openLDAP and NFS installation

Posted by

LiNTEK (Who am I?)

Dec 12

PART 1. Installation

You will need the following packages to install openLDAP, you can find the RPMs in your centOS installation CDROM or in any yum repositories:

openldap
openldap-devel
nss_ldap
openldap-clients
openldap-servers

You can use yum to install these packages, see command below:

#yum install openldap openldap-devel nss_ldap openldap-clients openldap-servers
PART 2: Configuration

NOTE: LDAP databases are located in /var/lib/ldap directory.

a.) Create a root password for LDAP

#slappasswd
New password:
Re-enter new password:
{SSHA}thisisyourencryptedldaprootpassword
#

LDAP root password can (I recommend “must”) be different from your system’s root password, and like your system’s root password, you should remember it.

b.) Edit /etc/openldap/slapd.conf using your favorite text editor (vim, vi, pico, nano)

Leave everything in the slapd.conf as is except for the following:

database bdb
suffix “dc=ldapserver,dc=com”
rootdn “cn=root,dc=ldapserver,dc=com”
rootpw {SSHA}thisisyourencryptedldaprootpassword
directory /var/lib/ldap

c.) Make sure that /var/lib/ldap directory’s permission is set to 700 (chmod 700 /var/lib/ldap)
PART 3. Start the LDAP server

# service ldap start
Checking configuration files for slapd: config file testing succeeded
[ OK ]
Starting slapd: [ OK ]
#

Make sure LDAP server starts during boot time.

# chkconfig ldap on
PART 4. Convert system users to LDAP users

I assume that you’re already aware on how to add system users in your local Linux box using the command “useradd”.

a.) Use the command below to convert root as LDAP root user.

# grep root /etc/passwd > /etc/openldap/passwd.root

b.) Use the command below “during the first time” you will add users in your LDAP password file.

# grep arnel /etc/passwd > /etc/openldap/passwd.ldapusers

c.) After a local user is added, you may wish to add the rest of your local users to LDAP users, this is done almost similar to the command above, except that you have to use >> instead of >, why? because > replaces the file while >> appends the file.

# grep user2 /etc/passwd >> /etc/openldap/passwd.ldapusers
# grep user3 /etc/passwd >> /etc/openldap/passwd.ldapusers
.
.
# grep user100 /etc/passwd >> /etc/openldap/passwd.ldapusers

d.) Convert the database to *.ldif format, you will be needing /usr/share/openldap/migration/migrate_passwd.pl to to this.

Convert the database for root:
# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif

Convert the database for ordinary users:
# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/passwd.ldapusers /etc/openldap/ldapusers.ldif

You need to re-run the script for converting passwd.ldapusers file again if you add LDAP users in your system.

e.) Next step is to modify the newly created ldif files. You need to change dn entry to suit our scenario. So, default dn is dc=padl,dc=com and you need to change every word “padl” with word “ldapserver”.

Your root.ldif ends up looking like this

dn: uid=root,ou=People,dc=ldapserver,dc=com
uid: root
cn: root
PART 5. Create an LDIF file for domain ldapserver.com

Create /etc/openldap/ldapserver.com.ldif using your favorite text editor (vim, vi, nano, pico) and define the attributes and organizational unit called “People”.

#vi /etc/openldap/ldapserver.com.ldif

dn: dc=ldapserver,dc=com
dc: ldapserver
description: Attributes for ldapserver.com
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=People, dc=ldapserver,dc=com

ou: People
description: All LDAP users
ObjectClass: organizationalUnit

PART 6. Import the 3 LDIF files to LDAP (ldapserver.com.ldif, root.ldif and ldapusers.ldif)

#ldapadd -x -D “cn=root,dc=ldapserver,dc=com” -W -f /etc/openldap/ldapserver.com.ldif
Enter LDAP Password:
adding new entry “dc=ldapserver,dc=com”

adding new entry “ou=People, dc=ldapserver,dc=com”
#

#ldapadd -x -D “cn=root,dc=ldapserver,dc=com” -W -f /etc/openldap/root.ldif
Enter LDAP Password:
adding new entry “uid=root,ou=People,dc=ldapserver,dc=com”

adding new entry “uid=operator,ou=People,dc=ldapserver,dc=com”
#

#ldapadd -x -D “cn=root,dc=ldapserver,dc=com” -W -f /etc/openldap/ldapusers.ldif
Enter LDAP Password:
adding new entry “uid=arnel,ou=People,dc=ldapserver,dc=com”
PART 7. LDAP client configuration

ldap authentication must be added to /etc/nsswitch.conf of each client machine.

To do this, run the Authentication Configuration Tool (system-config-authentication) and select Enable LDAP Support under the User Information tab.

If editing /etc/nsswitch.conf by hand, add ldap to the appropriate lines.

passwd: files ldap
shadow: files ldap
group: files ldap
PART 8. Testing

You can test the configuration by logging in as arnel from a client linux PC (arnel must not be a local user in this client PC). Once authentication via LDAP is successful, you’ll be able to get a linux CLI which is normally a dollar sign.

Next step is to create an NFS server on the LDAP server and configure NFS client on each linux clients so that users can save their files in their directories inside the LDAP server.

PART 9. Create and NFS server on the LDAP server

Start with the config files for the NFS server, /etc/exports file that is. In this file, we want to export our /home folders to all the client machines in our LAN.

#vi /etc/exports

/home *(rw,sync)

Load the new configuration

#exportfs -a

You will be needing the following services to start NFS

portmap
nfslock
nfs

You should start these services by using the commands below:

# service portmap start
# service nfslock start
# service nfs start

You have to make sure that these services are started during startup:

# chkconfig portmap on
# chkconfig nfslockon
# chkconfig nfs on
PART 10. Configure NFS client on each machine

You should log in as local root in each workstations accessing the LDAP server and use the following configuration.

a.) Make sure that these services are running in the client computers:

#chkconfig portmap on
#chkconfig nfslockon
#chkconfig nfs on

b.) Enable autofs service during startup.

#chkconfig autofs on

c.) Clean the local /home folder in each workstations it they have existing files

#mv /home /home.old
# mkdir /home

d.) Test if you can mount the exported FS of the LDAP server from your workstation

# mount IPadd.of.your.ldapserver:/home /home/

e.) Configure autofs config files to automate the everything, starting with the master config file, /etc/master.conf Add the line to your auto.master file

/home /etc/auto.home

then, create auto.home file in /etc folder and edit it as follows

#/etc/auto.home
* -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp IPadd.of.your.LDAPserver:/home:&

NOTE: IPadd.of.your.LDAPserver must be replaced by the IP address of your LDAP server.

Your LDAP users must be able to mount their directory in the server to their local /home folder after a successful login.

Popularity: 1% [?]

Rate this:

2.5

Filed under: Linux, Net/Sys Admin, Tech Tips

2 Responses to “ openLDAP and NFS installation ”

benson (Who am I?) on December 12th, 2007 11:40 pm
A simple & excellent HOWTO. Can you make a version for Slackware 12?

Cheers!
Rate this:

2.5
LiNTEK (Who am I?) on December 13th, 2007 12:50 am
Benson,

The procedure is almost the same, except that you can’t use yum. You can download the latest tarball at http://www.openldap.org (OpenLDAP 2.4.6) and compile them.

Try to use the locate command to find migrate_passwd.pl in your slackware box.

#locate migrate_passwd.pl

then replace the folder /usr/share/openldap/migration/ (in part 4) if the file is located somewhere else.

Also, you have to chmod the services which will be running during startup to 755. these can be found in /etc/rc.d/ folder in slackware

Let me know if you come up with a problem during your slackware installation.

LiNTEK
Rate this:

2.5