Configuring LDAP Server On Redhat / Centos 7

LDAP is Opensource  protocol for Directory management and authentication Services Like :

NIS , AD , IPA   :

LDAP  stands for :   LightWeight Directory Access Protocol 


Step  1:   Installing  OpenLdap  

[root@Xpert ~]# yum   install openldap-servers  openldap-clients  openldap migrationtools

 

Step 2:    Configuring  Ldap server  have many steps

       i)    setting  password  
     
        [root@Xpert ~]# slappasswd   -s  redhat  -n   >/etc/openldap/password 


     ii)  Generating  CRT  for certificate file and  Verification


     [root@Xpert ~]# slappasswd   -s  redhat  -n   >/etc/openldap/password

   iii)   Generating  CRT and Private key 



[root@Xpert ~]# openssl req -new -x509 -nodes -out /etc/openldap/certs/cert.pem -keyout /etc/openldap/certs/priv.pem -days 365

Generating a 2048 bit RSA private key
.......................+++
......................+++
writing new private key to '/etc/openldap/certs/priv.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:RAJ
Locality Name (eg, city) [Default City]:JAIPUR
Organization Name (eg, company) [Default Company Ltd]:LWOrganizational Unit Name (eg, section) []:TECH
Common Name (eg, your name or your server's hostname) []:desktop87.example.com
Email Address []:

  iv)      Check the created files  and change the owner and permission


[root@Xpert certs]# cd   /etc/openldap/certs/
[root@Xpert certs]# ls
cert8.db  cert.pem  key3.db  password  priv.pem  secmod.db

[root@Xpert certs]# chown  ldap:ldap  * 

[root@Xpert certs]# chmod   600  priv.pem 


v)    Prepare  Ldap  Database  and  generate  database files 

    [root@Xpert certs]# cp /usr/share/openldap-server/DB_CONFIG.example /var/lib/ldap/DB_CONFIG


[root@Xpert certs]# slaptest  
57ce90a9 hdb_db_open: database "dc=my-domain,dc=com": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
57ce90a9 backend_startup_one (type=hdb, suffix="dc=my-domain,dc=com"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)

Note:   Don't  worry  about  Error


vi)      Change  ownership and group

[root@Xpert certs]# chown  ldap:ldap  /var/lib/ldap/*


Step  3 :     Start  the Service  of  ldap


[root@desktop87 certs]# systemctl  restart  slapd
[root@desktop87 certs]# systemctl  enable  slapdCreated symlink from /etc/systemd/system/multi-user.target.wants/slapd.service to /usr/lib/systemd/system/slapd.service.

Some  Additional and Most  important  steps 

i)    To start   ldap server  add  cosine & nis LDAP   schema.

[root@Xpert certs]# cd   /etc/openldap/schema/
[root@Xpert schema]# 
[root@Xpert schema]# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f cosine.ldif

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"

[root@Xpert schema]# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f nis.ldif

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"

 
ii)    

Then, create the /etc/openldap/changes.ldif file and paste the following lines (replace passwd with the previously created password like {SSHA}qhdZdZY1hCHJrON1OWRpChqIE3YtnZDT

 Note:     This file will look like

[root@Xpert schema]# cat    /etc/openldap/changes.ldif 
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}qhdZdZY1hCHJrON1OWRpChqIE3YtnZDT # previously generated password (see above)

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/cert.pem

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/priv.pem

dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: -1

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=example,dc=com" read by * none
 
iii)   Send  configuration  to Slapd  server

[root@Xpert schema]# ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/openldap/changes.ldif

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "cn=config"

modifying entry "cn=config"

modifying entry "cn=config"

modifying entry "olcDatabase={1}monitor,cn=config"

iv)   Create the /etc/openldap/base.ldif file and paste the following lines:


 This file will look like this

[root@Xpert schema]# cat   /etc/openldap/base.ldif
dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain

dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit

v)  Building  the Structure of  Directory Services 


[root@Xpert schema]# ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f /etc/openldap/base.ldif 


vi) Creating  Users

[root@Xpert schema]# mkdir  /home/guests

[root@Xpert schema]# useradd  -d  /home/guests/ldapuser1   ldapuser1
[root@Xpert schema]# passwd ldapuser1
Changing password for user ldapuser1.
New password: 
BAD PASSWORD: The password is a palindrome
Retype new password: 
passwd: all authentication tokens updated successfully.


Note: you can create no of users 


Account Migration  :

==============


Go to Directory  given below 

 [root@Xpert schema]# cd /usr/share/migrationtools/

[root@Xpert migrationtools]# ls
migrate_aliases.pl              migrate_automount.pl        migrate_networks.pl
migrate_all_netinfo_offline.sh  migrate_base.pl             migrate_passwd.pl
migrate_all_netinfo_online.sh   migrate_common.ph           migrate_profile.pl
migrate_all_nis_offline.sh      migrate_fstab.pl            migrate_protocols.pl
migrate_all_nis_online.sh       migrate_group.pl            migrate_rpc.pl
migrate_all_nisplus_offline.sh  migrate_hosts.pl            migrate_services.pl
migrate_all_nisplus_online.sh   migrate_netgroup_byhost.pl  migrate_slapd_conf.pl
migrate_all_offline.sh          migrate_netgroup_byuser.pl
migrate_all_online.sh           migrate_netgroup.pl


============
Note:   Edit the file  migrate_common.ph   and change  given line 

$DEFAULT_MAIL_DOMAIN = "example.com";
$DEFAULT_BASE = "dc=example,dc=com";

 ============================

[root@Xpert migrationtools]# grep ":10[0-9][0-9]" /etc/passwd > passwd

[root@Xpert migrationtools]# ./migrate_passwd.pl passwd  users.ldif 

[root@Xpert migrationtools]# ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f users.ldif

adding new entry "uid=linux,ou=People,dc=example,dc=com"

adding new entry "uid=me,ou=People,dc=example,dc=com"

adding new entry "uid=you,ou=People,dc=example,dc=com"

adding new entry "uid=cloud,ou=People,dc=example,dc=com"

adding new entry "uid=ldapuser1,ou=People,dc=example,dc=com"

[root@Xpert migrationtools]# grep ":10[0-9][0-9]" /etc/group > group

[root@Xpert migrationtools]#  ./migrate_group.pl group groups.ldif

[root@Xpert migrationtools]# ./migrate_group.pl group groups.ldif

[root@Xpert migrationtools]# ldapadd -x -w redhat -D cn=Manager,dc=example,dc=com -f groups.ldif
 
adding new entry "cn=linux,ou=Group,dc=example,dc=com"

adding new entry "cn=me,ou=Group,dc=example,dc=com"

adding new entry "cn=technical,ou=Group,dc=example,dc=com"

adding new entry "cn=you,ou=Group,dc=example,dc=com"

adding new entry "cn=tech,ou=Group,dc=example,dc=com"

adding new entry "cn=cloud,ou=Group,dc=example,dc=com"

adding new entry "cn=ldapuser1,ou=Group,dc=example,dc=com"

Note: Now  you can create  Ldap CLient  and connect with the users

 

If anyone want to do RHCE Training in Jaipur, please visit on - http://www.rhce.co.in/

Logical Volume Manager

1. Why LVM is required ?

LVM stands for Logical Volume Manager , to resize filesystem’s size online we required LVM partition in Linux. Size of LVM partition can be extended and reduced using the lvextend & lvreduce commands respectively.

 2. Is it possible to increase the logical volume on fly ?

YES

3. How to reduce the logical volume ? is it possible to reduce on fly ?
Answer: No.You can’t reduce the logical volume on fly. Here is the steps to reduce the logical volume on redhat Linux.

•    Un-mount the filesystem
•    Run e2fsck on the volume device
•    Reduce the Filesystem.(resize2fs)
•    Reduce the logical Volume(lvreduce)
•    Mount the filesystem back for production.

4. What are steps to perform in order to increase the logical volume on fly ?

•       Extend the logical volume
•       Increase the Filesystem size
•       Verify the status using df command or lvs command.

5. .How to rename volume Group ? can we rename the VG on fly ? 
Yes. Its possible to rename the volume group on fly.But the mounted volumes will not reflect the same unless you re-mount the volume with new VG name.

Need to update the /etc/fstab with new VG name to mount the volumes across the system reboot.

Linuxworld Informatics pvt. ltd offer RHCE Training. 

RHCE Training in Jaipur

Today most of the companies working on Linux operating system and Linux servers, so the requirement of Red Hat certifications is automatically increase. RHCSA (Red Hat Certified System Administration), RHCE (Red Hat Certified Engineer) and RHCA (Red Hat Certified Architect). RHCSA is a starting/associate level certification, RHCSA certification shows the technical skills of aspirants on live systems and main task are configuration, installation, troubleshooting as well as maintaining.

RHCE is next level of Red Hat certification and passing the RHCSA exam is a requirement for this certification. Red Hat Certified Engineer is the professional levels where the aspirant will get learn advance level troubleshooting and management techniques. In this level one can get a proper insight into the kernel configuration, network configuration, mail services and virtualization. RHCE training provides good level of knowledge to face advance challenges. RHCE certification proves high level of knowledge and is a highly respected and valued qualification. After RHCE certification candidate deserve a better opportunities. 

RHCA is a very high/expert level certification and this focus on expert topics of Linux administration and usage. For RHCA certification you have to clear RHCE certification exam.

LinuxWorld Informatics Pvt. Ltd. is starting Red Hat certification Training for IT Students like B.Tech, B.E, MCA, M.Sc., BCA, B.Sc. etc. We are authentic partner of Red Hat. We offer all the Red Hat certification training and exam like RHCSA, RHCE and RHCA. We have best Red Hat certified instructor. The main advantage of Training program for trainee, they learn and work with practical examples in supervision of experienced experts.

Industrial Training

What more do you need other than getting a chance to polish your skills? Indulge in Linux World for a well-established base when it comes to professional IT. This organization will let you go to another level of academic horizon. The spelling of success will be registered in your dictionary for a long time. This will also make you achieve the best of what the field has to offer in Industrial Training for B. Tech. The knowledge that you gain can be applied in various modern computing industries and will let you explore the horizon. This training ends in a very short span of time, which will leave you with the rest of the time to enjoy your annual vacations.

If you are interested in diving in the pool of knowledge make sure, you have enrolled well in advance. The dates for the summer training are decided keeping in mind the closing date of all the colleges across India. The summer training program focuses on two main aspects that will improve and enhance your experience. They are:

·         Theoretical aspects:

The theoretical knowledge that you have gained in the past should be brushed up and updated. Without that there will be no chance for survival in the industry. This organization makes sure that you have the best of it.

·         Professionalism: 

A professional approach becomes necessary as it gives a chance for you to interact with all the basic possibilities that are necessary for one's sustainability.

The organization provides all the practical knowledge that one need to know when undergoing a training program.

What's more in the bag is that this offers a window for the students to interact with the real world. This will help them in hav9ing a better understanding of what the industry is like from within.

An in-depth knowledge is laid on current business rate and booming technology. This leaves the students to think and rethink on becoming a better technocrat in the future.

The institution plays a pivotal role in providing this. With organizations like Red Hat and Cisco, they have made it possible to tame the industry to their pace.

Make yourself sure of one thing that you have enrolled in an organization that believes in finesse of a subject. The result will be declared by your sustenance in the industry in the long run.

Best Purposes To Switch To Linux

 

1. It Doesn’t Crash

Linux has been time-proven to be a reliable working system. Despite the fact that the personal computer is not a brand new position for Linux, such a lot Linux-primarily based programs have been used as servers and embedded systems. High-visibility Web sites corresponding to Google use Linux-based totally techniques, however you can also to find Linux inside the TiVo set-best box in many livingrooms.
Linux has proved to be so dependable and secure that it is commonly found in devoted firewall and router systems utilized by high-profile companies to protected their networks. For more than ten years, it has no longer been uncommon for Linux systems to run for months or years with no need a single reboot.

2. Viruses Are Few and Some distance Among

Even though it’s conceivable to create a virulent disease to target Linux systems, the design of the system itself makes it very difficult to become infected. A single person may just cause local harm to his or her recordsdata by means of working a virus on his or her gadget; however, this may be an remoted instance somewhat than one thing could unfold out of control.
As well as, virtually all Linux companies be offering free on-line security updates. The overall philosophy of the Linux neighborhood has been to handle possible safety issues earlier than they develop into a problem moderately than hoping the susceptibility will move unnoticed.

3. Nearly Hardware-Unbiased

Linux was once designed and written to be easily moveable to other hardware. For the laptop person, because of this Linux has been and most probably at all times will be the first working system to take advantage of advances in hardware era comparable to AMD’s sixty four-bit processor chips.

4. Freedom of Selection

Linux provides freedom of choice as far as which producer you purchase the device from in addition to which application techniques you need to use. Being able to pick the manufacturer way you have a real choice as far as type of enhance you receive. Being open-supply software, new producers can input the marketplace to handle customer needs.

Number of software methods implies that you can choose the tools that perfect cope with your needs. For instance, three popular phrase processors are available. All three are loose and interoperate with Microsoft Phrase, but each and every offers unique advantages and disadvantages. The same is true of Web browsers.

5. Standards

Linux itself and lots of not unusual programs follow open standards. This means an replace on one system won’t make different programs obsolete.

6. Programs, Packages, Packages

Each Linux distribution comes with loads and possibly thousands of software systems included. This alone can prevent lots of dollars for each and every computer system you configure. Even though this can be a very small subset, imagine that the OpenOffice.org place of business suite is incorporated in addition to the GIMP, a software similar to (and many of us say more able than Adobe Photoshop); Scribus, a document structure software similar to Quark Xpress; Evolution, an e mail device similar to Microsoft’s Outlook Specific; and loads more.

For the more technically prone, development equipment, such as compilers for the C, C++, Ada, Fortran, Pascal and different languages, are integrated as well as Perl, PHP and Python interpreters. Editors and versioning gear are also included on this category.
Whether you might be looking for Instant Messaging clients, backup gear or Internet site construction applications, they most likely are all included within your base Linux distribution.

7. Interoperability

Increasingly computer systems are being hooked up to networks. No gadget could be complete if it didn’t come with equipment to allow it to interoperate with computer systems operating different working systems. Once once more, Linux could be very robust in this area.
Linux includes Samba, software that permits Linux to act as a client on a Microsoft Home windows-primarily based network. In fact, Samba includes server amenities such that that you must run a Linux system because the server for a gaggle of Linux and Home windows-based totally shopper systems.
In addition, Linux contains software to network with Apple networks and Novell’s Netware. NFS, the networking era developed on UNIX techniques also is included.

 

8. It is a Community Relationship, No longer a Consumer Relationship

Other working systems are the products of single vendors. Linux, then again, is brazenly advanced, and this technology is shared amongst vendors. This means you transform part of a community rather than a consumer of a single manufacturer. Additionally, the provider community easily can modify to the wishes of quite a lot of user communities reasonably than spouting a “one size suits all” philosophy.
This means you can select a Linux seller that appears to easiest deal with your wishes and really feel confident that it’s essential to transfer companies at a later time with out shedding your funding–both relating to prices and learning.

9. It’s No longer How Massive Your Processor Is…

As a result of a combination of the inner design of Linux and construction contributions from a various neighborhood, Linux tends to be more frugal in the usage of pc resources. This will likely take place itself in one personal computer system operating faster with Linux than with every other working gadget, however the advantages move a ways beyond that. It is imaginable, for instance, to configure a single Linux machine to act as a terminal server and then use outdated hardware as what are called thin clients.
This server/thin client configuration makes it imaginable for older, much less robust hardware to share the tools of an unmarried tough device thus extending the lifetime of older machines.

10. Linux Is Configurable

Linux is a real multi-consumer working system. Every person will have his or her own particular person configuration all on one computer. This includes the look of the desktop, what icons are displayed, what methods are began robotically whilst the person logs in and even what language the computer is in.

 

If anyone want to learn RHCE Training.Please visit on - LinuxWorld, Jaipur