Step by Step OpenLDAP Server Configuration on CentOS 7 / RHEL 7. OpenLDAP is an open-source implementation of Lightweight Directory Access Protocol developed by OpenLDAP project. LDAP is an Internet protocol that email and other programs use to look up contact information from a server.
Systemctl restart rsyslog LDAP client configuration to use LDAP ServerInstall the necessary LDAP client packages on the client machine. Yum install -y openldap-clients nss-pam-ldapdExecute the below command to add the client machine to LDAP server for single sign-on. Replace “192.168.1.10” with your LDAP server’s IP address or hostname. Authconfig -enableldap -enableldapauth -ldapserver= 192.168.1.10 -ldapbasedn='dc=itzgeek,dc=local' -enablemkhomedir -updateRestart the LDAP client service. Systemctl restart nslcd Verify LDAP LoginUse the getent command to get the LDAP entries from the LDAP server. Getent passwd rajOutput: raj:x:9999:100:Raj Admin (at) ITzGeek:/home/raj:/bin/bashScreenshot: OpenLDAP Server Configuration on CentOS 7 – Verify LDAP LoginTo verify the LDAP, log in using the LDAP user “ raj” on the client machine.
OpenLDAP Server Configuration on CentOS 7 – LDAP User login on the Client machineThat’s All.
OptionDescription-bSpecifies the starting point for the search. The value specified here must be a distinguished name that currently exists in the database. This is optional if the LDAPBASEDN environment variable has been set to a base DN. The value specified in this option should be provided in single or double quotation marks. For example:-b 'cn=Barbara Jensen,ou=Product Development,dc=example,dc=com'To search the root DSE entry, specify an empty string here, such as -b '.-DSpecifies the distinguished name with which to authenticate to the server. This is optional if anonymous access is supported by the server.
If specified, this value must be a DN recognized by the Directory Server, and it must also have the authority to search for the entries. For example, -D 'uid=bjensen,dc=example,dc=com'.-hSpecifies the hostname or IP address of the machine on which the Directory Server is installed. For example, -h server.example.com. If a host is not specified, ldapsearch uses the localhost.
Directory Server supports both IPv4 and IPv6 IP addresses.-lSpecifies the maximum number of seconds to wait for a search request to complete. For example, -l 300. The default value for the nsslapd-timelimit attribute is 3600 seconds. Regardless of the value specified, ldapsearch will never wait longer than is allowed by the server's nsslapd-timelimit attribute.-pSpecifies the TCP port number that the Directory Server uses. For example, -p 1049. The default is 389.
If -Z is used, the default is 636.-sSpecifies the scope of the search. The scope can be one of the following:base searches only the entry specified in the -b option or defined by the LDAPBASEDN environment variable.one searches only the immediate children of the entry specified in the -b option. Only the children are searched; the actual entry specified in the -b option is not searched.sub searches the entry specified in the -b option and all of its descendants; that is, perform a subtree search starting at the point identified in the -b option. This is the default.-wGives the password associated with the distinguished name that is specified in the -D option. If this option is not specified, anonymous access is used.
For example, -w diner892.-xSpecifies that the search results are sorted on the server rather than on the client. This is useful for sorting according to a matching rule, as with an international search. In general, it is faster to sort on the server rather than on the client.-zSets the maximum number of entries to return in response to a search request. For example, -z 1000. Normally, regardless of the value specified here, ldapsearch never returns more entries than the number allowed by the server's nsslapd-sizelimit attribute. However, this limitation can be overridden by binding as the root DN when using this command-line argument. When binding as the root DN, this option defaults to zero ( 0).
The default value for the nsslapd-sizelimit attribute is 2000 entries.