Scribd
Upload
13 views3 pages

Ldap Abscisse

This document provides instructions for installing and configuring an LDAP server on CentOS. It describes downloading required packages, configuring the LDAP configuration file, generating a root password, importing schema files, adding an LDAP manager account, creating the LDAP directory structure, and installing and configuring PHPLDAPadmin for a web-based LDAP client.

Uploaded by

Ruben Assandja
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
13 views3 pages

Ldap Abscisse

This document provides instructions for installing and configuring an LDAP server on CentOS. It describes downloading required packages, configuring the LDAP configuration file, generating a root password, importing schema files, adding an LDAP manager account, creating the LDAP directory structure, and installing and configuring PHPLDAPadmin for a web-based LDAP client.

Uploaded by

Ruben Assandja
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

Install & configure Slapd on CentOS

installation de paquets et des dépendences


//Passer en mode root avec sudo su

dnf install epel-release


dnf -y install openldap openldap-servers openldap-clients --nobest
dnf -y install httpd
dnf -y install phpldapadmin
// j'installe aussi nano mon éditeur de texte favori
dnf -y install nano

Modifier la base de notre annuaire LDAP en ouvrant le fichier en dessous

sudo nano /etc/openldap/ldap.conf

Décommenter les lignes suivantes


BASE dc=asur,dc=local
URI ldap://192.168.8.32

Créer le mot de passe root et le sauvegarder quelque part


slappasswd

//copier le mot de passe crypter generer {SSHA}F81Lm52jkS34c2dU4zFgnPY93hvk5X7R


et le copier dans ce fichier txt à olcRootPW:

systemctl start slapd

Créer le fichier LDIF de l'administrateur

nano rootpw.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}F81Lm52jkS34c2dU4zFgnPY93hvk5X7R

Importer le schema du root


ldapadd -Y EXTERNAL -H ldapi:/// -f rootpw.ldif

Importer les schémas de config de ldap


ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/openldap.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/dyngroup.ldif

********************************************************************
LE TERMINAL VOUS RENVOIE CES LIGNES
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"

SASL/EXTERNAL authentication started


SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=inetorgperson,cn=schema,cn=config"

SASL/EXTERNAL authentication started


SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=openldap,cn=schema,cn=config"

SASL/EXTERNAL authentication started


SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=dyngroup,cn=schema,cn=config"
*************************************************************************

Ajouter un manager à votre annuaire ldap


nano manager.ldif

dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=asur,dc=local

dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=asur,dc=local

dn: olcDatabase={2}mdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}F81Lm52jkS34c2dU4zFgnPY93hvk5X7R

Appliquer les modifications apportées

ldapmodify -Y EXTERNAL -H ldapi:/// -f manager.ldif


**********************************************************************
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}mdb,cn=config"

modifying entry "olcDatabase={2}mdb,cn=config"

modifying entry "olcDatabase={2}mdb,cn=config"


************************************************************************
Créer la base de notre organisation de l'annuaire
nano org.ldif

dn: dc=asur,dc=local
objectClass: top
objectClass: dcObject
objectclass: organization
o: asur Server
dc: asur

dn: cn=Manager,dc=asur,dc=local
objectClass: organizationalRole
cn: Manager
description: LDAP Manager

dn: ou=users,dc=asur,dc=local
objectClass: organizationalUnit
ou: Users

Appliquer les changements


ldapadd -x -D cn=Manager,dc=asur,dc=local -W -f org.ldif
*****************************************************************************
Enter LDAP Password:
adding new entry "dc=asur,dc=local"

adding new entry "cn=Manager,dc=asur,dc=local"

adding new entry "ou=users,dc=asur,dc=local"

****************************************************************************
Install de PHPLDAPADMIN
Configurer le host d'apache
vim /etc/httpd/conf.d/phpldapadmin.conf
Require all granted
Allow from 192.168.8.32

Modifier le fichier de configuration ouvrir avec nano -l pour afficher les numéros
des lignes
nano -l /etc/phpldapadmin/config.php

117 $config->custom->appearance['timezone'] = 'Africa/Libreille';


193 $config->custom->appearance['hide_template_warning'] = true;
322 $servers->setValue('server','name','Asur LDAP');
329 $servers->setValue('server','host','192.168.8.32');
332 $servers->setValue('server','port',389);
336 $servers->setValue('server','base',array('dc=asur,dc=local'));
364 $servers->setValue('login','bind_id',cn=Manager,dc=asur,dc=local);
369 $servers->setValue('login','bind_id','m1');
453 $servers->setValue('login','attr','dn');
454 // $servers->setValue('login','attr','uid');

systemctl disable --now firewalld


nano /etc/selinux/config SELINUX=disabled
init 6
systemctl restart slapd
systemctl restart httpd

PAM NSS

You might also like