Install an OpenLDAP server on Fedora 35

install-openldap.sh

# Become root
sudo su -

# Install OpenLDAP and our favorite scriptable editor
dnf -y install openldap openldap-servers openldap-clients ed

# Define some parameters for our LDAP directory
BASEDN='dc=example,dc=com'
BINDDN="cn=Manager,$BASEDN"
PASSWD=`slappasswd -s password`

# Inject those parameters into the SLAPD config entries file
ed /usr/share/openldap-servers/slapd.ldif <<EOF
/olcSuffix:/s/.*/olcSuffix: $BASEDN/
/olcRootDN:/s/.*/olcRootDN: $BINDDN/
/olcRootDN:/a
olcRootPW: $PASSWD
.
wq
EOF

# Point local OpenLDAP clients to the local LDAP directory
ed /etc/openldap/ldap.conf <<EOF
/BASE/s.*/BASE $BASEDN/
/URI/s.*/URI ldap://localhost/
wq
EOF

# Fix ownership on OpenLDAP server directories
chown -R ldap:ldap /var/lib/ldap
chown -R ldap:ldap /etc/openldap/*

# Inject SLAPD config entries into the SLAPD database
rm -rf /etc/openldap/slapd.d/*
sudo -u ldap slapadd -F /etc/openldap/slapd.d/ \
    -b cn=config -l /usr/share/openldap-servers/slapd.ldif

# Start the OpenLDAP server (a.k.a. SLAPD)
systemctl start slapd.service

# Create LDAP entries for the Base DN and Bind DN
ldapadd -x -D $BINDDN -w password <<EOF
dn: $BASEDN
objectClass: dcObject
objectClass: organization
dc: example
o: Example
description: Example directory

dn: $BINDDN
objectClass: organizationalRole
cn: Manager
description: Directory Manager
EOF

# Test LDAP search against the local LDAP directory
ldapsearch -D $BINDDN -w password -x '(objectclass=*)' -b $BASEDN

References:

• https://wiki.archlinux.org/title/OpenLDAP
• https://docs.fedoraproject.org/en-US/fedora/f35/system-administrators-guide/servers/Directory_Servers/
• https://serverfault.com/questions/869162/backup-ldap-database
• https://www.openldap.org/doc/admin26/quickstart.html