I just installed OpenLDAP. I used the steps I've posted below to do this installation. When I try to run an ldapsearch -x -b "dc=myserver,dc=ad,dc=dla,dc=mil" if fails with the error "ldap_result: Can't contact LDAP server (-1)" What did I miss? What am I doing wrong? Please help...
1. Install OpenLDAP.
yum install openldap-servers openldap-cleints nss-pam-ldapd migrationtools
2. Configure the firewall
edit the /etc/sysconfig/iptables add the following lines
-A INPUT -p udp -m state --state NEW -m udp --dport 389 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT
3. Edit the /etc/openldap/slapd.d files.
Edit the /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif file. Note: that it
will likely have to be done in more than one location in the file.
find: dc=my-domain,dc=com
replace with: dc=myserver,dc=ad,dc=dla,dc=mil
Then add these 3 lines at the end of the file bdb.ldif file:
olcRootPW: {SSHA}XgDV3A+6mBxYgXCLC4wuVUWRhEzjPNQq #value of slappasswd command
olcTLSCertificateFile: /etc/pki/tls/certs/slapdcert.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapdkey.pem
Edit the /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif file.
Replace: cn=manager,dc=my-domain,dc=com
with: cn=Manager,dc=myserver,dc=ad,dc=dla,dc=mil
4. Update database cache.
Run updatedb command
# updatedb
# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/
# mv /var/lib/ldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# chown -Rf ldap:ldap /var/lib/ldap/
5. Now we will need to set up a certificate for TLS.
Edit the /etc/sysconfig/ldap file and change SLAPD_LDAPS from no to yes.
#vi /etc/sysconfig/ldap
SLAPD_LDAPS=yes
Now we can create the certificate
# openssl req -new -x509 -nodes -out /etc/pki/tls/certs/slapdcert.pem -keyout /etc/pki/tls/certs/slapdkey.pem -days 365
The above will create the two required keys in the /etc/pki/tls/certs/ directory.
We need to make them readable for the ldap user.
# chown -Rf root:ldap /etc/pki/tls/certs/$cert.pem
# chmod -Rf 750 /etc/pki/tls/certs/$key.pem
6. test config file
# slaptest -u
you should see "config file testing succeeded"
7. start the service and check it
# service slapd start
# ldapsearch -x -b "dc=myserver,dc=ad,dc=dla,dc=mil"
1. Install OpenLDAP.
yum install openldap-servers openldap-cleints nss-pam-ldapd migrationtools
2. Configure the firewall
edit the /etc/sysconfig/iptables add the following lines
-A INPUT -p udp -m state --state NEW -m udp --dport 389 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT
3. Edit the /etc/openldap/slapd.d files.
Edit the /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif file. Note: that it
will likely have to be done in more than one location in the file.
find: dc=my-domain,dc=com
replace with: dc=myserver,dc=ad,dc=dla,dc=mil
Then add these 3 lines at the end of the file bdb.ldif file:
olcRootPW: {SSHA}XgDV3A+6mBxYgXCLC4wuVUWRhEzjPNQq #value of slappasswd command
olcTLSCertificateFile: /etc/pki/tls/certs/slapdcert.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapdkey.pem
Edit the /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif file.
Replace: cn=manager,dc=my-domain,dc=com
with: cn=Manager,dc=myserver,dc=ad,dc=dla,dc=mil
4. Update database cache.
Run updatedb command
# updatedb
# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/
# mv /var/lib/ldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
# chown -Rf ldap:ldap /var/lib/ldap/
5. Now we will need to set up a certificate for TLS.
Edit the /etc/sysconfig/ldap file and change SLAPD_LDAPS from no to yes.
#vi /etc/sysconfig/ldap
SLAPD_LDAPS=yes
Now we can create the certificate
# openssl req -new -x509 -nodes -out /etc/pki/tls/certs/slapdcert.pem -keyout /etc/pki/tls/certs/slapdkey.pem -days 365
The above will create the two required keys in the /etc/pki/tls/certs/ directory.
We need to make them readable for the ldap user.
# chown -Rf root:ldap /etc/pki/tls/certs/$cert.pem
# chmod -Rf 750 /etc/pki/tls/certs/$key.pem
6. test config file
# slaptest -u
you should see "config file testing succeeded"
7. start the service and check it
# service slapd start
# ldapsearch -x -b "dc=myserver,dc=ad,dc=dla,dc=mil"