apache config

CONFIGURING APACHE SERVER
————————–
rpm -ivh httpd-* –force –aid
service httpd restart
chkconfig httpd on

ls -R /var/www/html
ls -R /var/www/html
/var/www/html:
html1  html11  index.html

/var/www/html/html1:
html2  index.html

/var/www/html/html1/html2:
html3  index.html

/var/www/html/html1/html2/html3:
index.html

/var/www/html/html11:
index.html

vi /etc/httpd/conf/httpd.conf
<VirtualHost 192.168.0.6>
ServerAdmin root@station6.example.com
DocumentRoot /var/www/html
ServerName station6.example.com
ErrorLog logs/station6.example.com-error_log
CustomLog logs/station6.example.com-access_log common
Alias html /var/www/html
<Directory /var/www/html>
AllowOverride Authconfig
</Directory>
</VirtualHost>

service httpd restart
chkconfig httpd on
open ur browser and say “station6.example.com”
useradd u1
vi /var/www/html/.htaccess
AuthName        “restricted stuff”
AuthType        Basic
AuthUserFile    /etc/httpd/conf/.htpasswd
require         valid-user

touch /etc/httpd/conf/.htpasswd
htpasswd -mc /etc/httpd/conf/.htpasswd u1

HOW TO CONFIGURE IP-BASED VERTUAL HOSTING:

netconfig –device eth0:0
netconfig –device eth0:1

Now eth0(192.168.0.6),eth0:0(192.168.0.20),eth0:1(192.168.0.21).

dhcp

CONFIGURING DHCP with DNS
1- install dhcp* packages
2- service dhcpd restart
3- chkconfig dhcpd on
4- cp /usr/share/doc/dhcp-3.0.1/dhcpd.conf.sample /etc/dhcpd.conf
5- vi /etc/dhcpd.conf
ddns-update-style interim;
ignore client-updates;

subnet 172.24.0.0 netmask 255.255.0.0 {

# — default gateway
option routers                  172.24.254.254;
option subnet-mask              255.255.0.0;

#       option nis-domain               “domain.org”;
option domain-name              “rudra.org”;
option domain-name-servers      172.24.254.254;

option time-offset              -18000; # Eastern Standard Time
#       option ntp-servers              192.168.1.1;
#       option netbios-name-servers     192.168.1.1;
# — Selects point-to-point node (default is hybrid). Don’t change this unless
# — you understand Netbios very well
#       option netbios-node-type 2;

range dynamic-bootp 172.24.0.1 172.24.254.254;
default-lease-time 21600;
max-lease-time 43200;

# we want the nameserver to appear at a fixed address
host test.rudra.org {
next-server test.rudra.org;
hardware ethernet 00:15:E9:3D:29:B0;
fixed-address 172.24.254.254;
}
host st1.rudra.org {
next-server test.rudra.org;
hardware ethernet 00:02:44:7E:9D:3B;
fixed-address 172.24.0.1;
}
}

:wq

6-  service dhcpd restart

BACKUP TOOL

**********HOW TO TAKE BACKUP*******************

1> how to use tar,gzip,gunzip,bzip2,bunzip2,dump,restore,cpio

How To Use dump and restore command to take backup.
***************************************************
steps:
a> create 2 partition let /dev/hda5,/dev/hda6 with ext2 or ext3 file system
b> mount /dev/hda5 on /data,in /data i will be storing my files need to be taken backup.
c> mount it permanently by writing into /etc/fstab file. Make sure in 5th coloumn ur keeping 1 or 2.
d>create some files in side /data
e> unmount /data directory before taking backup.
f>dump -0u -f /dev/hda6 /data ##here 0 for full backup, u for updating information in /etc/dumpdates -f for mantioning device where i want to take backup NOTE: no need to mount it any where.
g> check information in /etc/dumpdates
h> create a directory where u want to restore
i> get inside the directory.
j> restore -rf /dev/hda6

dns server

####################################### The documentation on DNS########################################################
## my domain name is zion.com its network address is 192.168.10.0/255.255.255.0 . It will act as master DNS for this ###
## domain. Its name is ns1.zion.com and Its IP is 192.168.10.254, NETMASK is 255.255.255.0 GATEWAY is 192.168.10.254 NAMESERVER is 192.168.10.254 ###
########################################################################################################################
First install the necessary packages
____________________________________

bindibind{,-chroot,-utils,} ,caching-nameserver,openssl

# yum install bind* cachi*

First make the necessary changes in the machine to make the master server,

1.Edit the /etc/resolv.conf
# vi /etc/resolv.conf
nameserver 192.168.10.254

2.Edit the /etc/hosts
# vi /etc/hosts
127.0.0.1               localhost.localdomain localhost
192.168.10.254       ns1.zion.com

3.Edit the /etc/sysconfig/network
# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=ns1.zion.com

4.Edit the /etc/syconfig/network-script/ifcfg-eth0
# vi /etc/syconfig/network-script/ifcfg-eth0
DEVICE=eth0
HWADDR=00:19:d1:64:19:fb
ONBOOT=yes
TYPE=Ethernet
NETMASK=255.255.255.0
IPADDR=192.168.10.254
GATEWAY=192.168.10.254

5. reload the services
# service network restart

The main configuration file for DNS is domain name server is ::/var/named/chroot/etc/named.conf
# cp /var/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.conf
# chgrp named /var/named/chroot/etc/named.conf
# cat /var/named/chroot/etc/named.conf
########################################################################
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory       “/var/named”;
dump-file       “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
query-source    port 53;
query-source-v6 port 53;
allow-query     { localhost; };
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
view localhost_resolver {
match-clients      { localhost; };
match-destinations { localhost; };
recursion yes;
include “/etc/named.rfc1912.zones”;
};
###########################################################################
change the file to as follow
# cat /var/named/chroot/etc/named.conf
########################################################################
options {
listen-on port 53 { 127.0.0.1; 192.168.10.254; };
directory       “/var/named”;
dump-file       “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
query-source    port 53;
allow-query     { localhost; 192.168.10.0/24; };
};
logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
view localhost_resolver {
match-clients      { localhost; 192.168.10.0/24; };
match-destinations { localhost; 192.168.10.0/24; };
recursion yes;
include “/etc/named.rfc1912.zones”;
};
#############################################################################

# cat /var/named/chroot/etc/named.rfc1912.zones
############################################################################
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localdomain” IN {
type master;
file “localdomain.zone”;
allow-update { none; };
};
zone “localhost” IN {
type master;
file “localhost.zone”;
allow-update { none; };
};
zone “0.0.127.in-addr.arpa” IN {
type master;
file “named.local”;
allow-update { none; };
};
zone “0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {
type master;
file “named.ip6.local”;
allow-update { none; };
};
zone “255.in-addr.arpa” IN {
type master;
file “named.broadcast”;
allow-update { none; };
};
zone “0.in-addr.arpa” IN {
type master;
file “named.zero”;
allow-update { none; };
};
##########################################################################################
# cat /var/named/chroot/etc/named.rfc1912.zones
############################################################################
zone “.” IN {
type hint;
file “named.ca”;
};
zone “localdomain” IN {
type master;
file “localdomain.zone”;
allow-update { none; };
};
zone “localhost” IN {
type master;
file “localhost.zone”;
allow-update { none; };
};
zone “0.0.127.in-addr.arpa” IN {
type master;
file “named.local”;
allow-update { none; };
};
##################
zone “zion.com” IN {
type master;
file “zion.flz”;
};
zone “10.168.192.in-addr.arpa” IN {
type master;
file “zion.rlz”;
};
#################
zone “0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa” IN {
type master;
file “named.ip6.local”;
allow-update { none; };
};
zone “255.in-addr.arpa” IN {
type master;
file “named.broadcast”;
allow-update { none; };
};
zone “0.in-addr.arpa” IN {
type master;
file “named.zero”;
allow-update { none; };
};
##########################################################################################
# cp /var/named/chroot/var/named/localhost.zone /var/named/chroot/var/named/zion.flz
# chgrp named /var/named/chroot/var/named/zion.flz
# cat /var/named/chroot/var/named/zion.flz
#######################################################################################
$TTL    86400
@               IN SOA  @       root (
42              ; serial (d. adams)
3H              ; refresh
15M             ; retry
1W              ; expiry
1D )            ; minimum

IN NS           @
IN A            127.0.0.1
IN AAAA         ::1
##########################################################################################
# cat /var/named/chroot/var/named/zion.flz
#######################################################################################
$TTL    86400
@               IN SOA  @       root (
42              ; serial (d. adams)
3H              ; refresh
15M             ; retry
1W              ; expiry
1D )            ; minimum

IN NS           ns1.zion.com
zion.com.                IN A            192.168.10.254
ns1.zion.com.                        IN A            192.168.10.254
station1.zion.com.                IN A            192.168.10.1
###########################################################################################
# cp /var/named/chroot/var/named/named.local /var/named/chroot/var/named/zion.rlz
# chgrp named /var/named/chroot/var/named/zion.rlz
# cat /var/named/chroot/var/named/zion.rlz
############################################################################################
$TTL    86400
@       IN      SOA     localhost. root.localhost.  (
1997022700 ; Serial
28800      ; Refresh
14400      ; Retry
3600000    ; Expire
86400 )    ; Minimum
IN      NS      localhost.
1       IN      PTR     localhost.
###########################################################################################
# cat /var/named/chroot/var/named/zion.rlz
############################################################################################
$TTL    86400
@       IN      SOA     localhost. root.localhost.  (
1997022700 ; Serial
28800      ; Refresh
14400      ; Retry
3600000    ; Expire
86400 )    ; Minimum
IN      NS      ns1.zion.com.
254       IN      PTR     ns1.zion.com.
1       IN      PTR     station1.zion.com.
###########################################################################################

# chkconfig named on
# service named restart

Check it by dig.
# dig ns1.zion.com
# dig -x 192.168.0.254
#################################### GOOD LUCK ##############################################

firewall script

#!/bin/sh
# Firewall V1.0
##########################################################
#                                                                              #
#                            @@@ IMPORTANT @@@                                 #
#                                                                              #
# This script is to be used as a Secure Firewall. The goal when desiging this  #
# script was to prevent non-trusted traffic INTO the Leadingside Network and   #
# to Restrict access to “work related tasks”. This included the developement   #
# of a Proxy server to Filter packets and block Instant Massaging.             #
#                                                                              #
# I hope that you find this script useful and that you will be able to use it  #
# in your own network environment.                                             #
#                                                                              #
# Please make sure that you read through the README file and understand what   #
# is being done by this script.                                                #
#                                                                              #
#                                                                              #
#                                                                              #
#########################################################
echo “FireWall is getting loaded..”
sleep 2

# IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Blocks External Ping requests
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

# Set an absolute path to IPTABLES and define the interfaces.
# OUTSIDE is the outside or untrusted interface that connects to the Internet
# and INSIDE is, well that ought to be obvious.

IPTABLES=”/sbin/iptables”
OUTSIDE=eth1
INSIDE=eth0

# Other Definitions
EXT_IP=”203.109.93.155″
INT_IP=”192.168.0.254″
MAILSVR=”192.168.0.254″

# Test Machine Definitions
#TEST_PC=”192.168.0.254″
#TEST_HTTP=”8080″
#TEST_HTTPS=”8081″

# Clear out any existing firewall rules, and any chains that might have
# been created.
$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F -t mangle
$IPTABLES -F -t nat
$IPTABLES -t nat -X
$IPTABLES -t mangle -X
$IPTABLES -X

# Set Default Rules
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT

# Begin setting up the rulesets. First define some rule chains to handle
# exception conditions. These chains will receive packets that we aren’t
# willing to pass. Limiters on logging are used so as to not to swamp the
# firewall in a DOS scenario.

# silent       – Just dop the packet
# tcpflags     – Log packets with bad flags, most likely an attack
# firewalled   – Log packets that that we refuse, possibly from an attack

#$IPTABLES -N silent
#$IPTABLES -A silent -j DROP

#$IPTABLES -N tcpflags
#$IPTABLES -A tcpflags -m limit –limit 15/minute -j LOG –log-prefix TCPflags:
#$IPTABLES -A tcpflags -j DROP

#$IPTABLES -N firewalled
#$IPTABLES -A firewalled -m limit –limit 15/minute -j LOG –log-prefix Firewalled:
#$IPTABLES -A firewalled -j DROP

# Use below to enable MASQUERADE eth1
$IPTABLES -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE

# These are all TCP flag combinations that should never, ever, occur in the
# wild. All of these are illegal combinations that are used to attack a box
# in various ways.
#$IPTABLES -A INPUT -p tcp –tcp-flags ALL FIN,URG,PSH -j tcpflags
#$IPTABLES -A INPUT -p tcp –tcp-flags ALL ALL -j tcpflags
#$IPTABLES -A INPUT -p tcp –tcp-flags ALL SYN,RST,ACK,FIN,URG -j tcpflags
#$IPTABLES -A INPUT -p tcp –tcp-flags ALL NONE -j tcpflags
#$IPTABLES -A INPUT -p tcp –tcp-flags SYN,RST SYN,RST -j tcpflags
#$IPTABLES -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j tcpflags

# Allow selected ICMP types and drop the rest.
$IPTABLES -A INPUT -p icmp –icmp-type 0 -j ACCEPT
$IPTABLES -A INPUT -p icmp –icmp-type 3 -j ACCEPT
$IPTABLES -A INPUT -p icmp –icmp-type 11 -j ACCEPT
$IPTABLES -A INPUT -p icmp –icmp-type 8 -m limit –limit 1/second -j ACCEPT
#$IPTABLES -A INPUT -p icmp -j firewalled

# The loopback interface is inheritly trustworthy
$IPTABLES -A INPUT -i lo -j ACCEPT

# Inside Machine are trustworthy
$IPTABLES -A INPUT -i $INSIDE -d $INT_IP -j ACCEPT

# Port forwarding.

# Redirect Traffic for Port 80 to Squid Proxy Server:3128
$IPTABLES -t nat -A PREROUTING -i $INSIDE -p tcp –dport 80 -j REDIRECT –to-port 3128
$IPTABLES -t nat -A PREROUTING -i $INSIDE -p tcp –dport 5000:5100 -j REDIRECT –to-port 3128
$IPTABLES -t nat -A PREROUTING -i $INSIDE -p tcp –dport 80 -j DNAT –to-dest 192.168.0.254:3128

# Redirect External & Internal HTTP on 8080 to Local PC
#$IPTABLES -t nat -A PREROUTING -i $OUTSIDE -p tcp -m tcp –dport $TEST_HTTP -d $EXT_IP -j DNAT –to $TEST_PC:$TEST_HTTP
#$IPTABLES -t nat -A PREROUTING -i $INSIDE -p tcp -m tcp –dport $TEST_HTTP -d $EXT_IP -j DNAT –to $TEST_PC:$TEST_HTTP

# Redirect External & Internal SSH on 8081 to Local PC
#$IPTABLES -t nat -A PREROUTING -i $OUTSIDE -p tcp -m tcp –dport $TEST_HTTPS -j DNAT –to $TEST_PC:$TEST_HTTPS
#$IPTABLES -t nat -A PREROUTING -i $INSIDE -p tcp -m tcp –dport $TEST_HTTPS -j DNAT –to $TEST_PC:$TEST_HTTPS

# Redirect External Emails to Mailserver
$IPTABLES -t nat -A PREROUTING -i $OUTSIDE -p tcp -m tcp –dport 110 -j DNAT –to $MAILSVR:110
$IPTABLES -t nat -A PREROUTING -i $OUTSIDE -p tcp -m tcp –dport 25 -j DNAT –to $MAILSVR:25

# INPUT SETTINGS

# Pop3
$IPTABLES -A INPUT -i $OUTSIDE -d 0/0 -p tcp -m tcp –dport 110 -j ACCEPT
# SMTP
$IPTABLES -A INPUT -i $OUTSIDE -d 0/0 -p tcp -m tcp –dport 25 -j ACCEPT
# SSH
$IPTABLES -A INPUT -i $OUTSIDE -d 0/0 -p tcp –dport 22 -j ACCEPT
$IPTABLES -A INPUT -i $INSIDE -d 0/0 -p tcp –dport 22 -j ACCEPT
$IPTABLES -A INPUT -i $INSIDE -d 0/0 -p udp –dport 514 -j ACCEPT
# HTTP
$IPTABLES -A INPUT -i $OUTSIDE -d 0/0 -p tcp -m tcp –dport 80 -j DROP
$IPTABLES -A INPUT -i $INSIDE -s 0/0 -p tcp -m tcp –dport 5000:5100 -j DROP
$IPTABLES -A INPUT -i $INSIDE -s 0/0 -p tcp -m tcp –dport 1863 -j DROP
$IPTABLES -A INPUT -i $INSIDE -s 0/0 -p udp –dport 123 -j ACCEPT
$IPTABLES -A INPUT -i $INSIDE -s 0/0 -p udp –dport 631 -j ACCEPT
$IPTABLES -A INPUT -i $INSIDE -s 0/0 -p tcp –dport 631 -j ACCEPT
#$IPTABLES -A INPUT -i $INSIDE -s 192.168.0.8 -p tcp -m tcp  –dport 80 -j DROP
# HTTPS
$IPTABLES -A INPUT -i $OUTSIDE -d 0/0 -p tcp -m tcp –dport 443 -j ACCEPT
# TEST PC
#$IPTABLES -A INPUT -i $OUTSIDE -p tcp -m tcp –dport $TEST_HTTP -j ACCEPT
#$IPTABLES -A INPUT -i $OUTSIDE -p tcp -m tcp –dport $TEST_HTTPS -j ACCEPT

# Allow packets that are part of an established connection to pass
# through the firewall. This is required for normal Internet activity
# by inside clients.
$IPTABLES -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT

# Anything that hasn’t already matched gets logged and then dropped.
#$IPTABLES -A INPUT -j firewalled

GHOSTING A MACHINE IN LINUX

GHOSTING A MACHINE IN LINUX

This is a short but potentially extremely handy guide to ghosting one Linux box to another (or simply making a full backup of a desktop/server). ‘topdog

You might have a small office where you customise one desktop just how you like it and need to roll this out to N other PC’s or simply want a backup of a server or desktop to another machine or even to an image file.

The main tool here is netcat which is extremely powerful and has a multitude of other great uses that won’t be covered here.

Target Machine:

** Boot to linux rescue mode with networking (CentOS works fine)

Initiate netcat to listen on port 30 – # nc -l -p <portnumber> | dd of=/dev/sda (assuming the hard drive is sda and not hda):

# nc -l -p 30 | dd of=/dev/sda

Dump the contents of the disk to the target PC – #dd if=/dev/sda | nc <ipaddresstarget> <portnumber>

# dd if=/dev/sda | nc 192.168.0.20 30

Then to check that traffic is flowing, on the source go to another terminal (ALT/F2) and dump the tcp data on the NIC (assuming it’s eth0):

tcpdump -tnli eth0 port 30

If you just want a backup image you could change the above output on the taget to:

# nc -l -p 30 | dd of=mybackup.img

That’s it. Naturally the target PC/disk cannot be smaller than the source:) I hope this saves someone a lot of time.

————————————————————————————————————————————————————————

Assuming you have an ssh server running, which is more secure than opening a port to anyone:

If the target machine or network is the limiting factor:

dd if=/sourcepath/sourcefilename | gzip | ssh user@desthost “dd of=/targetpath/backup.img.gz”

If the source machine is the limiting factor:

dd if=/sourcepath/sourcefilename | ssh user@desthost “gzip > /targetpath/backup.img.gz”

If you are wanting to use netcat, just break up the commands above and use the netcat commands from the original post.

eg

dd if=/sourcepath/sourcefilename | gzip | nc 192.168.0.20 30 if the target or network are the limiting factors

or

nc -l -p 30 | gzip | dd of=mybackup.img.gz

only compress it at one end as compressing something twice is generally little gain over compressing once.

——————————————————————————————————————————————————————-

Checking That Traffic is Flowing

You could always throw in a pv, as in

dd if=/dev/sda | pv | nc 192.168.0.20

pv is a program that graphically displays the progress/status of data going through a pipe. install it and try “pv cat /dev/random > /dev/null”

ldap server config

###############################LDAP SERVER CONFIGURATION######################################
***** Creating a script ldapusers.sh which will create users with required home directory and export it to network *****

# vi ldapusers.sh
#!/bin/bash
mkdir /home/guests
for i in $( seq 1 3 )
do
useradd -u  100$i  -d /home/guests/ldapuser$i -m ldapuser$i
echo “password” | passwd –stdin ldapuser$i
done
cat >> /etc/exports <<EOF
/home/guests    192.168.0.0/255.255.255.0(rw,sync)
EOF
service portmap restart
service nfs restart
exportfs -r

*****  Install openldap, openldap-servers, nss_ldap *****
# yum -y install openldap openldap-servers nss_ldap
2- Edit /etc/openldap/slapd.conf
# vi /etc/openldap/slapd.conf

***** these lines should be modified so that password transfer from server to client will be Transport Layer Security (TLS) *****

TLSCACertificateFile /etc/pki/tls/certs/example-ca.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
security ssf=1 update_ssf=112 simple_bind=64

*****suffix         “dc=my-domain,dc=com” ; should be changed to as bellow *****

suffix          “dc=example,dc=com”

***** Bellow line specifies The root user for LDAP service *****

rootdn          “cn=root,dc=example,dc=com”

***** run a command slappasswd , it will ask password for 2 times . after that it will give encrypted password copy that password to this file as written bellow. *****

rootpw  {SSHA}nvuhTKn+U+Z9l+wnfeVY1ZTM0Lyh0Dr0

*****save the file and exit. then touch the file to suppress warning messege OpenLdap raises while booting. *****

# touch /var/lib/ldap/DB_CONFIG

***** Create LDIF files structure, users and groups *****
*****vi /root/ldif/people.ldif *****
dn: uid=ldapuser1,ou=People,dc=example,dc=com
uid: ldapuser1
cn: LDAP Test User 1
givenName: LDAP Test User
sn: 1
mail: ldapuser1@example.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {SSHA}2RxVB3Cb+JZxqLDD4EucbGKEew9bhXNB
shadowLastChange: 12797
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/guests/ldapuser1
gecos: LDAP Test User 1

dn: uid=ldapuser2,ou=People,dc=example,dc=com
uid: ldapuser2
cn: LDAP Test User 2
givenName: LDAP Test User
sn: 2
mail: ldapuser2@example.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {SSHA}2RxVB3Cb+JZxqLDD4EucbGKEew9bhXNB
shadowLastChange: 12797
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1002
gidNumber: 1002
homeDirectory: /home/guests/ldapuser2
gecos: LDAP Test User 2

dn: uid=ldapuser3,ou=People,dc=example,dc=com
uid: ldapuser3
cn: LDAP Test User 3
givenName: LDAP Test User
sn: 3
mail: ldapuser3@example.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {SSHA}2RxVB3Cb+JZxqLDD4EucbGKEew9bhXNB
shadowLastChange: 12797
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1003
gidNumber: 1003
homeDirectory: /home/guests/ldapuser3
gecos: LDAP Test User 3

***** vi /root/ldif/group.ldif *****
dn: cn=ldapuser1,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser1
userPassword: {crypt}x
gidNumber: 1001

dn: cn=ldapuser2,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser2
userPassword: {crypt}x
gidNumber: 1002

dn: cn=ldapuser3,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: ldapuser3
userPassword: {crypt}x
gidNumber: 1003

***** vi /root/ldif/base.ldif *****
dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Hosts,dc=example,dc=com
ou: Hosts
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Rpc,dc=example,dc=com
ou: Rpc
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Services,dc=example,dc=com
ou: Services
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: nisMapName=netgroup.byuser,dc=example,dc=com
nismapname: netgroup.byuser
objectClass: top
objectClass: nisMap
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Mounts,dc=example,dc=com
ou: Mounts
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Networks,dc=example,dc=com
ou: Networks
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Netgroup,dc=example,dc=com
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Protocols,dc=example,dc=com
ou: Protocols
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Aliases,dc=example,dc=com
ou: Aliases
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: nisMapName=netgroup.byhost,dc=example,dc=com
nismapname: netgroup.byhost
objectClass: top
objectClass: nisMap
objectClass: domainRelatedObject
associatedDomain: example.com

***** Import basic DIT structure, users and groups making an entry from LDIF file to LDAP Directory*****

# slapadd -l /root/ldif/base.ldif
# slapadd -l /root/ldif/people.ldif
# slapadd -l /root/ldif/group.ldif

*** change directories ownership to ldap user because ldap service runs as ldap user not root ***

# chown ldap /var/lib/ldap/*

*** restart service and make sure it starts automatically during booting ***

# service ldap start
# chkconfig ldap on
########################### CLIENT SIDE CONFIGURATION ##########################

************************************GOOD LUCK***********************************
*********************************************************************************************