Friday, 14 June 2013

Domain Name Server - A Simple Name Resolving Model

DNS (Domain Name System), also known as a nameserver, is a network system that associates hostnames with their respective IP addresses. For users, this has the advantage that they can refer to machines on the network by names that are usually easier to remember than the numerical network addresses called IPs. For system administrators, using the nameserver allows them to change the IP address for a host without ever affecting the name-based queries, or to decide which machines handle these queries.


DNS is usually implemented using one or more centralized servers that are authoritative for certain domains. When a client host requests information from a nameserver, it usually connects to port 53. The nameserver then attempts to resolve the name requested. If it does not have an authoritative answer, or does not already have the answer cached from an earlier query, it queries other nameservers, called root nameservers, to determine which nameservers are authoritative for the name in question, and then queries them to get the requested name. Nameserver Zones:In a DNS server such as BIND (Berkeley Internet Name Domain), all information is stored in basic data elements called resource records (RR). The resource record is usually a fully qualified domain name (FQDN) of a host, and is broken down into multiple sections organized into a tree-like hierarchy. This hierarchy consists of a main trunk, primary branches, secondary branches, and so on.Here is a simple guide to install DNS on RHEL6. Consider a fresh installation of redhat enterprise linux on a machine, to make it simple.BIND consists of a set of DNS-related programs. It contains a nameserver called named, an administration utility called rndc, and a debugging tool called dig.


Note the following:


Host machine IP Address: 10.14.153.24

Hostname: desktop24.example.com


Make following enteries in the following files:


# vim /etc/resolv.conf


nameserver 
10.14.153.24

search example.com


# vim /etc/hosts
10.14.153.24 desktop24.example.com desktop24

127.0.0.1 localhost.localdomain localhost


Make sure to assign static IP address to the machine.First check the Ethernet LAN port on which the machine is connected using following commands:


# mii-tools# ethtool eth0


After that edit the network file:


# vim /etc/sysconfig/network-scripts/ifcfg-eth0


DEVICE=eth0

TYPE=Ethernet

BOOTPROTO=static

ONBOOT=yes

IPADDR=
10.14.153.24

NETMASK=255.255.255.0

GATEWAY=
10.14.153.1


save and quit


Now stop the service of NetworkManager and restart the service of network.


# /etc/init.d/NetworkManager stop;chkconfig NetworkManager off

#/etc/init.d/network restart;chkconfig network on


Now, make sure YUM is working on your machine.

Install the following packages on the machine using YUM.

# yum install -y bind*

When installation is completed, we proceed with the configuration,main configuration files are:

/etc/named/named.conf

/var/named/chroot/etc/named.conf

also we need to include some files, we discuss about them later.Edit the configuration file as:

# vim /var/named/chroot/etc/named.conf


//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1;10.14.153.24; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "example.com" IN {
        type master;
        file "forward.zone";
        allow-update { none; };
};
zone "153.14.10.in-addr.arpa" IN {
        type master;
        file "reverse.zone";
        allow-update { none; };
};

Save and quit the file.

Write only the above lines in the file, if you don't know how to customize DNS.
Also create the new files that you have added in the above file:
# vim /var/named/chroot/var/named/forward.zone
$TTL 1D
@       IN SOA  desktop24.example.com. root.desktop24.example.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      desktop24.example.com.
desktop24       A       10.14.153.24

desktop23       A       10.14.153.23


save and quit.

# vim /var/named/chroot/var/named/reverse.zone

$TTL 3H
@       IN SOA  desktop24.example.com. root.desktop24.example.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      desktop24.example.com.
24      PTR     desktop24.

Save and quit.


Make sure that the firewall and SELinux is off, also the owner ship of the above two files is as:

# cd /var/named/chroot/var/named/

# chown root.named reverse.zone


# chown root.named forward.zone

These lines may be at any sequence.
Now restart the service and send query to the DNS.

# /etc/init.d/named restart;chkconfig named on

Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]

[root@desktop24 ~]# nslookup desktop24.example.com
Server:         10.14.153.24
Address:        10.14.153.24#53

Name:   desktop24.example.com
Address: 10.14.153.24

[root@desktop24 ~]# dig desktop24.example.com

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> desktop24.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22786
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;desktop24.example.com.         IN      A

;; ANSWER SECTION:
desktop24.example.com.  86400   IN      A       10.14.153.24

;; AUTHORITY SECTION:
example.com.            86400   IN      NS      desktop24.example.com.

;; Query time: 0 msec
;; SERVER: 10.14.153.24#53(10.14.153.24)
;; WHEN: Sat Oct  4 05:18:13 2014
;; MSG SIZE  rcvd: 69

[root@desktop24 ~]# dig desktop23.example.com

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>> desktop23.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14385
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;desktop23.example.com.         IN      A

;; ANSWER SECTION:
desktop23.example.com.  86400   IN      A       10.14.153.23

;; AUTHORITY SECTION:
example.com.            86400   IN      NS      desktop24.example.com.

;; ADDITIONAL SECTION:
desktop24.example.com.  86400   IN      A       10.14.153.24

;; Query time: 0 msec
;; SERVER: 10.14.153.24#53(10.14.153.24)
;; WHEN: Sat Oct  4 05:19:32 2014
;; MSG SIZE  rcvd: 95

If some reply is received, means your dns is resolving.

save and quit.






Thursday, 13 June 2013

Mail Server Configuration with courier-imap on RHEL5

This is simple doc to install Mail server on RHEL 5 with courier-imap.

1. First of  all install rhel5 on the system.

2. Copy the Server directory from ISO/CD to the location:

/var/www/html/

#rsync –avz /media/RHEL_5.6/Server /var/www/html/Server/

3. Create yum on the freshly created system.

# vim /etc/yum.repos.d/server.repo
[server]
name=test
baseurl=file:///var/www/html/Server/
esc :wq

4. Now install the following packages using yum.

# yum install *mysql* *php* *rpm* *http* *system-sw* -y

5. Download postfixadmin-2.2.1.1.tar.gz.

6. [root@mail~] # mkdir /var/www/html/mailadmin

7. [root@mail~] # cp Dosktop/postfixadmin-2.2.1.1.tar.gz /var/www/html/

8. [root@mail html] # tar -zxf /postfixadmin-2.2.1.1.tar.gz

9. [root@mail postfixadmin-2.2.1.1] # cp config.inc.php config.inc.php-org 

10. [root@mail postfixadmin-2.2.1.1]# vi config.inc.php

$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfix';
$CONF['database_name'] = 'postfix';
$CONF['admin_email'] = 'postmaster@iic.com';
$CONF['encrypt'] = 'cleartext';
// Default Aliases
// The default aliases that need to be created for all domains.
$CONF['default_aliases'] = array (
    'abuse' => 'abuse@fooster.com',
    'hostmaster' => 'hostmaster@iic.com',
    'postmaster' => 'postmaster@iic.com',
    'webmaster' => 'webmaster@iic.com'
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'YES';
$CONF['vacation_domain'] = 'autoreply.change-this-toyour.domain.tld';
$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = 'www.dell.com';
$CONF['footer_link'] = 'www.dell.com';
CONF['emailcheck_resolve_domain']='YES'; 

11. [root@mail html]# mv  postfixadmin-2.2.1.1 mailadmin

12. [root@mail mailadmin]# service httpd restart

13. [root@mail mailadmin]# service mysqld  restart

14. [root@mail html]# mysqladmin password "postfix" (set password database user)

15. [root@mail html]# mysql -u root -p

Enter password:   
  mysql>
  mysql> CREATE DATABASE postfix; 
  mysql> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'postfix';
  mysql>  GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost';
  mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| postfix            |
| test               |
+--------------------+
4 rows in set (0.00 sec) 
mysql> quit

16. [root@mail mailadmin]# /etc/init.d/httpd restart

17.  Now open web-browser and enter the following address.

18.  Click on the SETUP link on the page opened.

19. [root@mail mailadmin]# vim config.inc.php 
$CONF['configured'] = false;  

20. Now add the account of the super user at the end and rename the setup.php file in mailadmin/.

21. [root@mail mailadmin]# mv setup.php setup.php-org

22. [root@mail mailadmin]# service httpd restart 

23.  Create a new user, to build the rpms.
 
# useradd rpmbuild
# passwd rpmbuild

24.  Download the source rpm from internet and copy to home directory of user.
# cp Desktop/postfix-2.5.5-1.src.rpm /home/rpmbuild/
# chown rpmbuild.rpmbuild /home/rpmbuild/postfix-2.5.5-1.src.rpm

25.  Now switch to new user and create following directory set:

# su - rpmbuild
[rpmbuild@mail ~]$ mkdir rpm
[rpmbuild@mail ~]$  mkdir rpm/SOURCES
[rpmbuild@mail ~]$  mkdir rpm/SPECS
[rpmbuild@mail ~]$  mkdir rpm/BUILD
[rpmbuild@mail ~]$  mkdir rpm/SRPMS
[rpmbuild@mail ~]$  mkdir rpm/RPMS
[rpmbuild@mail ~]$  mkdir rpm/RPMS/x86_64
[rpmbuild@mail ~]$  echo "%_topdir    $HOME/rpm" >> $HOME/.rpmmacros

26.  Now install the source RPM that was downloaded.
[rpmbuild@mail ~]$  rpm -ivh postfix-2.5.5-1.src.rpm

27.  Now edit the postfix.spec file, that is automatically created under rpm/SPECS/

[rpmbuild@mail ~]$ cd rpm/SPECS
[rpmbuild@mail SPECS]$ ls
   postfix.spec
[rpmbuild@mail SPECS]$ vim postfix.spec
%define with_mysql_redhat 1
    %define with_sasl         2
    %define with_vda       1 
{Replace every occurrence of rhel4 with rhel5 in the file.}

28.  Now build the rpm using RPMBUILD.

[rampal@mail SPECS]$ rpmbuild -ba postfix.spec 

29. This will create rpms on following locations:

/home/rampal/rpm/RPMS/i386/postfix-2.5.5-1.rhel5.i386.rpm
/home/rampal/rpm/RPMS/i386/postfix-debuginfo-2.5.5-1.rhel5.i386.rpm 
[rampal@mail SPECS]$  logout 

30.  Install these packages as root.

[root@mail i386]# rpm -Uvh postfix-2.5.5-1.rhel5.i386.rpm
[root@mail i386]# rpm -Uvh postfix-debuginfo-2.5.5-1.rhel5.i386.rpm  
[root@mail i386]# postconf -m    
      btree
      cidr
      environ
      hash
      ldap
      mysql
      nis
      proxy
      regexp
      static
      unix

31.  Download courier-imap-4.4.1.tar.bz2 from internet and copy this to home directory of the user. Change the user ownership of the file.

32. Also download  the file courier-authlib-0.61.0.tar.bz2 and copy this file also to the home directory of the user, also change the ownership.

[root@mail Desktop]# cp courier-imap-4.1.1.tar.bz2 /home/rampal/
[root@mail Desktop]# chown rampal.rampal /home/rampal/courier-imap-4.1.1.tar.bz2  
[root@mail Desktop]# cp courier-authlib-0.58.tar.bz2 /home/rampal/
[root@mail Desktop]# chown rampal.rampal /home/rampal/courier-authlib-0.58.tar.bz2

33.  Now switch to user and build the rpm using rpmbuild.

[root@mail Desktop]# su - rampal
[rampal@mail ~]$  rpmbuild -ta  courier-authlib-0.58.tar.bz2
[rampal@mail~]$ logout

34.  Install the dependencies of the rpmbuild as the root user using yum.

[root@mail Desktop]# yum install *libtool*
[root@mail Desktop]# yum install *postgresql-devel*
[root@mail Desktop]# yum install *gdbm-devel*
[root@mail Desktop]# yum install *pam-devel
[root@mail Desktop]# yum install *expect*
[root@mail Desktop]# yum install *gcc-c++*
[root@mail Desktop]# su - rampal
[rampal@mail ~]$  rpmbuild -ta  courier-authlib-0.58.tar.bz2
[rampal@mail~]$ logout

35.  Now packages are created on the following location. Install these packages.

[root@mail ~]$ cd /home/rampal/rpm/RPMS/i386/
[root@mail i386]$ rpm -ivh courier-authlib-0.58-1.5Server.i386.rpm
[root@mail i368]$ rpm -ivh  courier-authlib-debuginfo-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-devel-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh  courier-authlib-ldap-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-mysql-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-pgsql-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-pipe-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-userdb-0.58-1.5Server.i386.rpm
[root@mail ~]# su - rampal

36.  Now untar the courier-imap file , make following changes in the file and copy it to rpm/SPEC/ location.

[rampal@mail ~]$  tar -jxvf courier-imap-4.1.1.tar.bz2
[rampal@mail ~]$ cd courier-imap-4.1.1
[rampal@mail courier-imap-4.1.1]$ cp courier-imap.spec courier-imap.spec-org
[rampal@mail courier-imap-4.1.1]$ vi courier-imap.spec  
BuildPreReq: rpm >= 3.0.5 /usr/bin/sed openldap2 openldap2-devel
%else
BuildPreReq: rpm >= 4.0.2 sed openldap-devel openldap-servers
%endif
{remove every thing except these in the above lines in the file}

37.  Now run the rpmbuild command to build the rpm packages. If it shows some dependencies, install those dependencies using yum as root. When the command completes building packages, install those packages as root.

[rampal@mail] courier-imap-4.1.1]$  cp courier-imap.spec /home/rampal/rpm/SPECS/
[rampal@mail]courier-imap-4.1.1]$  cp courier-imap-4.1.1.tar.bz2 /home/rampal/rpm/SOURCES
[rampal@mail~]$  cd rpm/SPECS/
[rampal@mail] SPECS]$ rpmbuild -ba courier-imap.spec
    dependencies: openldap* rpm
[ramapl@mail~] logout
[root@mail~]# yum install  openldap*
[root@mail~]# su - rampal
[rampal@mail] SPECS]$ rpmbuild -ba courier-imap.spec
[rampal@mail] SPECS]$ logout
[root@mail ~] cd /home/rampal/rpm/RPMS/i386/
[root@mail i386]# rpm -ivh courier-imap-4.1.1-1.5Server.i386.rpm
[root@mail i386]# rpm -ivh courier-imap-debuginfo-4.1.1-1.5Server.i386.rpm

38.  Now add a virtual user with uid=1001 and gid=1001.

[root@mail ~]#  useradd virtual ( useradd only virtual uid-1001 gid-1001)
[root@mail ~]# passwd virtual 
virtual:x:1001:1001::/home/virtual:/bin/bash 
[root@mail ~]# vi /etc/passwd 
virtual:x:1001: 
[root@mail ~]# vi /etc/group 
[root@mail ~]# chmod -R 777 /home/virtual/
[root@mail ~]# chown virtual.virtual /home/virtual 

39.  Now copy the main.cf file to a temp file and make following changes in the file.

[root@mail postfix]# cp /etc/postfix/main.cf main.cf_org
[root@mail postfix]#  vi /etc/postfix/main.cf 
Add these line in the end of file : 
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:1001
virtual_mailbox_base = /home/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1001
virtual_transport = virtual
virtual_uid_maps = static:1001
#Additional for quota support
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota,   please try again later.
virtual_overquota_bounce = yes
relay_domains = mysql:/etc/postfix/mysql_relay_domains_maps.cf
mynetworks = 192.168.0.0/24, 127.0.0.0/8 
[root@mail postfix]#  postmap hash:/etc/postfix/aliases
[root@mail postfix]#  service postfix restart 

40.  Add following files in the /etc/postfix directory:

[root@mail ~]# vi /etc/postfix/mysql_relay_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1' 
[root@mail ~]# vi /etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s' 
[root@mail ~]# vi /etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = 1 
[root@mail ~]# vi /etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1 
#  [root@mail~]# vi /etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1' 

41.  Also make changes in following files:

/etc/authlib/authmysqlrc:
[root@mail ~]# cd /etc/authlib/
[root@mail authlib]#  cp authmysqlrc authmysqlrc_org
[root@mail authlib]# vi authmysqlrc ( This file authentusen file mysql and database 
MYSQL_SERVER            localhost
MYSQL_USERNAME          postfix
MYSQL_PASSWORD          postfix
MYSQL_PORT              0
MYSQL_OPT               0
MYSQL_DATABASE          postfix
MYSQL_USER_TABLE        mailbox
#MYSQL_CRYPT_PWFILED     crypt
MYSQL_CLEAR_PWFIELD     password
MYSQL_UID_FIELD         1001
MYSQL_GID_FIELD         1001
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        '/home/virtual'
MYSQL_NAME_FIELD        name
MYSQL_MAILDIR_FIELD     maildir 
[root@mail ~]# vim /etc/authlib/authdaemonrc  
authmodulelist=" authmysql "
[root@mail ~]# /etc/init.d/courier-authlib restart
[root@mail ~]# /etc/init.d/courier-imap restart
[root@mail ~]# /etc/init.d/httpd restart

42.  Open web-browser and open following url:

http://localhost/mailadmin/
login email = user name@domain name
password=  ******

43.  Now you can add new mailbox, domains and send mails to user from your server.
LDAP: Light-weight Directory Access Protocol

Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

LDAP is the collection of following packages:

1. Transport Layer Security2. Simple Authentication and Security Layer3. Kerberos Authentication Service4. Database Software 5. Threads6. TCP Wrappers
slapd is an LDAP directory server that runs on many different platforms. slapd is a version 3 of LDAP, supports LDAP over both IPv4 and IPv6 and Unix PC.

Following are the some of the advantages of using SLDAP.

1. slapd supports Unicode and language tags.
2. slapd can be configured to restrict access at the socket layer based on network topology.
3. slapd comes with a variety of databases: BDB and HDB are two.
4. multiple databases can be configured.
5. slapd consists of two distinct parts: a front end that handles protocol communication with LDAP clients; and modules which handle specific tasks such as database operations.
6. These two pieces communicate via a well-defined C API, we can write a customized modules which extend slapd in numerous ways.


Here is the installation guide for setting up a basic LDAP server:
Install the openldap packages using yum:


# yum install openldap-servers

Add the following lines to /etc/sysconfig/iptables file:
# vim /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m udp -p udp --dport 389 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT

Restart the firewall:

# service iptables restart

Make sure service can run:

# service slapd start

Make sure service is not running:

# service slapd stop

Prepare customized configuration file in slapd.example.conf:

# cp /etc/openldap/slapd.conf.bak slapd.example.conf

Generate root password for LDAP cn=config configuration:

# slappasswd

"{SSHA}R6zJBEcX1ltYDwbWkqYZ8GrrUFQZbKyN".

Modify the defaults in /etc/openldap/slapd.conf:

# vim /etc/openldap/slapd.conf

rootpw {SSHA}R6zJBEcX1ltYDwbWkqYZ8GrrUFQZbKyN
"cn=admin,dc=example,dc=com".
"dc=example,dc=com".

Install the package:

# yum install openldap-clients

Configure the clients through /etc/openldap/ldap.conf. Providing base DN is not necessary as it is dc=example,dc=com by default. However, default URI refers to localhost which has to be changed.

BASE dc=example, dc=com
URI ldap://127.0.0.1

This section provides content of initial LDAP database in LDIF format.

Create example.com.ldif file with the following content:

# cd /etc/openldap/

# vim example.com.ldif

# Root entry

dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example

Create admin.example.com.ldif file with the following content:


# vim admin.example.com.ldif

# Admin DN
dn: cn=admin,dc=example,dc=com
objectclass: organizationalRole
cn: admin

Create users.example.com.ldif file with the following content:

#vim users.example.com.ldif

# Base DN for users

dn: ou=users,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: users

Create groups.example.com.ldif file with the following content:

# vim groups.example.com.ldif
# Base DN for groups

dn: ou=groups,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: groups


This section can be used repeatedly to re-set configuration, re-initialize LDAP content and start over again.


Make sure service is not running:

# service slapd stop

Clean up configuration:

# rm -rf /etc/openldap/slapd.d/*

Clean up content:

# rm -rf /var/lib/ldap/*

Copy the file:

# cp /usr/share/doc/openldap-servers-*/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Initialize DB files for content in /var/lib/ldap directory:

# echo "" | slapadd -f /etc/openldap/slapd.example.conf

Convert configuration file into dynamic configuration under /etc/openldap/slapd.d directory:

# slaptest -f /etc/openldap/slapd.example.conf -F /etc/openldap/slapd.d

Initialize LDAP DB with initial content:

# slapadd -l example.com.ldif

# slapadd -l admin.example.com.ldif

# slapadd -l users.example.com.ldif

# slapadd -l groups.example.com.ldif

Set permissions:

#chown -R ldap:ldap /var/lib/ldap
# chown -R ldap:ldap /etc/openldap/slapd.d

Start server:

# service slapd restart

List the content by request from client:

# ldapsearch -x -b 'dc=example,dc=com'

Load the the rest of LDAP database content from LDIF:

#ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -f users.example.com.ldif

#ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -f groups.example.com.ldif

List again

# ldapsearch -x -b 'dc=example,dc=com'