This guide will walk you through installing OpenLDAP from source on CentOS 8. It should work with Red Hat Enterprise Linux (RHEL) 8, Oracle Linux 8, and any other RHEL clones. I am assuming you are able to use a command line shell and text editor on a UNIX like operating system. This guide was… Read More »
The OpenLDAP audit log overlay is used to track changes to a database. It stores its data in an LDIF file. On busy servers, consider setting up a cron job to automatically rotate, compress, or archive the log file. Setting up the OpenLDAP audit log overlay is pretty straightforward. There are only a few steps… Read More »
The OpenLDAP password policy overlay allows administrators to implement password policies such as minimum length requirements and expirations. This guide explains how to use it and demonstrates with a few examples. The password policy overlay configuration is a bit different from other overlays. The configuration of most overlays takes place in the overlay entry of… Read More »
Unless you are using some kind of management tool, you use ldapadd to add a user to an OpenLDAP database. Before doing so, you will need a few pieces of information: What type of user you are creating (e.g. POSIX or non-POSIX) The LDAP suffix of the database you wish to add the user to.… Read More »
How to change an OpenLDAP password depends on whether it is a regular user or an administrative user. The configuration directory and each database (with a few exceptions) have an administrative account. I will cover how to change all three. Run all of the commands in this guide on your directory server as the root… Read More »
The OpenLDAP referential integrity overlay is used to keep attributes that refer to the DNs of other entries consistent when changes occur. If you are trying to make groups more manageable, consider using the memberOf overlay. The referential integrity overlay will automatically modify or remove attributes if the entry they refer to is renamed or… Read More »
My OpenLDAP Online Configuration (OLC) Reference provides the OLC equivalents of the configuration file options. It should be pretty accurate as I read the source code to determine which OLC attributes correspond to the configuration file options. For a description of what the various options do, consult the appropriate man page or the official Administrator’s… Read More »
The OpenLDAP memberOf overlay automatically creates and removes attributes when attributes of other entries that refer to their DN are added and removed. That statement, while technically accurate, was confusing to me and I wrote it! For example, if you create a groupOfNames entry with a member attribute of uid=user,ou=users,dc=tylersguides,dc=com, the memberOf overlay can automatically… Read More »
OpenLDAP Multi-Master Replication is for high availability, not load balancing. If a split-brain is possible, consider the mirror mode architecture described in the OpenLDAP Administrator’s Guide. A split-brain is where two or more nodes of a cluster are operating independently, which can cause the cluster data to become corrupt or out of sync. If you… Read More »
This guide will walk you through setting up an OpenLDAP server for authenticating and managing users on Linux and UNIX. I am assuming you already have the OpenLDAP server installed and running with no backends configured. I recommend installing OpenLDAP from source, but this guide should work if you installed from a repository. I have… Read More »