CentOS: Install OpenLDAP with Webmin – The Simple Way

Installing OpenLDAP with Webmin will require a lot of steps. I have created a BASH script to install OpenLDAP with Webmin in CentOS 6 servers. To install, simply download the installer script at here:

Installation example will be as below. I am using a freshly installed CentOS 6.3 64bit installed with minimal ISO, with wget and perl installed.

1. Download and extract the installer script:

$ cd /usr/local/src
$ wget http://blog.secaserver.com/files/openldap_installer.sh

2. Change the permission to 755:

$ chmod 755 openldap_installer.sh

3. Execute the script and follow the wizard as example below:

$ ./openldap_installer.sh
===========================================================
           This script will install OpenLDAP
It assumes that there is no OpenLDAP installed in this host
   SElinux will be disabled and firewall will be stopped
===========================================================
 
What is the root domain? [eg mydomain.com]: majimbu.net
What is the administrator domain? [eg ldap.majimbu.net or manager.majimbu.net]: ldap.majimbu.net
What is the administrator password that you want to use?: MyN23pQ
Do you want to install Webmin/Do you want me to configure your Webmin LDAP modules? [Y/n]: Y

You should see the installation process output as below:

=================================================================
Kindly review following details before proceed with installation:
=================================================================
Hostname: ldap.majimbu.net
Root DN: dc=majimbu,dc=net
Administrator DN: cn=ldap,dc=majimbu,dc=net
Administrator Password: MyN23pQ
Webmin installation: Y
=================================================================
 
Can I proceed with the installation? [Y/n]: Y
Checking whether openldap-servers has been installed..
openldap-servers package not found. Proceed with installation
Disabling SElinux and stopping firewall..
iptables: Flushing firewall rules:                                 [ OK ]
iptables: Setting chains to policy ACCEPT: filter                  [ OK ]
iptables: Unloading modules:                                       [ OK ]
Installing OpenLDAP using yum..
Package cronie-1.4.4-7.el6.x86_64 already installed and latest version
Package sudo-1.7.4p5-13.el6_3.x86_64 already installed and latest version
OpenLDAP installed
Configuring OpenLDAP database..
Configuring monitoring privileges..
Configuring database cache..
Generating SSL..
Generating a 2048 bit RSA private key
..........................+++
......................+++
writing new private key to '/etc/openldap/certs/majimbu_key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:MY
State or Province Name (full name) []:Kuala Lumpur
Locality Name (eg, city) [Default City]:Bukit Bintang
Organization Name (eg, company) [Default Company Ltd]:Majimbu Net Corp
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:ldap.majimbu.net
Email Address []:[email protected]
Configuring LDAP service..
Checking OpenLDAP configuration..
config file testing succeeded
OpenLDAP installation done. Starting SLAPD..
Starting slapd:                                                    [ OK ]
Configuring LDAP client inside this host..
Checking the Webmin installation..
Webmin package not found in this host. Installing Webmin..
Retrieving http://www.webmin.com/download/rpm/webmin-current.rpm
warning: /var/tmp/rpm-tmp.XmXunn: Header V3 DSA/SHA1 Signature, key ID 11f63c51: NOKEY
Preparing... ########################################### [100%]
Operating system is CentOS Linux
    1:webmin ########################################### [100%]
Webmin install complete. You can now login to http://ldap.majimbu.net:10000/
as root with your root password.
Webmin installed.
Configuring webmin LDAP server module..
Configuring webmin LDAP client module..
Installation completed! [ OK ]
============================================================================
    You may need to open following port in firewall: 389, 636, 10000
Dont forget to refresh your Webmin module! Login to Webmin > Refresh Modules
============================================================================

 

4. Installation done. We need to refresh the Webmin module from the Webmin page. Login into Webmin > Refresh Modules:

webmin_refresh

 

5. You need to refresh again the Webmin page so the activated module will be listed in the side menu as screen shot below:

webmin_ldap

You can now start to create your LDAP object using your Webmin modules Webmin > Servers > LDAP Server To add port exception into firewall rules, you can use following command:

$ iptables -I INPUT -m tcp -p tcp --dport 389 -j ACCEPT
$ iptables -I INPUT -m tcp -p tcp --dport 636 -j ACCEPT
$ iptables -I INPUT -m tcp -p tcp --dport 10000 -j ACCEPT

11 thoughts on “CentOS: Install OpenLDAP with Webmin – The Simple Way

  1. Hey man it’s a great script, thank you!.
    I had to add “mkdir /etc/openldap/certs” in it to properly work on centos 6.3/
    there’s a minor problem though, after adding a user and a group with webmin I cant see that users with “getent passwd”, I’ve tried to figure it out and been googling a lot but I dont know what am I missing here. Got any hints for me?

    Thanks you!

    Reply

    1. I have fixed the script to check for /etc/openldap/certs. To use getent passwd, change /etc/nsswitch.conf as follow:
      passwd: files ldap
      shadow: files ldap
      group: files ldap

      Then, run following command:
      $ authconfig-tui

      It should open the authentication configuration, choose “Use LDAP” > Next > enter the correct Base DN > OK. Service nslcd will be restarted right away. Once done, you can try to lookup again using “getent passwd”

      Reply

  2. The script is not working for me with centos 6.4. Webmin is working, but one ldap module stays in “unused modules”. Tls nog working with ldap. Maybe I’m forgetting something, can you please test your script again with CentOS 6.4 clean install?

    Reply

    1. or maybe add some instructions what to do after installation. Like how I can add users/groups. I would really appreciate that!

      Reply

      1. Found out that you need the config the modules in webmin with “localhost” instead of 127.0.0.1.

        Maybe you could add the config of /etc/webmin/ldap-useradmin/config to your script so it will work out of the box.

        Thank you for your script and your blog.

        Reply

  3. i have try to install on cnetos6.4 script can not running please check and what i do missing reply ASAP ?????
    Thanx

    Reply

    1. I just ran the script on RHEL 6.4 64bit and having no problem encountered. What is the error occurred during the installation?

      Reply

  4. hi, nice peace of code! I did some fixes and extensions and would like to redistribute it (gpl, reffering to your site, of course). Do you allow that?

    Reply

  5. no work on ubuntu 1404 LTS
    check the script, it should work on CentOS / RHEL
    =======
    Can I proceed with the installation? [Y/n]: Y
    openldap_installer.sh: 42: [: Y: unexpected operator
    Checking whether openldap-servers has been installed..
    openldap_installer.sh: 49: openldap_installer.sh: rpm: not found
    openldap-servers package not found. Proceed with installation
    Disabling SElinux and stopping firewall..
    openldap_installer.sh: 58: openldap_installer.sh: setenforce: not found
    sed: can’t read /etc/selinux/config: No such file or directory
    iptables: unrecognized service
    Installing OpenLDAP using yum..
    openldap_installer.sh: 64: openldap_installer.sh: yum: not found
    Error in installation

    Reply

    1. Yes, the script is built on CentOS 6. I don’t have time to make it for Debian based system or CentOS7 yet.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *