<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2877026&amp;fmt=gif">

How to Install OpenLDAP Server and Configure the OpenLDAP Client?

By Jitendra Patil - August 27, 2021

This blog explains the process of configuring OpenLDAP server on Ubuntu OS with the LDAP group creation steps.

At Clairvoyant, we use centralized authentication for user management for the Hadoop cluster users. Borrowing from that expertise, this blog discusses a step-by-step process of installing OpenLDAP Server and configuring the OpenLDAP Client for centralized authentication.

Login to the Ubuntu server with your ssh credential:

# sudo apt-get update
# sudo apt install slapd ldap-utils

  • It will ask you to set a password for the admin entry in the LDAP directory.
  • Once that is done, slapd will be automatically started. You can check its status with:

The installation process will install the package without any configurations. To have our OpenLDAP server running properly, we need to do some basic post-installation configuration. Run the following command to start the configuration wizard:

# sudo dpkg-reconfigure slapd

Below are a few questions and their answers:

  • Omit LDAP server configuration: NO.
  • DNS domain name: Enter your domain name. It will ask you to set a correct A record for your domain name. You can also use a domain example.com.

This information is used to create the base Distinguished Name (DN) of the LDAP directory:

  • Organization name: Enter your organization name
  • Administrator password: Enter the same password set during installation.
  • Database backend: MDB.
  • Do you want the database to be removed when slapd is purged? -> No.
  • Move old database? -> Yes.
  • Allow LDAPv2 protocol? No. The latest version of LDAP is LDAP v.3, developed in 1997. LDAPv2 is obsolete.

Your OpenLDAP server is now ready to use.
/etc/ldap/ldap.conf” is the configuration file for all OpenLDAP clients. Open this file.

You need to specify two parameters: the base DN and the URI of your OpenLDAP server.
Copy and paste the following text at the end of the file. Replace your-domain and com as appropriate

# vi /etc/ldap/ldap.conf

BASE dc=hadoop,dc=com

URI ldap://192.17.229.1 or ldap://ldap01.hadoop.com:389

“Result: 0 Success” indicates that OpenLDAP server is working fine. If you get the following line, then it’s not working. “No such object (32)”

Use of ldapadd command for users and groups.

  • Add a LDAP Group using the ldapadd command given below
  • Create a ldif file for the group

# cat hdp_cluster.ldif

dn: cn=hdp_cluster,ou=groups,dc=hadoop,dc=com

objectClass: top

objectClass: posixGroup

gidNumber: 1273800098

# ldapadd -x -W -D “cn=admin,dc=hadoop,dc=com” -f hdp_cluster.ldif

# ldapsearch -x -W -D “cn=admin,dc=hadoop,dc=com” “(objectclass=*)”

# apt-get install ldap-auth-client nscd

  • During this client installation, you will be prompted for details of your LDAP server.
  • Configure the LDAP profile for NSS by running:

# sudo auth-client-config -t nss -p lac_ldap

# vi /usr/share/pam-configs/mkhomedir

Name: Create home directory on login

Default: yes

Priority: 900

Session-Type: Additional

Session:

required pam_mkhomedir.so umask=0022 skel=/etc/skel

Save the changes and close the file.

# /etc/init.d/nsd restart

# update-rc.d nscd defaults

# getent passwd userid

Author
Jitendra Patil

Senior Engineer- Data & Cloud Ops at Clairvoyant LLC

Tags: Authentication Openldap Ubuntu User Addition Configuration Data Operations