How to Setup LDAP server in CentOS 6

  • Ryan

    Thanks, just what I was looking for!
    Maybe you should mention ‘chkconfig’ for the services to start automatically after reboot.

    • SK

      Thanks to pointing out. Post is now updated.

  • skin care

    whoah this weblog is wonderful i like reading your posts.
    Stay up the good work! You realize, a lot of individuals are
    searching round for this info, you can help them greatly.

  • Robin

    how to secure the 389 ds so that only users with given username and password only can use the directory server?

  • SK

    Hi Robin,
    The users only created from 389-ds admin console can access the server. Is that you looking for? You can access the 389-ds console using the command “389-console” from the terminal.

    If you need further clarification about securing 389-ds, refer the below offical link.

  • Robin

    Thanks for reply SK. What I meant was, if I setup the 389 DS then I put the IP to Microsoft Outlook address book then I want only registered users can connect. Is there anyway to do that? Thanks

    • SK

      Robin Sorry i didn’t check with outlook yet. Once i check out with it, i will get back to you. Currently i deleted the LDAP server setup from my testbox. I will certainly look into your question and will reply ASAP.

      • Robin

        Hi SK, so did you manage to check it? I’m still searching too though

  • kratos

    after running 389-console i can add user to each group i am also see them through the command:
    ldapsearch -x -b “dc=example,dc=com”
    but when i used : getent passwd ldapuser nothing happens. Do you have any idea about this ? I tried several times but i am not successful yet.
    /etc/nsswitch.conf already add ldap to passwd, shadow, group.

  • kratos

    Also can you point out how to create NEW ldap user with 389 server ? i tried with ldapadd but i am successful yet.
    how to migrate exist users and group in the system to ldap user/group with 389 server. I see a lot of migrate guidance but it is for openldap not for 389 server. I also tried command to migrate exist user but it doesn’t let me migrate to dif file.
    thank you so much!

    • SK

      Hi Kratos I will make an article as per your requirements soon. Stay tuned.

  • kratos

    thanks SK, any way i was run getent passwd ldapuser1 to see the result, It means that the 389 server and import ldif file to ldap database is working. But i have another issue when i login as ldapuser1. I typed correct password but ldap server doesnt let me in with the error “password is incorrect”. it can’t believe it because i use only 1 pass but…. ia m afraid what is different hashed key after using to convert ldapuser in /etc/passwd to -> ldif file. and the password for ldapuser is stored in /etc/shadow. It is really good point to figure out how the authentication works once you log in as ldapuser1 through LDAp server (authentication). Also i can not change the ldapuser1 password by myself. It keeps show up
    “system is offline password change not possible
    passwd: authentication token manipulation error”
    i am looking for solution for it ????

  • ocle

    Good Job SK,
    I like your work and it is very impressive. On my client getent passwd talks to my ldap server perfectly, but when i login as a regular user it fails. When am root on the client am able switch user with no problem. Can you tell me what am doing wrong?

  • david

    so what do i do now? how can i us this for authentication and login?

  • veerakumar

    Hi This is veera,
    Is there any way to configure ldap server to autheticate both linux and widows clients.If yes means please write down the steps here.Thanks

  • War

    SK, thanks for these awesome walk-through steps on installing and configuring 389 Directory Server. They were very helpful, but now I need to know how to setup password constraints on a system built in this manner.

    Can you provide me with a link, please, to make sure I am not taken off the beaten path? I have had a struggle getting this far that I hope that you can.

  • Hardik Acharya

    Hi, You haven’t marked changes made to sysctl.conf file in BOLD

    • SK

      Sorry about that. I updated the article. Thanks.