[CentOS] openLDAP under CentOS-6

Sun May 13 10:30:17 UTC 2012
Veli-Pekka Kestilä <centos at vpk.nu>

On 13.5.2012 4:18, Gregory P. Ennis wrote:
> I've been hard hit by the lack of CentOS-6 documentation
> mentioned in another thread.
> The openLDAP setup has been changed completely between CentOS 5 and 6,
> and I haven't been able to find any reasonably coherent instructions
> explaining how to upgrade.
> If anyone knows of such a document I should be most grateful to learn of it.
>
> Actually I have openLDAP working (though unencrypted) with my CentOS-5 data
> after a series of more or less random steps.
> But I can't work out how to set the password
> for the web interface at<server>/phpLDAPadmin .
> Again, if anyone can tell me how to do this
> I shall be most thankful.
>
> Incidentally, I looked at the RHEL documentation on this,
> <http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/
> 6/html/Migration_Planning_Guide/ch07s03.html>,
> but it was so sparse as to be more or less useless.
> --------------------------------------------------------------------
>
> I have been looking for the same thing.  I will be watching your thread
> with some hopeful expectation.
>
I fought with this a bit also. But with some searching I got the 
OpenLDAP server running.
You can edit and query the ldap as root user with following commands:

ldapmodify -v -Y EXTERNAL -H ldapi:/// -f some.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f some.ldif
ldapsearch -v -Y EXTERNAL -H ldapi:/// -b "dc=example,dc=com"

And I have found out that ubuntu guides work reasonably well.
https://help.ubuntu.com/10.04/serverguide/openldap-server.html

And you can also disable the protection with cn=config, with following 
ldif. I haven't tested it myself as I think protecting the config from 
external editing is good thing.

dn: cn=config
changetype: modify
delete: olcAuthzRegexp
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {CRYPT}7hzU8RaZxaGi2
dn: olcDatabase={0}config,cn=config
changetype: modify
delete: olcAccess

Remember that acls are also edited trough ldap using olcAccess entry.

dn: olcDatabase={2}bdb,cn=config
add: olcAccess
olcAccess: to dn.base="" by 
group="cn=Administrators,ou=Group,dc=example,dc=com" write by * read

Hope this helps.

-vpk