LDAP, or Lightweight Directory Access Protocol is a protocol for centrally managing related information. The most common & well known use of LDAP is as for centralized authentication. Install the required packages. On CENTOS 7 I had to change the following: sldaptest failed telling me to add '-u' parameter: so. Step by Step OpenLDAP Server Configuration on CentOS 7 / RHEL 7. OpenLDAP is an open-source implementation of Lightweight Directory Access Protocol developed by OpenLDAP project. LDAP is an Internet protocol that email and other programs use to look up contact information from a server.

• Install Qmail On Centos 7 Change Ldap Server
• Install Openldap Centos 7

This tutorial describes how to install and configure LDAP server (389-DS) in CentOS 7. About 389-DS Server. 389-DS (389 Directory Server) is an open source enterprise class LDAP server for Linux, and is developed by Red Hat community.

Two days ago, one of the website visitors was searching on the website for LDAP and found nothing, that drives me to make a post about LDAP server, so we fill the gaps and bring the loved content to the visitors.

Table of Contents

What is LDAP?

We know that Linux keeps registered users on /etc/passwd file, so if you want to access the machine, you must have a user defined on that file.

This is good when you are working one or few machines, but what if you have hundreds of machines or maybe thousands, and how you will maintain user management tasks like password modification or any other administrative task like somebody left the work and you need to close his account, would you go to every machine to do that?

That could be a nightmare, or you need to create a new account. In this case, we need a centralized user account management system, a database to keep all information related to user accounts.

The most used solution for this problem is the Lightweight Directory Access Protocol (LDAP).

LDAP uses the usual client/server paradigm.

Uses of LDAP

LDAP not only keeps a list of users, but you can also use it as storage for your files.

It can be used for authenticating users as we mentioned above.

You can store DNS records in LDAP server.

LDAP can be used as a yellow pages directory service for an organization to provide information about users or employees, departments, contact information, phone numbers, addresses, private data or whatever.

LDAP Server Implementations

LDAP is an open standard protocol, many companies make its own implementation of the protocol.

There are commercial implementations of LDAP like:

• Microsoft Active Directory.
• Oracle Internet Directory.
• Oracle Unified Directory.
• IBM Security Directory Server.
• UnboundID Directory Server.
• NetIQ eDirectory or eDirectory.
• CA Directory or CA eTrust Directory.

And free open source implementations like:

• OpenLDAP.
• ForgeRock OpenDJ.
• Apache DS.
• 389 Directory Server.

In this post, we will use OpenLDAP which is very common and loved by the community.

OpenLDAP is the open source implementation of LDAP that runs on Linux/UNIX systems.

Installing OpenLDAP

To install OpenLDAP you have to install openldap, openldap-servers and openldap-clients packages.

$yum-yinstall openldap openldap-servers openldap-clients

Or if you are using CentOS 7, you can use dnf or Dandified Yum

$dnf-yinstall openldap openldap-servers openldap-clients

If you are using a Debian based system like Ubuntu, you can install it like this:

We specify a series of attributes, like domain component ( dc ), distinguished name ( dn ), and organization ( o ).

According to the type of the object we are creating which is dcObject in our case, some attributes are required, others are optional.

You check the schema according to your system.

On CentOS 6, you can go to /etc/openldap/slapd.d/cn=config/cn=schema

On CentOS 7, you can go to /etc/openldap/schema

Or you can use grep command to get the .schema files from your system.

The object organization in our example is in cn={1}core.ldif file on CentOS 6 or core.schema file on CentOS 7.

As we can see, the only required attribute is o which is the organization.

Now we can use the ldapadd command to add our object:

$ldapadd-fmyobj.ldif-Dcn=admin,dc=likegeeks,dc=local-wmypass

We specify the filename using -f, the admin user using -D and the password using -w.

You can check if the entry was created using the ldapsearch command:

$ldapsearch-x-bdc=likegeeks,dc=local

Adding Organizational Units

You can add organizational unit (ou). First, create a new LDIF file. Let’s name it users.ldif, and put this:

If you are using CentOS 7 you should encrypt passwords using slappasswd command before putting it in your LDIF file like this:

$slappasswd

Then we copy the encrypted password on the ldif file, so the file will be like this:

Now you can access your phpldapadmin like this:

http://server_domain_name_or_IP/ldap

in my example, I will use:

http://likegees.local/ldap

On login DN field you will use something like the following:

cn=admin,dc=likegeeks,dc=local

You can do all we’ve done in this web interface, adding users, organizations, and groups.

I hope you find the tutorial useful and easy. We can’t cover all LDAP server uses in one post, but this was a brief look into LDAP protocol and how to use it.

Thank you.

Install Openldap Centos 7

I'm following this OpenLDAP step by step tutorial: http://www.server-world.info/en/note?os=CentOS_7&p=openldap&f=1Important: I'm working on CentOS 7

But when in the first part I try to start slapd with: systemctl start slapd, it throws me an error that I can't solve.

I looked for in web, StackOverflow and Server Fault but anyone has the same problem.

This is the error:

And here the stack trace or error when I check the systemctl status.

My question is: How can I do? Is there any solution? Or what is the guideline to follow for fix the problem?

How I can start to solve this?

3 Answers

Use CentOS OpenLDAP help page. It is very concise and no fluff. Prior to doing so - please revert all the config files to their original state. Can be confirmed via:

If above command shows any files modified - either remove and reinstall openldap-server or fetch files over from backup.

I also used that guide to set up OpenLDAP on CentOS 7. Once I only installed openldap-servers without the client and it completely failed; there were permissions issues and slapd failed to start, etc. I agree with others about starting over and following the directions exactly.

But even so, there are some issues in the guide that are helpful to have documented:

• If you copy-paste from the guide into the ldif files, be sure to fix any wrapped lines, they caused errors for me (chdomain.ldif in particular).
• In basedomain.ldif, o: Server World and dc: Server should be changed to the correct domain, otherwise you get this error:

  ldap_add: Naming violation (64) additional info: value of single-valued naming attribute 'dc' conflicts with value present in entry

• The final ldapadd command should also be changed to the correct domain or else you will get invalid credentials errors.

Those errors really weren't intuitive, but I was able to complete the guide and configure OpenLDAP.

You have some kind of error in your configuration files. At the very least, you made an error when creating your initial config file and likely changed what's stated in the tutorial:

The tutorial states:

but OpenLDAP tries to create /openldap/slapd.pid, which can't work as /openldap won't exist as a directory.

Start over from scratch.

Not the answer you're looking for? Browse other questions tagged centosldapopenldapcentos7 or ask your own question.