This blog explains the process of configuring OpenLDAP server on Ubuntu OS with the LDAP group creation steps.
At Clairvoyant, we use centralized authentication for user management for the Hadoop cluster users. Borrowing from that expertise, this blog discusses a step-by-step process of how to install OpenLDAP Server and configuring OpenLDAP Client for centralized authentication.
Login to the Ubuntu LDAP server with your ssh credential:
# sudo apt-get update
# sudo apt install slapd ldap-utils
- It will ask you to set a password for the admin entry in the LDAP directory.
- Once that is done, slapd will be automatically started. You can check its status with:
The installation process will install openLDAP server package without any configurations. To have our OpenLDAP server running properly, we need to do some basic post-installation OpenLDAP configuration. Run the following command to start the OpenLDAP configuration wizard:
# sudo dpkg-reconfigure slapd
Below are a few questions and their answers:
- Omit LDAP server Linux configuration: NO.
- DNS domain name: Enter your domain name. It will ask you to set a correct A record for your domain name. You can also use a domain example.com.
This information is used to create the base Distinguished Name (DN) of the LDAP directory:
- Organization name: Enter your organization name
- Administrator password: Enter the same password set during installation of openLDAP.
- Database backend: MDB.
- Do you want the database to be removed when slapd is purged? -> No.
- Move old database? -> Yes.
- Allow LDAPv2 protocol? No. The latest version of LDAP is LDAP v.3, developed in 1997. LDAPv2 is obsolete.
Your OpenLDAP server is now ready to use.
“/etc/ldap/ldap.conf” is the configuration file for all OpenLDAP clients. Open this file.
You need to specify two parameters: the base DN and the URI of your OpenLDAP server.
Copy and paste the following text at the end of the file. Replace your-domain and com as appropriate
# vi /etc/ldap/ldap.conf
BASE dc=hadoop,dc=com
URI ldap://192.17.229.1 or ldap://ldap01.hadoop.com:389
“Result: 0 Success” indicates that OpenLDAP server is working fine. If you get the following line, then it’s not working. “No such object (32)”
Use of ldapadd command for users and groups.
- Add a LDAP Group using the ldapadd command given below
- Create a ldif file for the group
# cat hdp_cluster.ldif
dn: cn=hdp_cluster,ou=groups,dc=hadoop,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 1273800098
# ldapadd -x -W -D “cn=admin,dc=hadoop,dc=com” -f hdp_cluster.ldif
# ldapsearch -x -W -D “cn=admin,dc=hadoop,dc=com” “(objectclass=*)”
# apt-get install ldap-auth-client nscd
- During this client installation, you will be prompted for details of your LDAP server.
- Configure the LDAP Ubuntu profile after you install LDAP server for NSS by running
# sudo auth-client-config -t nss -p lac_ldap
# vi /usr/share/pam-configs/mkhomedir
Name: Create home directory on login
Default: yes
Priority: 900
Session-Type: Additional
Session:
required pam_mkhomedir.so umask=0022 skel=/etc/skel
Save the changes and close the file.
# /etc/init.d/nsd restart
# update-rc.d nscd defaults
# getent passwd userid
Hope you understood how to install OpenLDAP server and configure OpenLDAP client. Don’t forget to check out our data operation services for all your business requirements.