Difference between revisions of "LDAP server setup on linux container"
From Notes_Wiki
(Created page with "Home > Ubuntu > Ubuntu HPC setup with slurm and linux containers > LDAP server setup on linux container = LDAP Server Setup on Ubuntu 22.04 linux container = This document provides step-by-step instructions to set up an OpenLDAP server on Ubuntu 22.04, along with configuring LDAPS (LDAP over SSL). == 1. Set the Hostname == <pre> sudo hostnamectl set-hostname ldap.example.com shutdown -r now </pre> == 2. Edit /etc/hosts == Add the LDAP s...") |
|||
| Line 9: | Line 9: | ||
== 1. Set the Hostname == | == 1. Set the Hostname == | ||
<pre> | <pre> | ||
sudo hostnamectl set-hostname | sudo hostnamectl set-hostname slurm-ldapsrv.local | ||
shutdown -r now | shutdown -r now | ||
</pre> | </pre> | ||
| Line 22: | Line 22: | ||
Example entry: | Example entry: | ||
<pre> | <pre> | ||
192.168.2.10 | 192.168.2.10 slurm-ldapsrv.local slurm-ldapsrv | ||
</pre> | </pre> | ||
| Line 43: | Line 43: | ||
* Select No when asked to omit configuration. | * Select No when asked to omit configuration. | ||
* Enter domain name (e.g., | * Enter domain name (e.g., slurm-ldapsrv.local) — this forms the base DN. | ||
* Enter organization name (can be same as domain). | * Enter organization name (can be same as domain). | ||
| Line 60: | Line 60: | ||
Add or edit: | Add or edit: | ||
<pre> | <pre> | ||
BASE dc= | BASE dc=slurm-ldapsrv,dc=local | ||
URI ldap://192.168.2.10 | URI ldap://192.168.2.10 | ||
</pre> | </pre> | ||
| Line 77: | Line 77: | ||
Expected output should include: | Expected output should include: | ||
<pre> | <pre> | ||
dn: dc= | dn: dc=slurm-ldapsrv,dc=local | ||
objectClass: top | objectClass: top | ||
objectClass: dcObject | objectClass: dcObject | ||
objectClass: organization | objectClass: organization | ||
o: | o: slurm-ldapsrv.local | ||
dc: ldap | dc: ldap | ||
</pre> | </pre> | ||
| Line 94: | Line 94: | ||
Content: | Content: | ||
<pre> | <pre> | ||
dn: ou=People,dc= | dn: ou=People,dc=slurm-ldapsrv,dc=local | ||
objectClass: organizationalUnit | objectClass: organizationalUnit | ||
ou: People | ou: People | ||
dn: ou=Groups,dc= | dn: ou=Groups,dc=slurm-ldapsrv,dc=local | ||
objectClass: organizationalUnit | objectClass: organizationalUnit | ||
ou: Groups | ou: Groups | ||
dn: cn=miners,ou=Groups,dc= | dn: cn=miners,ou=Groups,dc=slurm-ldapsrv,dc=local | ||
objectClass: posixGroup | objectClass: posixGroup | ||
cn: miners | cn: miners | ||
gidNumber: 5000 | gidNumber: 5000 | ||
dn: uid=john,ou=People,dc= | dn: uid=john,ou=People,dc=slurm-ldapsrv,dc=local | ||
objectClass: inetOrgPerson | objectClass: inetOrgPerson | ||
objectClass: posixAccount | objectClass: posixAccount | ||
| Line 123: | Line 123: | ||
'''Purpose of add_content.ldif''' | '''Purpose of add_content.ldif''' | ||
After setting up and configuring your OpenLDAP server, the LDAP directory is empty except for the base DN (like dc= | After setting up and configuring your OpenLDAP server, the LDAP directory is empty except for the base DN (like dc=slurm-ldapsrv,dc=local). You need to manually create organizational units (OUs), groups, and users — and this is where the add_content.ldif file comes in. | ||
Add the entries: | Add the entries: | ||
<pre> | <pre> | ||
ldapadd -x -D cn=admin,dc= | ldapadd -x -D cn=admin,dc=slurm-ldapsrv,dc=local -W -f add_content.ldif | ||
</pre> | </pre> | ||
| Line 178: | Line 178: | ||
<pre> | <pre> | ||
organization = Example Company | organization = Example Company | ||
cn = | cn = slurm-ldapsrv.local | ||
tls_www_server | tls_www_server | ||
encryption_key | encryption_key | ||
| Line 240: | Line 240: | ||
Test StartTLS: | Test StartTLS: | ||
<pre> | <pre> | ||
ldapwhoami -x -ZZ -H ldap:// | ldapwhoami -x -ZZ -H ldap://slurm-ldapsrv.local | ||
</pre> | </pre> | ||
Test LDAPS: | Test LDAPS: | ||
<pre> | <pre> | ||
ldapwhoami -x -H ldaps:// | ldapwhoami -x -H ldaps://slurm-ldapsrv.local | ||
</pre> | </pre> | ||
Revision as of 09:03, 6 June 2025
Home > Ubuntu > Ubuntu HPC setup with slurm and linux containers > LDAP server setup on linux container
LDAP Server Setup on Ubuntu 22.04 linux container
This document provides step-by-step instructions to set up an OpenLDAP server on Ubuntu 22.04, along with configuring LDAPS (LDAP over SSL).
1. Set the Hostname
sudo hostnamectl set-hostname slurm-ldapsrv.local shutdown -r now
2. Edit /etc/hosts
Add the LDAP server's IP and hostname:
vim /etc/hosts
Example entry:
192.168.2.10 slurm-ldapsrv.local slurm-ldapsrv
3. Install OpenLDAP Packages
apt install slapd ldap-utils -y
You will be prompted to set the admin password during the installation. Provide and confirm a strong password.
4. Configure OpenLDAP Server
Run the configuration tool:
dpkg-reconfigure slapd
Follow the prompts:
- Select No when asked to omit configuration.
- Enter domain name (e.g., slurm-ldapsrv.local) — this forms the base DN.
- Enter organization name (can be same as domain).
- Enter and confirm the LDAP admin password.
- Choose No when asked to remove the database when slapd is purged.
- Choose Yes to remove the old database and create a new one.
5. Update /etc/ldap/ldap.conf
sudo nano /etc/ldap/ldap.conf
Add or edit:
BASE dc=slurm-ldapsrv,dc=local URI ldap://192.168.2.10
6. Start and Enable slapd
systemctl Start slapd systemctl enable slapd
7. Confirm LDAP Configuration
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:///
Expected output should include:
dn: dc=slurm-ldapsrv,dc=local objectClass: top objectClass: dcObject objectClass: organization o: slurm-ldapsrv.local dc: ldap
8. Populate the Directory
Create a file add_content.ldif:
vim add_content.ldif
Content:
dn: ou=People,dc=slurm-ldapsrv,dc=local
objectClass: organizationalUnit
ou: People
dn: ou=Groups,dc=slurm-ldapsrv,dc=local
objectClass: organizationalUnit
ou: Groups
dn: cn=miners,ou=Groups,dc=slurm-ldapsrv,dc=local
objectClass: posixGroup
cn: miners
gidNumber: 5000
dn: uid=john,ou=People,dc=slurm-ldapsrv,dc=local
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 10000
gidNumber: 5000
userPassword: {CRYPT}x
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john
Purpose of add_content.ldif
After setting up and configuring your OpenLDAP server, the LDAP directory is empty except for the base DN (like dc=slurm-ldapsrv,dc=local). You need to manually create organizational units (OUs), groups, and users — and this is where the add_content.ldif file comes in.
Add the entries:
ldapadd -x -D cn=admin,dc=slurm-ldapsrv,dc=local -W -f add_content.ldif
Configuring LDAPS on the current server
1. Install TLS Tools
apt install gnutls-bin ssl-cert
2. Create CA Private Key
certtool --generate-privkey --bits 4096 --outfile /etc/ssl/private/mycakey.pem
3. Create CA Info Template
vim /etc/ssl/ca.info
Content:
cn = Example Company ca cert_signing_key expiration_days = 3650
4. Generate Self-Signed CA Certificate
certtool --generate-self-signed \ --load-privkey /etc/ssl/private/mycakey.pem \ --template /etc/ssl/ca.info \ --outfile /usr/local/share/ca-certificates/mycacert.crt
Update trusted CA certificates:
update-ca-certificates
5. Create Server Private Key
certtool --generate-privkey --bits 2048 --outfile /etc/ldap/ldap_slapd_key.pem
6. Create Server Certificate Template
vim /etc/ssl/ldap.info
Content:
organization = Example Company cn = slurm-ldapsrv.local tls_www_server encryption_key signing_key expiration_days = 365
7. Generate Server Certificate
certtool --generate-certificate \ --load-privkey /etc/ldap/ldap_slapd_key.pem \ --load-ca-certificate /etc/ssl/certs/mycacert.pem \ --load-ca-privkey /etc/ssl/private/mycakey.pem \ --template /etc/ssl/ldap.info \ --outfile /etc/ldap/ldap_slapd_cert.pem
8. Set Permissions
chgrp openldap /etc/ldap/ldap_slapd_key.pem chmod 0640 /etc/ldap/ldap_slapd_key.pem
9. Configure slapd to Use TLS Certificates
Create the config file:
vim certinfo.ldif
Content:
dn: cn=config add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/mycacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/ldap_slapd_cert.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/ldap_slapd_key.pem
Apply with:
ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif
10. Enable LDAPS in slapd Configuration
Edit slapd default settings:
vim /etc/default/slapd
Ensure this line is present:
SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"
Restart slapd:
systemctl restart slapd
11. Test TLS and LDAPS
Test StartTLS:
ldapwhoami -x -ZZ -H ldap://slurm-ldapsrv.local
Test LDAPS:
ldapwhoami -x -H ldaps://slurm-ldapsrv.local
Why LDAPS Configuration is Required
- LDAPS encrypts LDAP traffic, protecting usernames, passwords, and queries from being intercepted.
- Without LDAPS or StartTLS, users cannot change their own passwords, as password operations require a secure connection.
- Enabling LDAPS ensures secure authentication and meets compliance and security best practices.
Home > Ubuntu > Ubuntu HPC setup with slurm and linux containers > LDAP server setup on linux container
