Installing the Fusion Directory LDAP/OpenLDAP frontend onto Centos 6

This is a quick tutorial showing how to install Fusion Directory on Centos 6. Fusion Directory is a PHP powered frontend to an LDAP server, which will be Open-LDAP in this tutorial. Most of the operations will be done on the command line, but the end result will be that same point and click web app experience that people have become used to. This tutorial is very sparse because it is really just a text repository for the tutorial that is on youtube which you can view at:

https://www.youtube.com/watch?v=I-4DggtdKOQ


To start you have to set up Centos on your virtual or real hardware and then update it.

dhclient eth0

yum -y update

yum -y install wget nano screen mc ntsysv system-config-network-tui

nano /etc/hosts
system-config-network
nano /etc/sysctl.conf


----------
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.all.disable_ipv6=1
----------

nano /etc/ssh/sshd_config
ntsysv
reboot && exit


Now openldap has to be installed.

yum -y install epel-release centos-release-scl

yum -y install openldap-servers openldap-clients

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

chown ldap /var/lib/ldap/DB_CONFIG

service slapd start

chkconfig slapd on

slappasswd

nano ch_rootPW.ldif

You need to enter the text between the dashes into this file, but will then also need to change the olcRootPW line to math the output of the slappasswd command.

----------
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}sBYideDtGkB8WZQ3ccJGjLQZkdUQE4Ke
----------

ldapadd -Y EXTERNAL -H ldapi:/// -f ch_rootPW.ldif

nano ch_domainSettings.ldif

The text below then goes into the above file and you can re-use the hash from slappasswd, or generate a new one.

----------
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by   dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=Manager,dc=ldap-radius,dc=localdomain" read by * none

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=ldap-radius,dc=localdomain

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=ldap-radius,dc=localdomain

dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}sBYideDtGkB8WZQ3ccJGjLQZkdUQE4Ke

dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
  dn="cn=Manager,dc=ldap-radius,dc=localdomain" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=ldap-radius,dc=localdomain" write   by * read
----------

ldapmodify -Y EXTERNAL -H ldapi:/// -f ch_domainSettings.ldif


OpenLDAP should now be installed and running, which means it is finally time to install the Fusion Directory.

gpg --keyserver keys.gnupg.net --recv-key 62B4981F

gpg --export -a "Fusiondirectory Archive Manager <contact@fusiondirectory.org>" > FD-archive-key

cp FD-archive-key /etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY

nano /etc/yum.repos.d/fd.repo

The text below then goes into the above file for the Fusion Directory repo

----------
[fusiondirectory]
name=Fusiondirectory Packages for RHEL / CentOS 6
baseurl=http://repos.fusiondirectory.org/rhel6/RPMS
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY

[fusiondirectory-extra]
name=Fusiondirectory Packages for RHEL / CentOS 6
baseurl=http://repos.fusiondirectory.org/rhel6-rpm-extra/RPMS/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-FUSIONDIRECTORY
----------

You should now be ready to install Fusion Directory

yum install -y fusiondirectory

yum install -y fusiondirectory-schema

yum install -y fusiondirectory-selinux

fusiondirectory-insert-schema

service httpd restart


At this point you should now be able to connect to the application at:

http://ip-address/fusiondirectory

where you can then continue the setup.


When you have finished setting things up, by copying the configuration file to "/etc/fusiondirectory", you will probably be surprised to find that it has stopped working. Have no fear, because this is just because of the extra security of SELinux. To get around this you have to allow this directory with these two commands:

chcon -Rv --type=httpd_sys_content_t /etc/fusiondirectory

semanage fcontext -a -t httpd_sys_content_t "/etc/fusiondirectory(/.*)?"

and you should finally be able to add a user, which you can test is working by using this command.

ldapsearch -x -W -D 'uid=jbloggs,ou=people,dc=ldap-radius,dc=localdomain' -b "" -s base


Your directory should now be functioning with you then also being able to add all kinds of extra attributes to your users by installing some of the available plugins.