yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel
systemctl start slapd
systemctl enable slapd
netstat -antup | grep -i 389
slappasswd -h {SSHA} -s XXXXX
vi db.ldif
ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
vi monitor.ldif
ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap:ldap /var/lib/ldap/*
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
vi base.ldif
ldapadd -x -W -D "cn=admin,dc=local" -f base.ldif
ldapsearch -x cn=admin -b dc=local
firewall-cmd --permanent --add-service=ldap
firewall-cmd --reload
vi /etc/rsyslog.conf
systemctl restart rsyslog
openssl req -new -x509 -nodes -out /etc/openldap/certs/localldap.crt -keyout /etc/openldap/certs/localldap.key -days 1460
chown -R ldap:ldap /etc/openldap/certs/local*
ll /etc/openldap/certs/local*
vi certs.ldif
ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif
slaptest -u
cd /etc/openldap/certs/
openssl genrsa -out localrootCA.key 2048
openssl req -x509 -new -nodes -key localrootCA.key -sha256 -days 1024 -out localrootCA.pem
openssl genrsa -out localldap.key 2048
openssl req -new -key localldap.key -out localldap.csr
openssl x509 -req -in localldap.csr -CA localrootCA.pem -CAkey localrootCA.key -CAcreateserial -out localldap.crt -days 1460 -sha256
chown -R ldap:ldap /etc/openldap/certs/local*
vi certs.ldif
ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif
slaptest -u
vi /etc/sysconfig/slapd
systemctl restart slapd
netstat -antup | grep -i 636
netstat -antup | grep slapd
firewall-cmd --permanent --add-service=ldaps
firewall-cmd --reload
vi raj.ldif
ldapadd -x -W -D "cn=admin,dc=local" -f raj.ldif
ldapsearch -x cn=raj -b dc=local
vi entries.ldif
ldapadd -x -W -D "cn=admin,dc=local" -f entries.ldif
yum install cyrus-sasl-ldap
vim /etc/sysconfig/saslauthd
vi /etc/saslauthd.conf
systemctl restart saslauthd
testsaslauthd -u yann.boutin -r ybn.fr -p password
testsaslauthd -u yann.boutin -r ybn.fr -p passwordd
testsaslauthd -u yann.boutin -p password -f /run/saslauthd/mux
Ref
- https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html
- https://www.itzgeek.com/how-tos/linux/centos-how-tos/configure-openldap-with-ssl-on-centos-7-rhel-7.html
- http://www.ybn.fr/linux-technical-library/smtp-authentication
