20 March 2015

Konfigurasi Server OpenLDAP dan phpLDAPadmin di RHEL 7

Sesuaikan nama DC, CN, password, user

1. Tambahkan repo EPEL 7
wget -c http://mirror.dionipe.net/fedora/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
yum localinstall epel-release-7-5.noarch.rpm
2. Pasang paket-paket yang dibutuhkan
yum install openldap-clients openldap-servers phpldapadmin migrationtools
3.  Jalankan layanan openldap-server
systemctl start slapd
systemctl enable slapd
systemctl status slapd
4. Muat skema standar
cd /etc/openldap/schema/
for U in *.ldif; do echo "Memuat skema $U... "; ldapadd -H ldapi:/// -f $U; done
cd
5. Set Database Suffix
cat suffix.entry
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=azoebs,dc=com

ldapmodify -H ldapi:/// -f suffix.entry
6. Set Root DN
cat rootdn.entry
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=manager,dc=azoebs,dc=com

ldapmodify -H ldapi:/// -f rootdn.entry
7. Set Password Root
slappasswd
New password:
Re-enter new password:
{SSHA}EPHnQJa7TZqZ7Pa2Xf9OIVF8HbEQvwMW

cat rootpw.entry
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}EPHnQJa7TZqZ7Pa2Xf9OIVF8HbEQvwMW

ldapmodify -H ldapi:/// -f rootpw.entry
8. Edit file konfigurasi phpLDAPadmin:
vim /etc/phpldapadmin/config.php
$servers->setValue('server','host','127.0.0.1');
$servers->setValue('server','base',array('dc=azoebs,dc=com'));
$servers->setValue('login','bind_id','cn=manager,dc=azoebs,dc=com');
$servers->setValue('login','attr','dn');
9. Edit konfigurasi alias phpLDAPadmin di httpd
vim /etc/httpd/conf.d/phpldapadmin.conf
  IfModule mod_authz_core.c>
    # Apache 2.4
    Require all granted
  /IfModule>
10. Jalankan layanan httpd
systemctl start httpd
systemctl enable httpd
systemctl status httpd
11. Tambah service http di firewall
firewall-cmd --add-service=http --permanent
firewall-cmd --reload

firewall-cmd --list-services
12. Aktifkan otentikasi lewat LDAP pada SELinux
setsebool -P allow_ypbind=1
13. Login phpLDAPadmin
Login DN: cn=manager,dc=azoebs,dc=com
Password:



Uji menambahkan ldif

1. Impor ldif object organization (o) dan organizational unit (ou) seperti berikut:
dn: dc=azoebs,dc=com
objectclass: dcObject
objectclass: organization
o: azoebs
dc: azoebs

dn: ou=People,dc=azoebs,dc=com
objectClass: organizationalUnit
ou: People
2. Buat satu user Linux
useradd utian
passwd utian
grep utian /etc/passwd > passwd.utian
/usr/share/migrationtools/migrate_passwd.pl passwd.utian passwd.utian.ldif
3. Import ldif account passwd.utian.ldif di phpLDAPadmin
cat passwd.utian.ldif
dn: uid=utian,ou=People,dc=azoebs,dc=com
uid: utian
cn: utian
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$6$3nfzV/Ts$WpiaHhHzUn5J7/mQRLbVqv9n6cd5tvk/xd9rrq3Y53v4GMhl1Rz9QEgdriwe107A9mSR7Zvn8ADvYmZo154cc.
shadowLastChange: 16505
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/utian

2 comments:

Saputro Aryulianto said...

5. Set Database Suffix
cat suffix.entry

6. Set Root DN
cat rootdn.entry

udah nyobain lahkah-nya dari awal tapi bingung di langkah ini, bisa dijelaskan 'cat' yang dimaksud di langkah 5 dan 6 ini pak :) terima kasih

Utian said...

itu maksudnya bikin berkas teks yang isinya kalo "di-cat" seperti itu bosss :D