Installing & Configuring OpenLDAP Server CentOS 6.5

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network.

A common usage of LDAP is to provide a single sign on where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet).

yum install openldap-servers openldap-clients

Edit your ldap.conf file and enter the IP address or domain name of your server:
vi /etc/openldap/ldap.conf

URI ldap://

BASE dc=my-domain,dc=com

Copy the sample files from /usr/share/openldap to /etc/openldap and var/lib/ldap

cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Setup a new LDAP Admin password:

New password:

Re-enter new password:

Copy the encrypted password from STDOUT as it will need to be put in to configuration.
Search and replace the “dc=my-domain” with “dc=my-domain”
replace the rootpw password with above encrypted password so it looks like

rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

create a new file root.ldif with following content

dn: dc=my-domain,dc=com
objectClass: dcObject
objectClass: organization
dc: my-domain
o: my-domain
dn: ou=groups,dc=my-domain,dc=com
ou: groups
objectClass: organizationalUnit
dn: ou=people,dc=my-domain,dc=com
ou: people
objectClass: organizationalUnit

Remove everything in slapd.d dir and tell the slapd for root.ldif file
rm -rf /etc/openldap/slapd.d/*

slapadd -n 2 -l /root/root.ldif

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
Set the appropriate permissions:

chown -R ldap:ldap /var/lib/ldap

chown -R ldap:ldap /etc/openldap/slapd.d
Make sure the service is active on the runlevel 3:
chkconfig –level 235 slapd on
service slapd start
cd /etc/pki/tls/certs

rm slapd.pem

make slapd.pem

chmod 640 slapd.pem

chown :ldap slapd.pem

ln -s /etc/pki/tls/certs/slapd.pem /etc/openldap/cacerts/slapd.pem
vi /etc/sysconfig/ldap

vi /etc/openldap/slapd.conf

TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

TLSCertificateFile /etc/pki/tls/certs/slapd.pem

TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

vi /etc/openldap/ldap.conf

TLS_CACERTDIR /etc/openldap/cacerts


Test if everything is up and working fine:

rm -rf /etc/openldap/slapd.d/*

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

chown -R ldap:ldap /etc/openldap/slapd.d

service slapd restart
ldapsearch -x -ZZ -h localhost #(TLS)

ldapsearch -x -H ldaps://localhost #(SSL)

You must be logged in to post a comment.