How to Setup LDAP server in CentOS 6

20 Responses

  1. Ryan says:

    Thanks, just what I was looking for!
    Maybe you should mention ‘chkconfig’ for the services to start automatically after reboot.

  2. skin care says:

    whoah this weblog is wonderful i like reading your posts.
    Stay up the good work! You realize, a lot of individuals are
    searching round for this info, you can help them greatly.

  3. Robin says:

    how to secure the 389 ds so that only users with given username and password only can use the directory server?

  4. SK says:

    Hi Robin,
    The users only created from 389-ds admin console can access the server. Is that you looking for? You can access the 389-ds console using the command “389-console” from the terminal.

    If you need further clarification about securing 389-ds, refer the below offical link.

  5. Robin says:

    Thanks for reply SK. What I meant was, if I setup the 389 DS then I put the IP to Microsoft Outlook address book then I want only registered users can connect. Is there anyway to do that? Thanks

    • SK says:

      Robin Sorry i didn’t check with outlook yet. Once i check out with it, i will get back to you. Currently i deleted the LDAP server setup from my testbox. I will certainly look into your question and will reply ASAP.

  6. kratos says:

    after running 389-console i can add user to each group i am also see them through the command:
    ldapsearch -x -b “dc=example,dc=com”
    but when i used : getent passwd ldapuser nothing happens. Do you have any idea about this ? I tried several times but i am not successful yet.
    /etc/nsswitch.conf already add ldap to passwd, shadow, group.

  7. kratos says:

    Also can you point out how to create NEW ldap user with 389 server ? i tried with ldapadd but i am successful yet.
    how to migrate exist users and group in the system to ldap user/group with 389 server. I see a lot of migrate guidance but it is for openldap not for 389 server. I also tried command to migrate exist user but it doesn’t let me migrate to dif file.
    thank you so much!

  8. kratos says:

    thanks SK, any way i was run getent passwd ldapuser1 to see the result, It means that the 389 server and import ldif file to ldap database is working. But i have another issue when i login as ldapuser1. I typed correct password but ldap server doesnt let me in with the error “password is incorrect”. it can’t believe it because i use only 1 pass but…. ia m afraid what is different hashed key after using to convert ldapuser in /etc/passwd to -> ldif file. and the password for ldapuser is stored in /etc/shadow. It is really good point to figure out how the authentication works once you log in as ldapuser1 through LDAp server (authentication). Also i can not change the ldapuser1 password by myself. It keeps show up
    “system is offline password change not possible
    passwd: authentication token manipulation error”
    i am looking for solution for it ????

  9. ocle says:

    Good Job SK,
    I like your work and it is very impressive. On my client getent passwd talks to my ldap server perfectly, but when i login as a regular user it fails. When am root on the client am able switch user with no problem. Can you tell me what am doing wrong?

  10. david says:

    so what do i do now? how can i us this for authentication and login?

  11. veerakumar says:

    Hi This is veera,
    Is there any way to configure ldap server to autheticate both linux and widows clients.If yes means please write down the steps here.Thanks

  12. War says:

    SK, thanks for these awesome walk-through steps on installing and configuring 389 Directory Server. They were very helpful, but now I need to know how to setup password constraints on a system built in this manner.

    Can you provide me with a link, please, to make sure I am not taken off the beaten path? I have had a struggle getting this far that I hope that you can.

  13. Hardik Acharya says:

    Hi, You haven’t marked changes made to sysctl.conf file in BOLD

  14. Amit Mittal says:

    It seems that 389-ds is not available at the location, how to resolve ?

    [[email protected] ~]# yum install 389-ds openldap-clients -y
    Loaded plugins: fastestmirror, refresh-packagekit, security
    Setting up Install Process
    Loading mirror speeds from cached hostfile
    * base:
    * extras:
    —————————————————> No package 389-ds available.
    Package openldap-clients-2.4.40-16.el6.x86_64 already installed and latest version
    Nothing to do

    [[email protected] ~]#
    -bash: command not found

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.