Oracle database
create an oracle database and login into the Oracle database using SSH
Firewall Configuration
Add a new service to the firewall (ldap: port tcp 389):
1firewall-cmd --permanent --add-service=ldap
2firewall-cmd --permanent --zone=public--add-port=389/tcp
Reload the firewall configuration:
1firewall-cmd --reloadEdit the /etc/rsyslog.conf file and add the following line:
1local4.* /var/log/ldap.logRestart the rsyslog service:
1systemctl restart rsyslogInstall OpenLDAP packages
1yum install -y openldap openldap-clients openldap-serversGenerate an LDAP password from a secret key (here ldapadmin):
1slappasswd -s redhat -n > /etc/openldap/passwdGenerate an X509 certificate file
1openssl req -new -x509 -nodes -out /etc/openldap/certs/cert.pem \
2> -keyout /etc/openldap/certs/priv.pem -days 365
Secure the content of the /etc/openldap/certs directory:
Prepare the LDAP database
1cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIGChange LDAP database ownership
1chown ldap:ldap /var/lib/ldap/*
'
Activate the slapd service at boot
1systemctl enable slapdStart the slapd service
1systemctl start slapdIn case you’ve got the following error message “main: TLS init def ctx failed: -1” , then go to this file vi /etc/selinux/config and disable the SELinux . Restart require for Oracle database.
Re-start the slapd service
1systemctl restart slapdCheck the LDAP server activity
1netstat -lt | grep ldapLDAP Server configuration
Go to this directory etc/openldap/ , and uncomment the BASE and URI keys in ldap.conf
then replace the following lines
1BASE dc=test,dc=com
2URI ldap://ip-10-13-0-204-test.com:389
Add the cosine & nis LDAP schemas
1ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f cosine.ldif1ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f nis.ldifCreate the /etc/openldap/changes.ldif file and paste the below lines (replace PASSWORD with the previously created password like {SSHA}bI2shUU5XtA8yjv1yqqkeFmUVkjCczA3)
1dn: olcDatabase={2}hdb,cn=config
2changetype: modify
3replace: olcSuffix
4olcSuffix: dc=test,dc=com
5
6dn: olcDatabase={2}hdb,cn=config
7changetype: modify
8replace: olcRootDN
9olcRootDN: cn=Manager,dc=test,dc=com
10
11dn: olcDatabase={2}hdb,cn=config
12changetype: modify
13replace: olcRootPW
14olcRootPW: {SSHA}bI2shUU5XtA8yjv1yqqkeFmUVkjCczA3
15
16dn: cn=config
17changetype: modify
18replace: olcTLSCertificateKeyFile
19olcTLSCertificateKeyFile: /etc/openldap/certs/priv.pem
20
21dn: cn=config
22changetype: modify
23replace: olcTLSCertificateFile
24olcTLSCertificateFile: /etc/openldap/certs/cert.pem
25
26dn: cn=config
27changetype: modify
28replace: olcLogLevel
29olcLogLevel: -1
30
31dn: olcDatabase={1}monitor,cn=config
32changetype: modify
33replace: olcAccess
34olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=test,dc=com" read by * none
Apply the new configuration to the slapd server
1ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/openldap/changes.ldifCreate the /etc/openldap/base.ldif file and paste the below lines
1dn: dc=test,dc=com
2dc: test
3objectClass: top
4objectClass: domain
5
6dn: ou=People,dc=test,dc=com
7ou: People
8objectClass: top
9objectClass: organizationalUnit
10
11dn: ou=Group,dc=test,dc=com
12ou: Group
13objectClass: top
14objectClass: organizationalUnit
Build the structure of the directory service
1ldapadd -x -w ldapadmin -D cn=Manager,dc=test,dc=com -f /etc/openldap/base.ldifIn case you’ve got the following error message “ldap_bind: Invalid credentials (49)”, check the password line is correct and re-run ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/openldap/changes.ldif if not.
For example: olcRootPW: {SSHA}bI2shUU5XtA8yjv1yqqkeFmUVkjCczA3
Create users for testing
1[root@ip-10-13-0-204 clckwrk]# mkdir /home/guests
2[root@ip-10-13-0-204 clckwrk]# useradd -d /home/guests/ldapuser01 ldapuser01
3[root@ip-10-13-0-204 clckwrk]# passwd ldapuser01
4Changing password for user ldapuser01.
5New password:
6Retype new password:
7passwd: all authentication tokens updated successfully.
8[root@ip-10-13-0-204 clckwrk]# useradd -d /home/guests/ldapuser02 ldapuser02
9[root@ip-10-13-0-204 clckwrk]# passwd ldapuser02
10Changing password for user ldapuser02.
11New password:
12Retype new password:
13passwd: all authentication tokens updated successfully.
Use the ldapsearch command to test user the LDAP server
1ldapsearch -x -h ip-10-13-0-204-test.com -p 389 cn=ldapuser01 -b
2dc=test,dc=com
Troubleshooting
1.ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax
Solution: Need to add the schema files in the LDAP server.
1ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
2ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
3ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
2.ldap_modify: Other (e.g., implementation specific) error (80)
Solution: provide permission for the dir/file.
1chown ldap:ldap *
2chmod 600 server-key.pem server-cert.pem certsCAcert.pem
Social Plugin