1 00:00:00,000 --> 00:00:01,140 [No audio] 2 00:00:01,140 --> 00:00:04,740 OpenLDAP installation. This lesson is 3 00:00:04,740 --> 00:00:08,070 actually related to module five, where 4 00:00:08,070 --> 00:00:11,400 we covered what how the users are 5 00:00:11,400 --> 00:00:13,620 created when we need the Active 6 00:00:13,620 --> 00:00:16,950 Directory type of directory services. So 7 00:00:16,950 --> 00:00:19,020 I am including in this module is 8 00:00:19,020 --> 00:00:21,060 because in this module, that's where we 9 00:00:21,210 --> 00:00:24,060 have enabled the networking to talk to 10 00:00:24,330 --> 00:00:27,870 outside world, which is to have internet 11 00:00:27,900 --> 00:00:31,440 enabled. So if you need to go back to 12 00:00:31,440 --> 00:00:34,754 module 5 and review what LDAP, OpenLDAP is, 13 00:00:34,754 --> 00:00:36,750 what are the differences between 14 00:00:36,780 --> 00:00:39,900 each of the directory services, you 15 00:00:39,900 --> 00:00:41,580 should go back and review it and then 16 00:00:41,580 --> 00:00:43,200 you could always come back to this 17 00:00:43,200 --> 00:00:48,000 lesson. Anyway, so, OpenLDAP, what 18 00:00:48,030 --> 00:00:52,920 exactly OpenLDAP is? So OpenLDAP is 19 00:00:52,920 --> 00:00:55,500 basically an open source implementation 20 00:00:55,620 --> 00:00:57,990 of Lightweight Active Directory Access 21 00:00:57,990 --> 00:01:00,120 Protocol, which is also LDAP. It is 22 00:01:00,120 --> 00:01:04,110 developed by OpenLDAP project. So there 23 00:01:04,110 --> 00:01:06,930 is a company which is open source, they 24 00:01:06,930 --> 00:01:09,480 actually do community work, a lot of 25 00:01:09,480 --> 00:01:12,030 people have joined together to build 26 00:01:12,030 --> 00:01:15,270 this product called OpenLDAP. And it is 27 00:01:15,270 --> 00:01:17,670 an internet protocol that email and 28 00:01:17,670 --> 00:01:20,520 other programs like user access use to 29 00:01:20,520 --> 00:01:22,350 look up contact information from the 30 00:01:22,350 --> 00:01:25,320 server. It is released under OpenLDAP 31 00:01:25,320 --> 00:01:28,200 public license. It is available for all 32 00:01:28,200 --> 00:01:30,990 major Linux distributions also AIX, 33 00:01:30,990 --> 00:01:35,820 Android HPUX, OSX, Solaris, and even 34 00:01:35,850 --> 00:01:38,640 Windows are nowadays using OpenLDAP if 35 00:01:38,640 --> 00:01:40,950 there is a need, because it's free, and 36 00:01:40,950 --> 00:01:43,230 you will have to pay Active Directory 37 00:01:44,190 --> 00:01:46,080 for the for that product to Microsoft. 38 00:01:46,830 --> 00:01:49,410 So it is becoming very popular, 39 00:01:49,650 --> 00:01:52,110 especially in Linux world when you have 40 00:01:53,130 --> 00:01:56,070 1000s of users that you need to manage, 41 00:01:56,280 --> 00:02:00,000 and you need to have them access 42 00:02:00,420 --> 00:02:03,150 to many different servers. So that's 43 00:02:03,150 --> 00:02:05,610 pretty much what OpenLDAP is. Now the 44 00:02:05,610 --> 00:02:08,460 OpenLDAP. Once we do the installation, 45 00:02:08,460 --> 00:02:10,620 it's completed, the service that we need 46 00:02:10,620 --> 00:02:15,641 to have enabled and running is called slapd. 47 00:02:15,641 --> 00:02:19,230 To stop and start the service 48 00:02:19,230 --> 00:02:22,920 for OpenLDAP it simply systemctl start 49 00:02:23,100 --> 00:02:26,640 slapd, same thing, if you want to 50 00:02:26,670 --> 00:02:29,100 enable it, meaning if you want the 51 00:02:29,100 --> 00:02:31,980 service to start when your computer or 52 00:02:31,980 --> 00:02:34,770 you when your Linux boot up, then you 53 00:02:34,770 --> 00:02:36,780 have to run the command systemctl 54 00:02:36,780 --> 00:02:40,470 enable slapd. Of course I didn't 55 00:02:40,470 --> 00:02:42,270 include the stop, I'm sure you would know 56 00:02:42,270 --> 00:02:44,610 that. And also you could do the restart 57 00:02:44,610 --> 00:02:46,770 command as well. systemctl restart with 58 00:02:46,770 --> 00:02:49,380 the service name. Where are the 59 00:02:49,380 --> 00:02:51,600 configuration files are located. Once 60 00:02:51,600 --> 00:02:53,910 you have the OpenLDAP installation 61 00:02:53,910 --> 00:02:55,890 successfully completed, then you will 62 00:02:55,890 --> 00:03:00,773 find that in etc/ openldap/slapd.d. 63 00:03:00,773 --> 00:03:03,330 This is the directory where you have 64 00:03:03,360 --> 00:03:05,550 all the configuration files where you 65 00:03:05,550 --> 00:03:08,310 could go in and make changes to it. So 66 00:03:08,310 --> 00:03:11,460 let's go into, let's log into our Linux 67 00:03:11,460 --> 00:03:14,040 machine and we'll go over the 68 00:03:14,040 --> 00:03:16,275 installation of OpenLDAP. 69 00:03:16,275 --> 00:03:23,733 [no audio] 70 00:03:23,733 --> 00:03:28,290 Okay, so I have this Linux machine open. I am 71 00:03:28,290 --> 00:03:31,290 logged in as myself I will become root. 72 00:03:31,290 --> 00:03:36,660 [No audio] 73 00:03:36,660 --> 00:03:39,600 Okay, now, before you go ahead and do 74 00:03:39,600 --> 00:03:41,760 the installation, make sure your Linux 75 00:03:41,760 --> 00:03:44,850 machine can go outside the internet. And 76 00:03:44,850 --> 00:03:47,160 the best way to find out is always do 77 00:03:47,160 --> 00:03:49,650 ping command to ping any server that you 78 00:03:49,650 --> 00:03:52,980 like. And if you get the 64 byte back 79 00:03:53,160 --> 00:03:57,180 and ICMP is coming back with the time to 80 00:03:57,180 --> 00:03:59,970 ping, then it means you can reach it, you 81 00:03:59,970 --> 00:04:02,070 can reach the Google server, Perfect. 82 00:04:02,790 --> 00:04:07,230 Let's clear the screen. Now the command 83 00:04:07,230 --> 00:04:19,057 to install the OpenLDAP is yum install openldap. 84 00:04:19,057 --> 00:04:23,550 I believe it's openldap or 85 00:04:24,180 --> 00:04:28,079 it's probably open-ldap but anyway 86 00:04:28,079 --> 00:04:32,190 we'll try just openldap, and I want to 87 00:04:32,220 --> 00:04:36,660 do asterisk here, and as well as I want to 88 00:04:36,660 --> 00:04:39,690 do asterisk here. The reason I wanted to 89 00:04:39,690 --> 00:04:42,420 put these stars before and after, it 90 00:04:42,420 --> 00:04:45,810 means any package that matches 91 00:04:45,840 --> 00:04:48,450 openldap whether the openldap comes 92 00:04:48,720 --> 00:04:52,290 after the name or before a name, then it 93 00:04:52,290 --> 00:04:54,810 will download all the OpenLDAP 94 00:04:56,130 --> 00:05:01,530 packages. So go ahead hit enter. It's 95 00:05:01,530 --> 00:05:03,690 gonna go out and check all the mirrors 96 00:05:03,720 --> 00:05:06,330 all the repositories that are available 97 00:05:06,540 --> 00:05:10,170 to us. And here, it has a list of all 98 00:05:10,170 --> 00:05:13,980 the OpenLDAP packages or the RPMs. And 99 00:05:13,980 --> 00:05:15,600 then you could see and installing the 100 00:05:15,600 --> 00:05:17,550 packages, you will see right here, 101 00:05:17,550 --> 00:05:19,740 here's a list of all the packages that 102 00:05:19,740 --> 00:05:22,230 it will install on your system. And 103 00:05:22,230 --> 00:05:23,580 here's a quick summary for the 104 00:05:23,580 --> 00:05:26,940 transaction. And you can see the size is 105 00:05:26,940 --> 00:05:30,840 4.5 megabyte. So is this okay? Yes, of 106 00:05:30,840 --> 00:05:33,450 course, you want to install that, so hit 107 00:05:33,960 --> 00:05:36,120 Y and hit enter. 108 00:05:36,120 --> 00:05:56,820 [no audio] 109 00:05:56,820 --> 00:05:59,130 So always first, it downloads the 110 00:05:59,130 --> 00:06:01,380 packages. Once the packages are 111 00:06:01,380 --> 00:06:03,270 downloaded, then it goes through the 112 00:06:03,270 --> 00:06:05,520 installation of those packages. Once 113 00:06:05,520 --> 00:06:07,320 installation is completed, it will clean 114 00:06:07,320 --> 00:06:09,690 up any of the remaining things that it's 115 00:06:09,690 --> 00:06:11,790 not needed, it will clean up, it will 116 00:06:11,790 --> 00:06:14,700 verify the packages are done, it's 117 00:06:14,700 --> 00:06:17,730 installed. And it will give you a quick 118 00:06:17,730 --> 00:06:19,950 summary at the bottom. And when you see 119 00:06:19,950 --> 00:06:22,680 the the message right at the bottom says 120 00:06:22,680 --> 00:06:25,200 Complete, it means it has completed 121 00:06:25,200 --> 00:06:29,422 successfully. So now you have the OpenLDAP 122 00:06:29,422 --> 00:06:32,010 installation completed. Now it's 123 00:06:32,040 --> 00:06:34,920 time to do the configuration. Just one 124 00:06:34,920 --> 00:06:37,200 thing I just want to add quickly, I am 125 00:06:37,200 --> 00:06:39,720 not going to do the complete 126 00:06:39,750 --> 00:06:42,210 installation, or sorry, complete 127 00:06:42,210 --> 00:06:45,570 configuration of the OpenLDAP is 128 00:06:45,570 --> 00:06:47,820 because it requires a lot of work. It is 129 00:06:47,820 --> 00:06:50,790 a completely separate topic because it 130 00:06:50,790 --> 00:06:54,240 could take hours and hours depending on 131 00:06:54,240 --> 00:06:56,850 how you want to configure it based on 132 00:06:56,850 --> 00:06:59,070 your environment. It's just a matter of 133 00:06:59,070 --> 00:07:01,620 OpenLDAP I want you to have some kind 134 00:07:01,620 --> 00:07:04,260 of exposure to it. So you know how to 135 00:07:04,260 --> 00:07:06,480 install it, how does it work, and there 136 00:07:06,480 --> 00:07:08,760 is a way if you need to have some kind 137 00:07:08,760 --> 00:07:10,920 of directory services in your 138 00:07:10,920 --> 00:07:12,840 environment, then that's how you go 139 00:07:12,840 --> 00:07:15,210 about it. So now we have it downloaded, so 140 00:07:15,210 --> 00:07:19,590 let's say if you want to enable start 141 00:07:19,590 --> 00:07:21,150 the service. So you remember the start 142 00:07:21,150 --> 00:07:29,550 to service is systemctl start slapd. 143 00:07:29,550 --> 00:07:32,340 [No audio] 144 00:07:32,340 --> 00:07:35,190 Okay. So it has started and how do you 145 00:07:35,190 --> 00:07:38,760 verify it? You could just do systemctl 146 00:07:38,970 --> 00:07:42,030 status, and you will see that it is up 147 00:07:42,030 --> 00:07:44,040 and running especially when you have 148 00:07:44,160 --> 00:07:47,100 when you using a GUI terminal, you'll see 149 00:07:47,100 --> 00:07:48,900 it is active and running and it is in 150 00:07:48,900 --> 00:07:51,990 green and all the other packages and 151 00:07:52,020 --> 00:07:54,300 package information where those are 152 00:07:54,480 --> 00:07:56,160 located where the file is located. 153 00:07:56,190 --> 00:07:59,010 Everything is here. You could also test 154 00:07:59,040 --> 00:08:01,800 another way that if it has, if the 155 00:08:01,800 --> 00:08:04,410 service or the process is running, and 156 00:08:04,410 --> 00:08:07,050 I'm sure you know by by now, that 157 00:08:07,050 --> 00:08:10,470 command is ps -ef, and then you 158 00:08:10,470 --> 00:08:14,850 grep for slapd. And you will see 159 00:08:14,850 --> 00:08:17,370 right here the first line you will see 160 00:08:17,850 --> 00:08:21,330 ldap /usr/sbin. This is the process that 161 00:08:21,330 --> 00:08:24,180 is running. Again, the second one is just 162 00:08:24,180 --> 00:08:26,610 the process is just a command itself 163 00:08:26,640 --> 00:08:28,710 since I ran the command it is grepping 164 00:08:28,710 --> 00:08:31,470 for itself. So the first one has 165 00:08:31,470 --> 00:08:35,580 verified that we have the OpenLDAP 166 00:08:36,570 --> 00:08:39,450 process it's running. The configuration 167 00:08:39,450 --> 00:08:48,909 file are located in etc/openldap/slapd.d 168 00:08:48,909 --> 00:08:51,270 directory. When you do, when 169 00:08:51,270 --> 00:08:52,830 you go into this directory, you could do 170 00:08:52,830 --> 00:08:56,070 simply ls -l, or ltr. You will see 171 00:08:56,070 --> 00:08:58,500 these are the configuration file, you 172 00:08:58,500 --> 00:09:00,630 will have to go into these configuration 173 00:09:00,630 --> 00:09:04,860 file, modufy it the way you want to, and on 174 00:09:04,860 --> 00:09:07,380 your system on your system local file 175 00:09:07,380 --> 00:09:09,780 system, you will have to actually go to 176 00:09:09,780 --> 00:09:13,020 one more file which is etc and the 177 00:09:13,020 --> 00:09:18,240 file name is nsswitch.conf file. If you 178 00:09:18,240 --> 00:09:21,240 go into that conf file, you will see 179 00:09:22,770 --> 00:09:28,590 right here where it says passwd. See 180 00:09:28,590 --> 00:09:31,140 right here, it says files. It means first, 181 00:09:31,920 --> 00:09:34,230 and every time a user login it will go 182 00:09:34,230 --> 00:09:39,360 to a file, and which file is that? That 183 00:09:39,360 --> 00:09:42,810 file is /etc/passwd, that is a kind 184 00:09:42,810 --> 00:09:46,200 of a local database that is in your 185 00:09:46,200 --> 00:09:49,020 Linux machine or local file that keeps 186 00:09:49,080 --> 00:09:51,120 the inventory of all the users that are 187 00:09:51,120 --> 00:09:54,000 locally created. So the first time you 188 00:09:54,000 --> 00:09:55,740 use logs in, it will always go to the 189 00:09:55,740 --> 00:09:59,130 file and if the user is not found, then 190 00:09:59,160 --> 00:10:01,290 it will go to another one, then you have 191 00:10:01,290 --> 00:10:03,060 to see SSH, you have to replace it with 192 00:10:03,120 --> 00:10:07,590 ldap, ldap, it will go to that ldap 193 00:10:08,220 --> 00:10:10,590 machine, and then it will get 194 00:10:10,590 --> 00:10:13,890 authenticated. Now remember, one thing 195 00:10:14,160 --> 00:10:17,550 that LDAP, we have installed LDAP on the 196 00:10:17,550 --> 00:10:20,430 same machine that we need authentication 197 00:10:20,460 --> 00:10:23,640 from. So this is usually not how the 198 00:10:23,670 --> 00:10:25,740 environment or the scenario works. 199 00:10:25,770 --> 00:10:27,870 Usually system administrators, they 200 00:10:27,870 --> 00:10:30,510 install the OpenLDAP software on 201 00:10:30,510 --> 00:10:33,180 another Linux machine, which becomes a 202 00:10:33,180 --> 00:10:36,270 directory server. And then you could go 203 00:10:36,300 --> 00:10:39,120 in and configure on your client where to 204 00:10:39,120 --> 00:10:41,370 look up for LDAP services, you have to 205 00:10:41,370 --> 00:10:43,950 modify your /etc/host name, and few 206 00:10:43,980 --> 00:10:47,100 other files. And again, as I said 207 00:10:47,100 --> 00:10:48,900 before, there are a few configuration 208 00:10:48,900 --> 00:10:51,450 changes that you would have to make. And 209 00:10:51,570 --> 00:10:53,100 I will include 210 00:10:54,660 --> 00:10:57,960 an article that I have from online one 211 00:10:57,960 --> 00:11:00,930 of the OpenLDAP has the article How to 212 00:11:00,930 --> 00:11:03,090 configure it. So if you really are 213 00:11:03,090 --> 00:11:06,150 interested in configuring OpenLDAP and 214 00:11:06,150 --> 00:11:08,490 your OpenLDAP server, you can review 215 00:11:08,490 --> 00:11:10,830 that article and then you will be able 216 00:11:10,830 --> 00:11:14,220 to configure it. So anyway, hopefully 217 00:11:14,220 --> 00:11:17,670 you have it installed correctly. And now 218 00:11:17,670 --> 00:11:19,770 you understand the clear difference 219 00:11:19,770 --> 00:11:22,350 between all those directories, servers 220 00:11:22,380 --> 00:11:24,510 or services that are out there. 221 00:11:24,510 --> 00:11:28,278 [No audio]