I’ve been dabbling with Linux for a few months now, and decided it was time to get an official certification. I decided to go for the RHCSA (Red Hat Certified System Administrator) exam, but rather than attending the course, I went for the self-study approach. So I …
- signed up on the Red Hat web site.
- downloaded an evaluation version of Red Hat Enterprise Ver 6.4.
- bought a copy of Michael Jang’s book RHCSA/RHCE Red Hat Linux Certification Study Guide (Sixth Edition).
- put together a 64 bit computer to use as a dev environment to work through the exercises in the book.
I’m not a great fan of exams, but the whole approach of reading the book, then practicing what I’ve just read with some hands on exercises really worked for me. So I went for the exam a few weeks back, and passed ( whoo ! ).
So there are a couple of RHCSA Objectives based around the auto-mounter service and authorisation through an LDAP server. Both subjects are covered in the book, but it’s not possible to get ‘hands on’ without building an LDAP server into the dev environment. And that’s the catch. Connecting to an LDAP server with NFS shares is in the objectives, but building such a server, isn’t.
So I wasted a couple of days Googling LDAP servers, when I should have been studying. I was trying to find an easy way of building an LDAP server that would fit into the environmnet, and match the description provide by the book. I drew a blank.
So now the exam is out of the way, I’ve had another look at the problem, and have come up with a kickstart file which does the job. Building a server from a kickstart file is covered in the objectives, so anyone studying for the exam and wanting to get hands on with an ldap server should be able to build this without too much trouble.
LDAP server build pre-requisites
To build the LDAP server you are going to need…
- 20 GByte hard disk
- Network with a DHCP server – the kickstart file specifies DHCP for the build
- Network with internet access – the kickstart file needs to download the phpldapadmin application during the build
LDAP server Build process:-
The build is fully automated.
LDAP server post build:-
If the build is successful, you will get…
- LDAP Server name = ldap1.example.com
- Minimal OU structure
- CA certificate shared at http://ldap1.example.com/Certificate/slapdcert.pem
- Five test user accounts ldapuser1 through ldapuser5 passwords all set to qwerty
- Web interface at ldap1.example.com/ldapadmin (which is way off topic for the RHCSA)
- Five NFS shares which can be used as home drives for the ldapuser accounts.
Once the server build is complete, it can be moved to any subnet with or without internet access. It’s advisable to assign a static IP to the server.
LDAP client configuration…
This is covered in the book, but watch out for name resolution. The certificates will only work if name resolution has been set up on any client machines. Also don’t forget to open tcp port 389 on the firewall.
So when configuring a client, the settings will look like this…
PHPLDAPADMIN web application…
The admin application can be accessed by browsing to http://ldap1.example.com/ldapadmin.
Logon DN: cn=Manager,dc=example,dc=com
The LDAP server build provides 5 NFS shares. These are intended for use with the Automounter service. The shared directories are …
The following process maps these NFS shares onto the /ldapshare directory at the client. This alows the five LDAP user accounts to map home drives using the automounter service.
|Install the NFS client and automounter service|
|Set automounter to start at boot|
|Create the directory for the automounter service|
|Scroll down to the end of the file and add the following line.
|This will create a new file. Either add the following…
Or, all 5 statements can be compressed into one…
|Start the automounter service|