932
edits
Changes
Updating configuration to work on Centos 8
==Pre-Requisites==
The pre-lab must be complete so that your virtual machines share access to a private network. Lab 1 must be complete so each machine has a well configured firewall. Make sure each machine is fully updated.
==Investigation 1: OpenLDAP Server Setup and Configuration==
{{Admon/important|Warning|Make a backup before you start this lab. It is very difficult to recover this service if you make a mistake in configuration.}}
Perform the following steps on a new vm (we'll call it vm4) installed using Centos 7:vm2
<ol>
<li>Install yum-utils</li>
<li>Install the symas ldap repo (who now maintain a version of it available for Centos 8:
<ul><li>yum-config-manager --add-repo=--add-repo=https://repo.symas.com/configs/SOFL/rhel8/sofl.repo</li></ul></li>
<li>Install the following packages
*openldap
*symas-openldap-clients*symas-openldap-servers*migrationtoolsperl
</li>
<li>In older releases a package called 'migrationtools' was available that contained a number of perl scripts used to convert information from other sources (e.g. /etc/passwd) into ldif files. Since it is no longer part of standard repos in Centos 8, download the copy I have provided on blackboard and extract it to /usr/share/migrationtools.</li>
<li>Check the content of the file directory '''/etc/openldap/slapd.d/cn=config/''' for the top branch of OpenLDAP directory configuration files:
<source>
olcDatabase={1}monitor.ldif
olcDatabase={-1}frontend.ldif
olcDatabase={2}hdbmdb.ldif
</source>
Examine the contents of olcDatabase={2}hbdmbd.ldif:
<source>
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfigolcMdbConfigolcDatabase: {2}hdbmdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=my-domain,dc=com
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
structuralObjectClass: olcHdbConfigolcMdbConfig
entryUUID: 5a8d299a-3f2f-1036-9244-a7abff537081
creatorsName: cn=config
<source>
# customize domain name
dn: olcDatabase={2}hdbmdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=ops535,dc=com
dn: olcDatabase={2}hdbmdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=ops535,dc=com
dn: olcDatabase={2}hdbmdb,cn=config
changetype: modify
add: olcRootPW
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdbmdb,cn=config"
modifying entry "olcDatabase={2}hdbmdb,cn=config"
modifying entry "olcDatabase={2}hdbmdb,cn=config"
</source>
</li>
<li>Examine the contents of your '''/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdbmdb.ldif''' file again. Your ldif file should have changed three fields. Try to identify them.</li>
<li>Create an LDIF file for the base context ops535.com entry to be added to the OpenLDAP
directory. Name the file as base.ldif.
<li>
Before we start adding users, we need to provide the migration tools some information about our domain.
Before you change anything, make a backup of the /usr/share/migrationstools/migrate_common.ph to the /root directory.
Modify the following parameters in the original file to the values shown below:
