vi /etc/hosts

10.235.0.118 ldap1.ldap.com ldap1
10.235.0.119 ldap2.ldap.com ldap2

yum install openldap-servers openldap-clients

slappasswd 

LDAP1:{SSHA}NoqSoGH8cvuoDYK3EGWEhERL2HXXYvBJ

LDAP1

vi chrootpw.ldif

dn:olcDatabase={0}config,cn=config
changetype:modify
add:olcRootPW
olcRootPW:{SSHA}NoqSoGH8cvuoDYK3EGWEhERL2HXXYvBJ

ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif 


vi chdomain.ldif

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=ldap1,dc=com" read by * none

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=ldap,dc=com

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=ldap,dc=com

dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW:{SSHA}NoqSoGH8cvuoDYK3EGWEhERL2HXXYvBJ

dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=Manager,dc=ldap1,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=ldap,dc=com" write by * read

ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif 


vi basedomain.ldif

dn: dc=ldap,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: ldap Domain
dc: ldap

dn: cn=Manager,dc=ldap,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=ldap,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=ldap,dc=com
objectClass: organizationalUnit
ou: Group

ldapadd -x -D cn=Manager,dc=ldap,dc=com -W -f basedomain.ldif


vi /etc/sysconfig/iptables

# ... lines with ACCEPT should be above
-A INPUT -p tcp --dport 389 -j ACCEPT
# .. lines with REJECT should be below

iptables --flush