How to Install LDAP Client on CentOS 7 and 8 (Step-by-Step)

Installing an LDAP client on CentOS 7 or 8 might seem easy at first, but the actual steps to install and configure an LDAP client on CentOS can get confusing fast. I had to set it up last week for a test server mostly to centralize logins between a couple of machines.

LDAP’s been around forever, but it still works great if all you want is a single spot for managing users. Honestly, once it’s running, it just does its thing quietly in the background.

In this guide, I’ll show you exactly how I got the client working on both CentOS 7 and 8 with all the weird gotchas included.

⚠️ Heads up: if you don’t have a test VPS ready, grab one from Eldernode it’ll save you some time.

⚠️ Before we start: Make sure you’re using a non-root user with sudo access.

Installing and Configuring LDAP Client on CentOS 7

Step 1: Update Your CentOS System

Start by updating your system to ensure all packages are up-to-date and compatible. Use the command below to update all your system packages to the newest available version:

yum update

Step 2: Install the Packages Required for OpenLDAP Functionality

Now install all the essential OpenLDAP packages in one go using the following command. These include the core libraries, server tools, and client utilities you’ll need to get things running smoothly:

yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel

Then, you must start the LDAP daemon and enable it on the root. So, type:

systemctl start slapd.service

systemctl enable slapd.service

Step 3: Create OpenLDAP System User

To set an LDAP root password and save the output, use the command below to help you configure OpenLDAP in the following.

slappasswd

Step 4: Download OpenLDAP Source

To start configuring the OpenLDAP, you need to create the db.idif file. Use nano or your favorite text editor and paste the following content in:

nano db.ldif

dn: olcDatabase={2}hdb,cn=config  changetype: modify  replace: olcSuffix  olcSuffix: dc=field,dc=eldernode,dc=com    dn: olcDatabase={2}hdb,cn=config  changetype: modify  replace: olcRootDN  olcRootDN: cn=ldapadm,dc=field,dc=eldernode,dc=com    dn: olcDatabase={2}hdb,cn=config  changetype: modify  replace: olcRootPW  olcRootPW: hashed_output_from_the_slappasswd_command

Now, deploy the configuration:

ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif

Next, you can restrict monitor access only to the ldapadm user:

nano monitor.ldif

dn: olcDatabase={1}monitor,cn=config  changetype: modify  replace: olcAccess  olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=field,dc=eldernode,dc=com" read by * none

Again, deploy the configuration change by running the following command:

ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif

Step 5: Extract and Configure

In this step, you need to generate a certificate and private key to be able to communicate with the OpenLDAP server securely.

openssl req -new -x509 -nodes -out \

/etc/openldap/certs/myldap.field.eldernode.com.cert \

-keyout /etc/openldap/certs/myldap.field.eldernode.com.key \

-days 365

To change the owner and group permissions, type the command below. It allows OpenLDAP to read the files:

chown -R ldap:ldap /etc/openldap/certs

Step 6: Compile and Install

To configure OpenLDAP and use the LDAPS protocol, you must create certs.ldif.

nano certs.ldif

dn: cn=config  changetype: modify  replace: olcTLSCertificateFile  olcTLSCertificateFile: /etc/openldap/certs/myldap.field.eldernode.com.cert

dn: cn=config  changetype: modify  replace: olcTLSCertificateKeyFile  olcTLSCertificateKeyFile: /etc/openldap/certs/myldap.field.eldernode.com.key

And again, you can deploy the configuration:

ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif

You can also test the configuration by running the command below:

slaptest -u

How to setup the OpenLDAP database

When the above steps are passed, you are ready to set up the LDAP database. To start the process, you must copy the sample database configuration file to ‘/var/lib/ldap’ and change the file permissions.

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

chown -R ldap:ldap /var/lib/ldap

And then, add the LDAP schemas.

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

Next, create a base.ldif file for your domain:

nano base.ldif

dn: dc=field,dc=eldernode,dc=com  dc: field  objectClass: top  objectClass: domain

dn: cn=ldapadm,dc=field,dc=eldernode,dc=com  objectClass: organizationalRole  cn: ldapadm  description: LDAP Manager

dn: ou=People,dc=field,dc=eldernode,dc=com  objectClass: organizationalUnit  ou: People

dn: ou=Group,dc=field,dc=eldernode,dc=com  objectClass: organizationalUnit  ou: Group

Once the base.ldif file is ready, run the command below as ldapadm to apply the changes to your OpenLDAP setup.

ldapadd -x -W -D "cn=ldapadm,dc=field,dc=eldernode,dc=com" -f base.ldif

When you are asked, enter the root password. If you prefer to add users, you can use a GUI. Also, you are recommended to 0use Apache Directory Studio or JXplorer for this.

That’s that! LDAP should now have been installed on your CentOS 7 server.

How To Install And Configure LDAP Client On CentOS 8

Continue the steps of this guide to finish the LDAP installation process on CentOS 8.

Step 1: Update System Packages on CentOS 8

To update your system packages, run the following command:

dnf update

Step 2: Install Required Build Tools and Dependencies

Then, you need to install the required dependencies and build tools. To install the number of dependencies and build tools, run:

dnf install cyrus-sasl-devel make libtool autoconf libtool-ltdl-devel openssl-devel libdb-devel tar gcc perl perl-devel wget vim

Step 3: Create OpenLDAP System User

Since the OpenLDAP will run a non-privileged system user, use the command below to create the OpenLDAP system user with a custom user and group id.

useradd -r -M -d /var/lib/openldap -u 55 -s /usr/sbin/nologin ldap

Step 4: Download the OpenLDAP Source Code

VER=2.4.57

wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-$VER.tgz

Step 5: Extract the Source Archive

tar xzf openldap-$VER.tgz

Step 6: Configure and Compile OpenLDAP on CentOS 8

cd openldap-$VER

You can enable or disable various options while building OpenLDAP with configure script.

./configure --prefix=/usr --sysconfdir=/etc --disable-static \

--enable-debug --with-tls=openssl --with-cyrus-sasl --enable-dynamic \

--enable-crypt --enable-spasswd --enable-slapd --enable-modules \

--enable-rlookups --enable-backends=mod --disable-ndb --disable-sql \

--disable-shell --disable-bdb --disable-hdb --enable-overlays=mod

Note: If you need more information about the configuration options, get help:

./configure --help

Once the configuration script is completed with no issues, you will see the following command in the last line.

Please run "make depend" to build dependencies

As you guess, you need to run the make depend command to build OpenLDAP dependencies.

make depend

finally, to compile OpenLDAP on CentOS 8, type:

make

If you prefer to run the test suite to verify OpenLDAPbuild for any errors, type:

make test

Note: Running the above command is optional and may take time.

Step 7: Install and Set Permissions for OpenLDAP

make install

OpenLDAP configuration files are now installed on /etc/openldap.

ls /etc/openldap/  certs ldap.conf ldap.conf.default schema slapd.conf slapd.conf.default slapd.ldif slapd.ldif.default

Step 8: Configure OpenLDAP Directories and File Permissions

mkdir /var/lib/openldap /etc/openldap/slapd.d

Now, you can set the proper ownership and permissions on OpenLDAP directions and configuration files.

chown -R ldap:ldap /var/lib/openldap

chown root:ldap /etc/openldap/slapd.conf

chmod 640 /etc/openldap/slapd.conf

Conclusion

So yeah, setting up an LDAP client on CentOS 7 or 8 isn’t exactly fun but it’s not rocket science either. Once you go through it once or twice, it kinda sticks.

Thing is, not all directory services work the same. Some are just meant for one system like local users on your laptop but others, like LDAP, are made for bigger stuff. Networks. Shared logins. Multiple servers all pulling from the same place.

If that’s the kind of setup you’re going for, LDAP still holds up. It’s old, sure but reliable. And now you’ve got it working. That’s a win.