This blog explains the process of configuring OpenLDAP server on Ubuntu OS with the LDAP group creation steps.
At Clairvoyant, we use centralized authentication for user management for the Hadoop cluster users. Borrowing from that expertise, this blog discusses a step-by-step process of installing OpenLDAP Server and configuring the OpenLDAP Client for centralized authentication.
Login to the Ubuntu server with your ssh credential:
# sudo apt-get update
# sudo apt install slapd ldap-utils
- It will ask you to set a password for the admin entry in the LDAP directory.
- Once that is done, slapd will be automatically started. You can check its status with:
The installation process will install the package without any configurations. To have our OpenLDAP server running properly, we need to do some basic post-installation configuration. Run the following command to start the configuration wizard:
# sudo dpkg-reconfigure slapd
Below are a few questions and their answers:
- Omit LDAP server configuration: NO.
- DNS domain name: Enter your domain name. It will ask you to set a correct A record for your domain name. You can also use a domain example.com.
This information is used to create the base Distinguished Name (DN) of the LDAP directory:
- Organization name: Enter your organization name
- Administrator password: Enter the same password set during installation.
- Database backend: MDB.
- Do you want the database to be removed when slapd is purged? -> No.
- Move old database? -> Yes.
- Allow LDAPv2 protocol? No. The latest version of LDAP is LDAP v.3, developed in 1997. LDAPv2 is obsolete.
Your OpenLDAP server is now ready to use.
“/etc/ldap/ldap.conf” is the configuration file for all OpenLDAP clients. Open this file.
You need to specify two parameters: the base DN and the URI of your OpenLDAP server.
Copy and paste the following text at the end of the file. Replace your-domain and com as appropriate
# vi /etc/ldap/ldap.conf
URI ldap://188.8.131.52 or ldap://ldap01.hadoop.com:389
“Result: 0 Success” indicates that OpenLDAP server is working fine. If you get the following line, then it’s not working. “No such object (32)”
Use of ldapadd command for users and groups.
- Add a LDAP Group using the ldapadd command given below
- Create a ldif file for the group
# cat hdp_cluster.ldif
# ldapadd -x -W -D “cn=admin,dc=hadoop,dc=com” -f hdp_cluster.ldif
# ldapsearch -x -W -D “cn=admin,dc=hadoop,dc=com” “(objectclass=*)”
# apt-get install ldap-auth-client nscd
- During this client installation, you will be prompted for details of your LDAP server.
- Configure the LDAP profile for NSS by running:
# sudo auth-client-config -t nss -p lac_ldap
# vi /usr/share/pam-configs/mkhomedir
Name: Create home directory on login
required pam_mkhomedir.so umask=0022 skel=/etc/skel
Save the changes and close the file.
# /etc/init.d/nsd restart
# update-rc.d nscd defaults
# getent passwd userid