Part I - 389 Directory Server on Centos 6.2

on
Configure the host name 
[root@ketoprak ~]#vi /etc/hosts
192.168.1.200 ketoprak.sidoel.com ketoprak

Install Centos Directory Server 
[root@localhost ~]# yum install nss-pam-ldapd nscd pam-ldap
[root@localhost ~]# yum install 389-ds-base*
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
 * base: centos.biz.net.id
 * rpmforge: ftp-stud.fht-esslingen.de
Setting up Install Process
Resolving Dependencies

Dependencies Resolved

===========================================================================================================================================
 Package                                    Arch                     Version                               Repository                 Size
===========================================================================================================================================
Installing:
 389-ds-base                                x86_64                   1.2.9.14-1.el6                        base                      1.4 M
 389-ds-base-devel                        x86_64                   1.2.9.14-1.el6                        base                       92 k
 389-ds-base-libs                           x86_64                   1.2.9.14-1.el6                        base                      362 k
Installing for dependencies:
 audit-libs-python                          x86_64                   2.1.3-3.el6                           base                       58 k
 cyrus-sasl-gssapi                          x86_64                   2.1.23-13.el6                         base                       33 k
 libcgroup                                     x86_64                   0.37-3.el6                            base                      104 k
 libicu                                           x86_64                   4.2.1-9.1.el6_2                       updates                   4.9 M
 libsemanage-python                     x86_64                   2.0.43-4.1.el6                        base                       81 k
 lm_sensors-libs                            x86_64                   3.1.1-10.el6                          base                       37 k
 net-snmp-libs                               x86_64                   1:5.5-37.el6_2.1                      updates                   1.5 M
 nspr-devel                                    x86_64                   4.8.8-3.el6                           base                      109 k
 nss-devel                                     x86_64                   3.12.10-17.el6_2                      updates                   168 k
 nss-softokn-devel                         x86_64                   3.12.9-11.el6                         base                       16 k
 nss-softokn-freebl-devel                x86_64                   3.12.9-11.el6                         base                       25 k
 nss-tools                                      x86_64                   3.12.10-17.el6_2                      updates                   749 k
 nss-util-devel                                x86_64                   3.12.10-2.el6                         base                       59 k
 openldap-clients                           x86_64                   2.4.23-20.el6                         base                      161 k
 perl-Mozilla-LDAP                          x86_64                   1.5.3-4.el6                           base                      160 k
 policycoreutils-python                   x86_64                   2.0.83-19.18.el6                      base                      337 k
 setools-libs                                  x86_64                   3.3.7-4.el6                           base                      400 k
 setools-libs-python                       x86_64                   3.3.7-4.el6                           base                      222 k
 svrcore                                       x86_64                   4.0.4-5.1.el6                         base                       15 k
 svrcore-devel                              x86_64                   4.0.4-5.1.el6                         base                      9.7 k
Updating for dependencies:
 nss                                            x86_64                   3.12.10-17.el6_2                      updates                   776 k
 nss-sysinit                                  x86_64                   3.12.10-17.el6_2                      updates                    30 k

Transaction Summary
===========================================================================================================================================
Install      23 Package(s)
Upgrade       2 Package(s)

Total download size: 12 M
Is this ok [y/N]: y

Centos repos didn't provide 389-ds package only 389-ds-base. so here I cannot run setup-ds-admin.pl it will provide admin account, I will fix it later for now I will use Directory Manager as an example to accessing the Database.
Run and configure the Default Directory Server Instance and Administration Server. 
[root@localhost ~]# setup-ds.pl

==============================================================================
This program will set up the 389 Directory Server.

It is recommended that you have "root" privilege to set up the software.
Tips for using this  program:
  - Press "Enter" to choose the default and go to the next screen
  - Type "Control-B" or the word "back" then "Enter" to go back to the previous screen
  - Type "Control-C" to cancel the setup program

Would you like to continue with set up? [yes]: yes

==============================================================================
Your system has been scanned for potential problems, missing patches,
etc.  The following output is a report of the items found that need to
be addressed before running this software in a production
environment.

389 Directory Server system tuning analysis version 10-AUGUST-2007.

NOTICE : System is x86_64-unknown-linux2.6.32-220.el6.x86_64 (1 processor).

ERROR  : Only 238MB of physical memory is available on the system. 256MB is the
recommended minimum. 1024MB is recommended for best performance on large production system.

NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds
(120 minutes).  This may cause temporary server congestion from lost
client connections.

WARNING: There are only 1024 file descriptors (hard limit) available, which
limit the number of simultaneous connections.  

WARNING: There are only 1024 file descriptors (soft limit) available, which
limit the number of simultaneous connections.  

ERROR  : The above errors MUST be corrected before proceeding.

Would you like to continue? [no]: yes

==============================================================================
Choose a setup type:

   1. Express
       Allows you to quickly set up the servers using the most
       common options and pre-defined defaults. Useful for quick
       evaluation of the products.

   2. Typical
       Allows you to specify common defaults and options.

   3. Custom
       Allows you to specify more advanced options. This is 
       recommended for experienced server administrators only.

To accept the default shown in brackets, press the Enter key.

Choose a setup type [2]: 2

==============================================================================
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
.
Example: eros.example.com.

To accept the default shown in brackets, press the Enter key.

Warning: This step may take a few minutes if your DNS servers
can not be reached or if DNS is not configured correctly.  If
you would rather not wait, hit Ctrl-C and run this program again
with the following command line option to specify the hostname:

    General.FullMachineName=your.hostname.domain.name

Computer name [ketoprak.sidoel.com.sidoel.com]: ketoprak.sidoel.com

==============================================================================
The server must run as a specific user in a specific group.
It is strongly recommended that this user should have no privileges
on the computer (i.e. a non-root user).  The setup procedure
will give this user/group some permissions in specific paths/files
to perform server-specific operations.

If you have not yet created a user and group for the server,
create this user and group using your native operating
system utilities.

System User [nobody]: 
System Group [nobody]: 

==============================================================================
The standard directory server network port number is 389.  However, if
you are not logged as the superuser, or port 389 is in use, the
default value will be a random unused port number greater than 1024.
If you want to use port 389, make sure that you are logged in as the
superuser, that port 389 is not in use.

Directory server network port [389]: 

==============================================================================
Each instance of a directory server requires a unique identifier.
This identifier is used to name the various
instance specific files and directories in the file system,
as well as for other uses as a server instance identifier.

Directory server identifier [ketoprak]: 

==============================================================================
The suffix is the root of your directory tree.  The suffix must be a valid DN.
It is recommended that you use the dc=domaincomponent suffix convention.
For example, if your domain is example.com,
you should use dc=example,dc=com for your suffix.
Setup will create this initial suffix for you,
but you may have more than one suffix.
Use the directory server utilities to create additional suffixes.

Suffix [dc=sidoel, dc=com]: 

==============================================================================
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and typically has a
bind Distinguished Name (DN) of cn=Directory Manager.
You will also be prompted for the password for this user.  The password must
be at least 8 characters long, and contain no spaces.
Press Control-B or type the word "back", then Enter to back up and start over.

Directory Manager DN [cn=Directory Manager]: 
Password: manager^123
Password (confirm): manager^123
Your new DS instance 'ketoprak' was successfully created.
Exiting . . .
Log file is '/tmp/setupzE1qqa.log'

It will generate instance database named slapd-ketoprak
the configuration you can find it at /etc/dirsrv/slapd-ketoprak 
[root@ketoprak slapd-ketoprak]# cd /etc/dirsrv/slapd-ketoprak/
[root@ketoprak slapd-ketoprak]# ls
cert8.db  certmap.conf  dse.ldif  dse.ldif.bak  dse.ldif.startOK  dse_original.ldif  key3.db  schema  secmod.db  slapd-collations.conf

See entire Database, using ldap search 
[root@ketoprak ~]# ldapsearch -x -b "dc=sidoel,dc=com"
# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# sidoel.com
dn: dc=sidoel,dc=com
objectClass: top
objectClass: domain
dc: sidoel

# Directory Administrators, sidoel.com
dn: cn=Directory Administrators,dc=sidoel,dc=com
objectClass: top
objectClass: groupofuniquenames
cn: Directory Administrators
uniqueMember: cn=Directory Manager

# Groups, sidoel.com
dn: ou=Groups,dc=sidoel,dc=com
objectClass: top
objectClass: organizationalunit
ou: Groups

# People, sidoel.com
dn: ou=People,dc=sidoel,dc=com
objectClass: top
objectClass: organizationalunit
ou: People

# Special Users, sidoel.com
dn: ou=Special Users,dc=sidoel,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Special Users
description: Special Administrative Accounts

# Accounting Managers, Groups, sidoel.com
dn: cn=Accounting Managers,ou=Groups,dc=sidoel,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Accounting Managers
ou: groups
description: People who can manage accounting entries
uniqueMember: cn=Directory Manager

# HR Managers, Groups, sidoel.com
dn: cn=HR Managers,ou=Groups,dc=sidoel,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: HR Managers
ou: groups
description: People who can manage HR entries
uniqueMember: cn=Directory Manager

# QA Managers, Groups, sidoel.com
dn: cn=QA Managers,ou=Groups,dc=sidoel,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: QA Managers
ou: groups
description: People who can manage QA entries
uniqueMember: cn=Directory Manager

# PD Managers, Groups, sidoel.com
dn: cn=PD Managers,ou=Groups,dc=sidoel,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: PD Managers
ou: groups
description: People who can manage engineer entries
uniqueMember: cn=Directory Manager

# search result
search: 2
result: 0 Success

# numResponses: 10
# numEntries: 9

Now I will add some account and group to the Database. Using ldif file.
add entries for user fazrie and Linux Group 
[root@ketoprak ~]# vi account.ldif
dn: cn=Linux Users,ou=Groups,dc=sidoel,dc=com
objectClass: posixGroup
objectClass: top
cn: Linux Users
userPassword: {crypt}x
gidNumber: 1001

dn: uid=fazrie,ou=People,dc=sidoel,dc=com
objectClass: top
objectClass: posixaccount
cn: Fazrie
gidNumber: 1001
homeDirectory: /home/fazrie
uid: fazrie
uidNumber: 1001
loginShell: /bin/bash
userPassword: {crypt}x

Insert the ldif file to Database usign ldapmodify commands 
[root@ketoprak ~]# ldapmodify -x -a -p 389 -h localhost -D "cn=Directory Manager" -w manager^123 -f account.ldif 
adding new entry "cn=Linux Users,ou=Groups,dc=sidoel,dc=com"

adding new entry "uid=fazrie,ou=People,dc=sidoel,dc=com"

Check the account we have been insert. 
[root@ketoprak ~]# ldapsearch -x -b "dc=sidoel,dc=com" | grep fazrie
# fazrie, People, sidoel.com
dn: uid=fazrie,ou=People,dc=sidoel,dc=com
homeDirectory: /home/fazrie
uid: fazrie
[root@ketoprak ~]# ldapsearch -x -b "dc=sidoel,dc=com" | grep Linux
# Linux Users, Groups, sidoel.com
dn: cn=Linux Users,ou=Groups,dc=sidoel,dc=com
cn: Linux Users

modify password ldap account 
[root@ketoprak ~]# ldappasswd -xv -D "cn=Directory Manager" -w manager^123 -S "uid=fazrie,ou=People,dc=sidoel,dc=com"
New password: fazrie
Re-enter new password: fazrie 
ldap_initialize(  )
Result: Confidentiality required (13)
Additional info: Operation requires a secure connection.
You can combine it with samba as pdc follow this link http://kura2gurun.blogspot.com/2011/06/samba-pdc-with-centos-directory-server.html

Comments

  1. AnonymousMay 31, 2012 at 6:22 AM

    There is definately a lot to learn about this topic.
    I really like all the points you made.
    My web site - retrieve mails from exchange server Outlook

    ReplyDelete
  2. Kashif Aziz AwanOctober 8, 2012 at 3:47 AM

    http://kura2gurun.blogspot.com/2012/01/part-ii-ldap-client-using-nsspamldap.html

    ReplyDelete
  3. Kashif Aziz AwanOctober 8, 2012 at 3:55 AM

    When i try to login:
    following error occures:

    login as: fazrie
    fazrie@192.168.0.2's password:
    Last login: Mon Oct 8 16:11:43 2012
    Could not chdir to home directory /home/fazrie: No such file or directory
    -bash-4.1$

    now what: How to automount home directory of any
    user on client machine?

    ReplyDelete
    Replies
    1. Setyadi FazrieOctober 9, 2012 at 4:25 AM

      hai kashif nice to meet you,

      you can make pam to create auto home dir for user ldap,
      you can follow the instruction at this link

      http://kura2gurun.blogspot.com/2011/08/automake-home-dir-for-ldap-user-when.html

      hope that can help you.
      thanks

      Delete
  4. UnknownOctober 26, 2013 at 1:34 AM

    how to configure the LDAP client side for 389 Directory Server

    ReplyDelete
  5. AverlaYerta_1998April 22, 2022 at 6:31 PM

    AverlaYerta_1998 Tammie Searle https://marketplace.visualstudio.com/items?itemName=viofigage.Descargar-Kriegsfront-Battlescaper---Diorama-Editor-gratuita
    manghydsirun

    ReplyDelete
  6. misspeco_piMay 31, 2022 at 3:34 PM

    misspeco_pi Jessica Ortiz Free Download
    lilerymus

    ReplyDelete
  7. vapofecroJuly 31, 2022 at 1:28 PM

    vapofecro Julie Peterman https://colab.research.google.com/drive/1W_h28y4qIvuuFQnSggR3juAJkxxNOalE
    download
    download
    click
    secdevernei

    ReplyDelete
  8. tuotiPtexiAugust 24, 2022 at 6:22 AM

    haerutincha Guy Nyhus programs
    Check it
    software
    rigehihea

    ReplyDelete
  9. Nmyrrfratnis_deSeptember 25, 2022 at 1:31 AM

    stinanZbron_se George Strickler Adobe After Effects
    Positive Grid BIAS FX 2 Elite 2.4.5.6360
    Rufus
    IObit Driver Booster Pro 9.5.0.237
    ulpleasransre

    ReplyDelete
  10. diathi0am-yo-MadisonSeptember 25, 2022 at 3:28 AM

    WpranelZtincme John Jonas Ableton Live Suite 11.1.6
    PhotoGlory
    LibreOffice 7.4
    Adobe Audition
    neyvolnasa

    ReplyDelete

Post a Comment