Sahil: 2013-06-09

Friday 14 June 2013

Domain Name Server - A Simple Name Resolving Model

DNS (Domain Name System), also known as a nameserver, is a network system that associates hostnames with their respective IP addresses. For users, this has the advantage that they can refer to machines on the network by names that are usually easier to remember than the numerical network addresses called IPs. For system administrators, using the nameserver allows them to change the IP address for a host without ever affecting the name-based queries, or to decide which machines handle these queries.

DNS is usually implemented using one or more centralized servers that are authoritative for certain domains. When a client host requests information from a nameserver, it usually connects to port 53. The nameserver then attempts to resolve the name requested. If it does not have an authoritative answer, or does not already have the answer cached from an earlier query, it queries other nameservers, called root nameservers, to determine which nameservers are authoritative for the name in question, and then queries them to get the requested name. Nameserver Zones:In a DNS server such as BIND (Berkeley Internet Name Domain), all information is stored in basic data elements called resource records (RR). The resource record is usually a fully qualified domain name (FQDN) of a host, and is broken down into multiple sections organized into a tree-like hierarchy. This hierarchy consists of a main trunk, primary branches, secondary branches, and so on.Here is a simple guide to install DNS on RHEL6. Consider a fresh installation of redhat enterprise linux on a machine, to make it simple.BIND consists of a set of DNS-related programs. It contains a nameserver called named, an administration utility called rndc, and a debugging tool called dig.

Note the following:

Host machine IP Address: 10.14.153.24

Hostname: desktop24.example.com

Make following enteries in the following files:

# vim /etc/resolv.conf

nameserver 10.14.153.24

search example.com

# vim /etc/hosts
10.14.153.24 desktop24.example.com desktop24

127.0.0.1 localhost.localdomain localhost

Make sure to assign static IP address to the machine.First check the Ethernet LAN port on which the machine is connected using following commands:

# mii-tools# ethtool eth0

After that edit the network file:

# vim /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

TYPE=Ethernet

BOOTPROTO=static

ONBOOT=yes

IPADDR=10.14.153.24

NETMASK=255.255.255.0

GATEWAY=10.14.153.1

save and quit

Now stop the service of NetworkManager and restart the service of network.

# /etc/init.d/NetworkManager stop;chkconfig NetworkManager off

#/etc/init.d/network restart;chkconfig network on

Now, make sure YUM is working on your machine.

Install the following packages on the machine using YUM.

# yum install -y bind*
When installation is completed, we proceed with the configuration,main configuration files are:

/etc/named/named.conf

/var/named/chroot/etc/named.conf

also we need to include some files, we discuss about them later.Edit the configuration file as:

# vim /var/named/chroot/etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1;10.14.153.24; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

zone "example.com" IN {
type master;
file "forward.zone";
allow-update { none; };
};
zone "153.14.10.in-addr.arpa" IN {
type master;
file "reverse.zone";
allow-update { none; };
};

Save and quit the file.

Write only the above lines in the file, if you don't know how to customize DNS.
Also create the new files that you have added in the above file:
# vim /var/named/chroot/var/named/forward.zone
$TTL 1D
@ IN SOA desktop24.example.com. root.desktop24.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS desktop24.example.com.
desktop24 A 10.14.153.24

desktop23 A 10.14.153.23

save and quit.

# vim /var/named/chroot/var/named/reverse.zone
$TTL 3H
@ IN SOA desktop24.example.com. root.desktop24.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS desktop24.example.com.
24 PTR desktop24.

Save and quit.

Make sure that the firewall and SELinux is off, also the owner ship of the above two files is as:

# cd /var/named/chroot/var/named/

# chown root.named reverse.zone

# chown root.named forward.zone

These lines may be at any sequence.
Now restart the service and send query to the DNS.

# /etc/init.d/named restart;chkconfig named on
Stopping named: [ OK ]
Starting named: [ OK ]

[root@desktop24 ~]# nslookup desktop24.example.com

Server: 10.14.153.24

Address: 10.14.153.24#53

Name: desktop24.example.com

Address: 10.14.153.24

[root@desktop24 ~]# dig desktop24.example.com

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> desktop24.example.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22786

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:

;desktop24.example.com. IN A

;; ANSWER SECTION:

desktop24.example.com. 86400 IN A 10.14.153.24

;; AUTHORITY SECTION:

example.com. 86400 IN NS desktop24.example.com.

;; Query time: 0 msec

;; SERVER: 10.14.153.24#53(10.14.153.24)

;; WHEN: Sat Oct 4 05:18:13 2014

;; MSG SIZE rcvd: 69

[root@desktop24 ~]# dig desktop23.example.com

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> desktop23.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14385
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;desktop23.example.com. IN A

;; ANSWER SECTION:
desktop23.example.com. 86400 IN A 10.14.153.23

;; AUTHORITY SECTION:
example.com. 86400 IN NS desktop24.example.com.

;; ADDITIONAL SECTION:
desktop24.example.com. 86400 IN A 10.14.153.24

;; Query time: 0 msec
;; SERVER: 10.14.153.24#53(10.14.153.24)
;; WHEN: Sat Oct 4 05:19:32 2014
;; MSG SIZE rcvd: 95

If some reply is received, means your dns is resolving.

save and quit.

Thursday 13 June 2013

Mail Server Configuration with courier-imap on RHEL5

This is simple doc to install Mail server on RHEL 5 with courier-imap.

1. First of all install rhel5 on the system.

2. Copy the Server directory from ISO/CD to the location:

/var/www/html/

#rsync –avz /media/RHEL_5.6/Server /var/www/html/Server/

3. Create yum on the freshly created system.

# vim /etc/yum.repos.d/server.repo

[server]

name=test

baseurl=file:///var/www/html/Server/

esc :wq

4. Now install the following packages using yum.

# yum install *mysql* *php* *rpm* *http* *system-sw* -y

5. Download postfixadmin-2.2.1.1.tar.gz.

6. [root@mail~] # mkdir /var/www/html/mailadmin

7. [root@mail~] # cp Dosktop/postfixadmin-2.2.1.1.tar.gz /var/www/html/

8. [root@mail html] # tar -zxf /postfixadmin-2.2.1.1.tar.gz

9. [root@mail postfixadmin-2.2.1.1] # cp config.inc.php config.inc.php-org

10. [root@mail postfixadmin-2.2.1.1]# vi config.inc.php

$CONF['database_type'] = 'mysql';

$CONF['database_host'] = 'localhost';

$CONF['database_user'] = 'postfix';

$CONF['database_password'] = 'postfix';

$CONF['database_name'] = 'postfix';

$CONF['admin_email'] = 'postmaster@iic.com';

$CONF['encrypt'] = 'cleartext';

// Default Aliases

// The default aliases that need to be created for all domains.

$CONF['default_aliases'] = array (

'abuse' => 'abuse@fooster.com',

'hostmaster' => 'hostmaster@iic.com',

'postmaster' => 'postmaster@iic.com',

'webmaster' => 'webmaster@iic.com'

$CONF['domain_path'] = 'YES';

$CONF['domain_in_mailbox'] = 'YES';

$CONF['vacation_domain'] = 'autoreply.change-this-toyour.domain.tld';

$CONF['show_footer_text'] = 'YES';

$CONF['footer_text'] = 'www.dell.com';

$CONF['footer_link'] = 'www.dell.com';

CONF['emailcheck_resolve_domain']='YES';

11. [root@mail html]# mv postfixadmin-2.2.1.1 mailadmin

12. [root@mail mailadmin]# service httpd restart

13. [root@mail mailadmin]# service mysqld restart

14. [root@mail html]# mysqladmin password "postfix" (set password database user)

15. [root@mail html]# mysql -u root -p

Enter password:

mysql>

mysql> CREATE DATABASE postfix;

mysql> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'postfix';

mysql> GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost';

mysql> show databases;

+--------------------+

| Database |

+--------------------+

| information_schema |

| mysql |

| postfix |

| test |

+--------------------+

4 rows in set (0.00 sec)

mysql> quit

16. [root@mail mailadmin]# /etc/init.d/httpd restart

17. Now open web-browser and enter the following address.

http://localhost/mailadmin

18. Click on the SETUP link on the page opened.

19. [root@mail mailadmin]# vim config.inc.php

$CONF['configured'] = false;

20. Now add the account of the super user at the end and rename the setup.php file in mailadmin/.

21. [root@mail mailadmin]# mv setup.php setup.php-org

22. [root@mail mailadmin]# service httpd restart

23. Create a new user, to build the rpms.

# useradd rpmbuild

# passwd rpmbuild

24. Download the source rpm from internet and copy to home directory of user.

# cp Desktop/postfix-2.5.5-1.src.rpm /home/rpmbuild/

# chown rpmbuild.rpmbuild /home/rpmbuild/postfix-2.5.5-1.src.rpm

25. Now switch to new user and create following directory set:

# su - rpmbuild

[rpmbuild@mail ~]$ mkdir rpm

[rpmbuild@mail ~]$ mkdir rpm/SOURCES

[rpmbuild@mail ~]$ mkdir rpm/SPECS

[rpmbuild@mail ~]$ mkdir rpm/BUILD

[rpmbuild@mail ~]$ mkdir rpm/SRPMS

[rpmbuild@mail ~]$ mkdir rpm/RPMS

[rpmbuild@mail ~]$ mkdir rpm/RPMS/x86_64

[rpmbuild@mail ~]$ echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros

26. Now install the source RPM that was downloaded.

[rpmbuild@mail ~]$ rpm -ivh postfix-2.5.5-1.src.rpm

27. Now edit the postfix.spec file, that is automatically created under rpm/SPECS/

[rpmbuild@mail ~]$ cd rpm/SPECS

[rpmbuild@mail SPECS]$ ls

postfix.spec

[rpmbuild@mail SPECS]$ vim postfix.spec

%define with_mysql_redhat 1

%define with_sasl 2

%define with_vda 1

{Replace every occurrence of rhel4 with rhel5 in the file.}

28. Now build the rpm using RPMBUILD.

[rampal@mail SPECS]$ rpmbuild -ba postfix.spec

29. This will create rpms on following locations:

/home/rampal/rpm/RPMS/i386/postfix-2.5.5-1.rhel5.i386.rpm

/home/rampal/rpm/RPMS/i386/postfix-debuginfo-2.5.5-1.rhel5.i386.rpm

[rampal@mail SPECS]$ logout

30. Install these packages as root.

[root@mail i386]# rpm -Uvh postfix-2.5.5-1.rhel5.i386.rpm

[root@mail i386]# rpm -Uvh postfix-debuginfo-2.5.5-1.rhel5.i386.rpm

[root@mail i386]# postconf -m

btree

cidr

environ

hash

ldap

mysql

nis

proxy

regexp

static

unix

31. Download courier-imap-4.4.1.tar.bz2 from internet and copy this to home directory of the user. Change the user ownership of the file.

32. Also download the file courier-authlib-0.61.0.tar.bz2 and copy this file also to the home directory of the user, also change the ownership.

[root@mail Desktop]# cp courier-imap-4.1.1.tar.bz2 /home/rampal/

[root@mail Desktop]# chown rampal.rampal /home/rampal/courier-imap-4.1.1.tar.bz2

[root@mail Desktop]# cp courier-authlib-0.58.tar.bz2 /home/rampal/

[root@mail Desktop]# chown rampal.rampal /home/rampal/courier-authlib-0.58.tar.bz2

33. Now switch to user and build the rpm using rpmbuild.

[root@mail Desktop]# su - rampal

[rampal@mail ~]$ rpmbuild -ta courier-authlib-0.58.tar.bz2

[rampal@mail~]$ logout

34. Install the dependencies of the rpmbuild as the root user using yum.

[root@mail Desktop]# yum install *libtool*

[root@mail Desktop]# yum install *postgresql-devel*

[root@mail Desktop]# yum install *gdbm-devel*

[root@mail Desktop]# yum install *pam-devel

[root@mail Desktop]# yum install *expect*

[root@mail Desktop]# yum install *gcc-c++*

[root@mail Desktop]# su - rampal

[rampal@mail ~]$ rpmbuild -ta courier-authlib-0.58.tar.bz2

[rampal@mail~]$ logout

35. Now packages are created on the following location. Install these packages.

[root@mail ~]$ cd /home/rampal/rpm/RPMS/i386/

[root@mail i386]$ rpm -ivh courier-authlib-0.58-1.5Server.i386.rpm

[root@mail i368]$ rpm -ivh courier-authlib-debuginfo-0.58-1.5Server.i386.rpm

[root@mail i386]$ rpm -ivh courier-authlib-devel-0.58-1.5Server.i386.rpm

[root@mail i386]$ rpm -ivh courier-authlib-ldap-0.58-1.5Server.i386.rpm

[root@mail i386]$ rpm -ivh courier-authlib-mysql-0.58-1.5Server.i386.rpm

[root@mail i386]$ rpm -ivh courier-authlib-pgsql-0.58-1.5Server.i386.rpm

[root@mail i386]$ rpm -ivh courier-authlib-pipe-0.58-1.5Server.i386.rpm

[root@mail i386]$ rpm -ivh courier-authlib-userdb-0.58-1.5Server.i386.rpm

[root@mail ~]# su - rampal

36. Now untar the courier-imap file , make following changes in the file and copy it to rpm/SPEC/ location.

[rampal@mail ~]$ tar -jxvf courier-imap-4.1.1.tar.bz2

[rampal@mail ~]$ cd courier-imap-4.1.1

[rampal@mail courier-imap-4.1.1]$ cp courier-imap.spec courier-imap.spec-org

[rampal@mail courier-imap-4.1.1]$ vi courier-imap.spec

BuildPreReq: rpm >= 3.0.5 /usr/bin/sed openldap2 openldap2-devel

%else

BuildPreReq: rpm >= 4.0.2 sed openldap-devel openldap-servers

%endif

{remove every thing except these in the above lines in the file}

37. Now run the rpmbuild command to build the rpm packages. If it shows some dependencies, install those dependencies using yum as root. When the command completes building packages, install those packages as root.

[rampal@mail] courier-imap-4.1.1]$ cp courier-imap.spec /home/rampal/rpm/SPECS/

[rampal@mail]courier-imap-4.1.1]$ cp courier-imap-4.1.1.tar.bz2 /home/rampal/rpm/SOURCES

[rampal@mail~]$ cd rpm/SPECS/

[rampal@mail] SPECS]$ rpmbuild -ba courier-imap.spec

dependencies: openldap* rpm

[ramapl@mail~] logout

[root@mail~]# yum install openldap*

[root@mail~]# su - rampal

[rampal@mail] SPECS]$ rpmbuild -ba courier-imap.spec

[rampal@mail] SPECS]$ logout

[root@mail ~] cd /home/rampal/rpm/RPMS/i386/

[root@mail i386]# rpm -ivh courier-imap-4.1.1-1.5Server.i386.rpm

[root@mail i386]# rpm -ivh courier-imap-debuginfo-4.1.1-1.5Server.i386.rpm

38. Now add a virtual user with uid=1001 and gid=1001.

[root@mail ~]# useradd virtual ( useradd only virtual uid-1001 gid-1001)

[root@mail ~]# passwd virtual

virtual:x:1001:1001::/home/virtual:/bin/bash

[root@mail ~]# vi /etc/passwd

virtual:x:1001:

[root@mail ~]# vi /etc/group

[root@mail ~]# chmod -R 777 /home/virtual/

[root@mail ~]# chown virtual.virtual /home/virtual

39. Now copy the main.cf file to a temp file and make following changes in the file.

[root@mail postfix]# cp /etc/postfix/main.cf main.cf_org

[root@mail postfix]# vi /etc/postfix/main.cf

Add these line in the end of file :

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_gid_maps = static:1001

virtual_mailbox_base = /home/virtual

virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_mailbox_limit = 51200000

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_minimum_uid = 1001

virtual_transport = virtual

virtual_uid_maps = static:1001

#Additional for quota support

virtual_create_maildirsize = yes

virtual_mailbox_extended = yes

virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

virtual_mailbox_limit_override = yes

virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.

virtual_overquota_bounce = yes

relay_domains = mysql:/etc/postfix/mysql_relay_domains_maps.cf

mynetworks = 192.168.0.0/24, 127.0.0.0/8

[root@mail postfix]# postmap hash:/etc/postfix/aliases

[root@mail postfix]# service postfix restart

40. Add following files in the /etc/postfix directory:

[root@mail ~]# vi /etc/postfix/mysql_relay_domains_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'

[root@mail ~]# vi /etc/postfix/mysql_virtual_mailbox_limit_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT quota FROM mailbox WHERE username='%s'

[root@mail ~]# vi /etc/postfix/mysql_virtual_alias_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT goto FROM alias WHERE address='%s' AND active = 1

[root@mail ~]# vi /etc/postfix/mysql_virtual_mailbox_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1

# [root@mail~]# vi /etc/postfix/mysql_virtual_domains_maps.cf

user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT domain FROM domain WHERE domain='%s'

#optional query to use when relaying for backup MX

#query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1'

41. Also make changes in following files:

/etc/authlib/authmysqlrc:

[root@mail ~]# cd /etc/authlib/

[root@mail authlib]# cp authmysqlrc authmysqlrc_org

[root@mail authlib]# vi authmysqlrc ( This file authentusen file mysql and database

MYSQL_SERVER localhost

MYSQL_USERNAME postfix

MYSQL_PASSWORD postfix

MYSQL_PORT 0

MYSQL_OPT 0

MYSQL_DATABASE postfix

MYSQL_USER_TABLE mailbox

#MYSQL_CRYPT_PWFILED crypt

MYSQL_CLEAR_PWFIELD password

MYSQL_UID_FIELD 1001

MYSQL_GID_FIELD 1001

MYSQL_LOGIN_FIELD username

MYSQL_HOME_FIELD '/home/virtual'

MYSQL_NAME_FIELD name

MYSQL_MAILDIR_FIELD maildir

[root@mail ~]# vim /etc/authlib/authdaemonrc

authmodulelist=" authmysql "

[root@mail ~]# /etc/init.d/courier-authlib restart

[root@mail ~]# /etc/init.d/courier-imap restart

[root@mail ~]# /etc/init.d/httpd restart

42. Open web-browser and open following url:

http://localhost/mailadmin/

password= ******

43. Now you can add new mailbox, domains and send mails to user from your server.

LDAP: Light-weight Directory Access Protocol

Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

LDAP is the collection of following packages:

1. Transport Layer Security2. Simple Authentication and Security Layer3. Kerberos Authentication Service4. Database Software 5. Threads6. TCP Wrappers
slapd is an LDAP directory server that runs on many different platforms. slapd is a version 3 of LDAP, supports LDAP over both IPv4 and IPv6 and Unix PC.

Following are the some of the advantages of using SLDAP.

1. slapd supports Unicode and language tags.
2. slapd can be configured to restrict access at the socket layer based on network topology.
3. slapd comes with a variety of databases: BDB and HDB are two.
4. multiple databases can be configured.
5. slapd consists of two distinct parts: a front end that handles protocol communication with LDAP clients; and modules which handle specific tasks such as database operations.
6. These two pieces communicate via a well-defined C API, we can write a customized modules which extend slapd in numerous ways.

Here is the installation guide for setting up a basic LDAP server:
Install the openldap packages using yum:

# yum install openldap-servers

Add the following lines to /etc/sysconfig/iptables file:
# vim /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m udp -p udp --dport 389 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT

Restart the firewall:

# service iptables restart

Make sure service can run:

# service slapd start

Make sure service is not running:

# service slapd stop

Prepare customized configuration file in slapd.example.conf:

# cp /etc/openldap/slapd.conf.bak slapd.example.conf

Generate root password for LDAP cn=config configuration:

# slappasswd

"{SSHA}R6zJBEcX1ltYDwbWkqYZ8GrrUFQZbKyN".

Modify the defaults in /etc/openldap/slapd.conf:

# vim /etc/openldap/slapd.conf

rootpw {SSHA}R6zJBEcX1ltYDwbWkqYZ8GrrUFQZbKyN
"cn=admin,dc=example,dc=com".
"dc=example,dc=com".

Install the package:

# yum install openldap-clients

Configure the clients through /etc/openldap/ldap.conf. Providing base DN is not necessary as it is dc=example,dc=com by default. However, default URI refers to localhost which has to be changed.

BASE dc=example, dc=com
URI ldap://127.0.0.1

This section provides content of initial LDAP database in LDIF format.

Create example.com.ldif file with the following content:

# cd /etc/openldap/

# vim example.com.ldif

# Root entry

dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example

Create admin.example.com.ldif file with the following content:

# vim admin.example.com.ldif

# Admin DN
dn: cn=admin,dc=example,dc=com
objectclass: organizationalRole
cn: admin

Create users.example.com.ldif file with the following content:

#vim users.example.com.ldif

# Base DN for users

dn: ou=users,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: users

Create groups.example.com.ldif file with the following content:

# vim groups.example.com.ldif
# Base DN for groups

dn: ou=groups,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: groups

This section can be used repeatedly to re-set configuration, re-initialize LDAP content and start over again.

Make sure service is not running:

# service slapd stop

Clean up configuration:

# rm -rf /etc/openldap/slapd.d/*

Clean up content:

# rm -rf /var/lib/ldap/*

Copy the file:

# cp /usr/share/doc/openldap-servers-*/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Initialize DB files for content in /var/lib/ldap directory:

# echo "" | slapadd -f /etc/openldap/slapd.example.conf

Convert configuration file into dynamic configuration under /etc/openldap/slapd.d directory:

# slaptest -f /etc/openldap/slapd.example.conf -F /etc/openldap/slapd.d

Initialize LDAP DB with initial content:

# slapadd -l example.com.ldif

# slapadd -l admin.example.com.ldif

# slapadd -l users.example.com.ldif

# slapadd -l groups.example.com.ldif

Set permissions:

#chown -R ldap:ldap /var/lib/ldap
# chown -R ldap:ldap /etc/openldap/slapd.d

Start server:

# service slapd restart

List the content by request from client:

# ldapsearch -x -b 'dc=example,dc=com'

Load the the rest of LDAP database content from LDIF:

#ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -f users.example.com.ldif

#ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -f groups.example.com.ldif

List again

# ldapsearch -x -b 'dc=example,dc=com'