
# line 5: uncomment and change to your domain name

Domain =

[root@dlp ~]# 
vi /etc/exports

Note: Some additional steps
Open /etc/nsswitch.conf and edit the entry 'hosts' and add the ldap first so clients can authenticate  from ldap:
vi /etc/nsswitch.conf
hosts: ldap files
Add the rule in firewall for port 636
iptables -I INPUT -m state --state NEW -p tcp -s --dport 636 -j ACCEPT
Old 11-14-2012, 06:06 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
so what is working and what is not? Clearly NFS is totally irrelevant here, so don't mention that again. there are some good milestones you can work to in order...

- doing an ldapsearch
- doing an ldapsearch and retrieving user / group data from the right base dn
- getting user accounts back from "getent passwd" after configuring nsswitch.conf / ldap.conf
- logging in

where are you on this list?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] openldap client fails to connect ldap server 'ldap_bind: Can't contact LDAP server' JALITE Linux - Server 12 09-30-2010 09:17 AM
NFS-Server missed LDAP-Answer and does not allow any further mounts fmayr Linux - Server 0 05-27-2010 03:40 AM
ldap server/client issues murra1a Linux - Server 2 02-01-2010 08:40 AM
Samba + LDAP server issues with group memberships havok1977 Linux - Server 2 05-06-2009 06:59 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:22 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration