fluxcoil wiki

Howtos and notes

User Tools

Site Tools

Sidebar

software:kerberos:crossrealm:2_setup_openldap

Table of Contents

pki setup / ldaps-certificate

### create a CA on fed10
vi /etc/pki/tls/openssl.cnf
# set 'dir             = /etc/pki/tls'
touch /etc/pki/tls/index.txt
mkdir /etc/pki/tls/newcerts
echo 01 >/etc/pki/tls/serial
cd /etc/pki/CA
umask 077
openssl genrsa -out private/cakey.pem -des3 2048
openssl req -new -x509 -key private/cakey.pem -days 3650 >cacert.pem

### create ldap-server cert, on ldapserver
mkdir /etc/openldap
cd /etc/openldap
umask 077
openssl genrsa 1024 >slapd.key
openssl req -new -key slapd.key -out slapd.csr
# openssl req -in slapd.csr -noout -text # see contents of request
cp slapd.csr /etc/pki/tls
cd /etc/pki/tls
openssl ca -in slapd.csr -out slapd.crt
cp slapd.crt cacert.pem /etc/openldap

openldap setup

yum install openldap-server openldap-clients
cd /etc/openldap
chown ldap cacert.pem slapd.crt slapd.key
chmod 400 cacert.pem slapd.crt slapd.key
vi slapd.conf
# make sure core, cosine, nis and inetorgperson schema files are included, and ensure these settings:
TLSCACertificateFile /etc/openldap/cacert.pem 
TLSCertificateFile /etc/openldap/slapd.crt
TLSCertificateKeyFile /etc/openldap/slapd.key

database        bdb
suffix          "dc=fluxcoil,dc=net"
rootdn          "cn=Manager,dc=fluxcoil,dc=net"
rootpw          secret
---------------------------
cp /usr/share/doc/openldap-servers-*/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

chkconfig ldap on
service ldap start

openldap filling

cat >initial.ldif <<EOT
dn: dc=fluxcoil,dc=net
objectclass: dcObject
objectclass: organization
o: fluxcoil test labs
dc: fluxcoil

dn: cn=Manager,dc=fluxcoil,dc=net
objectclass: organizationalRole
cn: Manager

dn: ou=groups,dc=fluxcoil,dc=net
objectclass: organizationalUnit
ou: groups

dn: cn=group0,ou=groups,dc=fluxcoil,dc=net
objectClass: posixGroup
cn: group0
gidNumber: 1000

dn: ou=users,dc=fluxcoil,dc=net
objectclass: organizationalUnit
ou: users

dn: cn=user0,ou=users,dc=fluxcoil,dc=net
objectClass: person
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
cn: user0
givenName: Christian
sn: Horn
mail: chorm@domain.net
preferredLanguage: en
telephoneNumber: +123 345
l: muc
departmentNumber: X labs
uid: user0
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/user0
loginShell: /bin/bash
EOT

ldapadd -x -D cn=manager,dc=fluxcoil,dc=net -w secret -f initial.ldif
software/kerberos/crossrealm/2_setup_openldap.txt ยท Last modified: 2022/11/13 12:06 by 127.0.0.1

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Driven by DokuWiki