Changes

Page history
Update Create LDAP server authored by Yi Sun's avatar Yi Sun
Show whitespace changes
Inline Side-by-side
Create-LDAP-server.md
View page @ 22b8b9ad
This instruction is used to create LDAP server on Centos 7. The schema is for BAND environment. It is currently does not support other schemas. It will require changes to other BAND components if you would like to use your own schema. This instruction is used to create LDAP server on Centos 7. The schema is for BAND environment. It is currently does not support other schemas. It will require changes to other BAND components if you would like to use your own schema.
## create CentOS server and ssh to it ## create CentOS server and ssh to it
`yum update` `yum update`
...@@ -26,13 +26,13 @@ generate key and certificates for LDAP ...@@ -26,13 +26,13 @@ generate key and certificates for LDAP
`cd /etc/pki/CA` `cd /etc/pki/CA`
`openssl genrsa -out private/ldap-dev.eosc-life.eu.key` `openssl genrsa -out private/YOUR_LDAP_PRIVATE_KEY`
`openssl req -new -key private/ldap-dev.eosc-life.eu.key -out certs/ldap-dev.eosc-life.eu.csr` `openssl req -new -key private/YOUR_LDAP_PRIVATE_KEY -out certs/YOUR_LDAP_SERVER_CSR`
sign certificate with CA sign certificate with CA
`openssl ca -keyfile private/ca.key.pem -cert certs/ca.cert.pem -in certs/ldap-dev.eosc-life.eu.csr -out certs/ldap-dev.eosc-life.eu.crt` `openssl ca -keyfile private/ca.key.pem -cert certs/ca.cert.pem -in certs/YOUR_LDAP_SERVER_CSR -out certs/YOUR_LDAP_SERVER_CRT`
check index.txt make sure certs are properly signed check index.txt make sure certs are properly signed
...@@ -40,9 +40,9 @@ check index.txt make sure certs are properly signed ...@@ -40,9 +40,9 @@ check index.txt make sure certs are properly signed
verify all issued certs against CA verify all issued certs against CA
`openssl verify -CAfile certs/ca.cert.pem certs/ldap-dev.eosc-life.eu.crt` `openssl verify -CAfile certs/ca.cert.pem certs/YOUR_LDAP_SERVER_CRT`
copy certs file to /etc/openldap/certs, make sure user 'ldap' has rw right to the folder copy certs file to /etc/openldap/certs, make sure user ldap has rw right to the folder
`cp -v certs/* /etc/openldap/certs/` `cp -v certs/* /etc/openldap/certs/`
...@@ -52,7 +52,7 @@ copy certs file to /etc/openldap/certs, make sure user 'ldap' has rw rig ...@@ -52,7 +52,7 @@ copy certs file to /etc/openldap/certs, make sure user 'ldap' has rw rig
download all files from [https://git.embl.de/ysun/ldap-dev-files](https://git.embl.de/ysun/ldap-dev-files) download all files from [https://git.embl.de/ysun/ldap-dev-files](https://git.embl.de/ysun/ldap-dev-files)
modify userPassword in users.ldif with hashed value modify userPassword in users.ldif with hashed value (you can use your own ldap files here)
ex: ex:
...@@ -120,7 +120,7 @@ restart slapd ...@@ -120,7 +120,7 @@ restart slapd
test search test search
`ldapsearch -v -W -ZxLLLD cn=admin,dc=eosc-life,dc=eu -b dc=eosc-life,dc=eu "(objectClass=posixAccount)"` `ldapsearch -v -W -ZxLLLD cn=admin,dc=YOUR_DC,dc=YOUR_DC -b dc=YOUR_DC,dc=YOUR_DC "(objectClass=posixAccount)"`
NOTES on LDAP client (compute node, login node, mgmt node in the cluster) NOTES on LDAP client (compute node, login node, mgmt node in the cluster)
... ...
......