[custom-header-login]
Installing and and using the openLDAP server is sometimes not the most simple of tasks; in order to simplify this Red Hat developed their IDM Directory Server which is at version 9.1 currently. This is available on CentOS and Fedora as the 389-ds and we will take a look at the preparation, installation and setup in this tutorial.
Hostname
I know from previous tutorials I have written that this is a step that is easily forgotten but you must be able to resolve the FQDN of you host that you will install the 389-ds on. This can be via the local hosts file or via DNS. In my system this is made via DNS but you will see that within the video I add in the local hosts entry to /etc/hosts, in my case, as:
192.168.0.76 ldap1.tup.com ldap1
IPTABLES
If you have a host based firewall then you will need to open up the following ports:
- 389
- 636
- 9830
Network Tuning
The following lines should be added or adjusted within the /etc/sysctl.conf
net.ipv4.tcp_keepalive_time = 300 net.ip_local_port_range = 1024 65535
Repositories
To obtain the software to install the 389-ds server and the dependencies you will need to add in the EPEL and REMI repositories. the repo files can be downloaded as an rpm and then installed to create the correct entries in /etc/yum.repos.d
wget http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm wget http://rpms.famillecollet.com/remi-release-20.rpm
Create Service Account
Rather than using the account ‘nobody’ which is the default we will create a user from 389-ds
useradd ldapuser passwd ldapuser
Installing
This then becomes a simple matter of installing but the install will add in java if not installed so is not small:
yum install -y 389-da openldap-clients
Configuring
There is a script to configure the server and this saves a lot of the hassle in creating the LDIF files for an initial setup with openLDAP. The video steps you through the script but to start:
setup-ds-admin.pl
Starting the GUI Console
The server can be managed from the GUI java console. this can be install on the server on on another client. For ease ours is on the server.
389-console -a http://ldap1.tup.com:9830
The video show this for you you and I hope you enjoy.