What's?
I heard that OpenLDAP is no longer included as standard from CentOS 8.
Let's do some research, including the 389 Directory Server that we use instead.
The Release Notes for Red Hat Enterprise Linux 7.4 states that the OpenLDAP server has been deprecated.
Chapter 39 Deprecated Features
Deprecated features related to Identity Management The following features will be removed or replaced by other components in the future.
OpenLDAP server
In fact, it seems that it is no longer included in RHEL 8 and CentOS 8.
So what should I use if I want to use LDAP? To the story.
What is the support status of the LDAP servers shipped with Red Hat Enterprise Linux?
There seems to be something called 389-ds.
The 389-ds packages provide the core directory services components for Identity Management (IdM) in Red Hat Enterprise Linux and the Red Hat Directory Server (RHDS). The package is not supported as a stand-alone solution to provide LDAP services.
It seems to be offered as part of Red Hat Directory Server, but not standalone.
By the way, the reason why the OpenLDAP server is no longer included is described below.
Starting with Red Hat Enterprise Linux 7.4, the openldap-servers package has been deprecated and will not be included in a future major release of Red Hat Enterprise Linux. There is a variety of open source tools and solutions that provide directory services. With the raise of the adoption of the Identity Management in Red Hat Enterprise Linux (IdM) solution and decline in use of the OpenLDAP server for the enterprise use cases Red Hat made a decision to focus on the technologies that Red Hat historically had deep understanding, expertise and been investing into for more than a decade.
I wanted to know that he decided to focus on the technology that Red Hat understands deeply as the use of OpenLDAP has decreased and the adoption of IdM in RHEL has increased.
IdM seems to be listed in the following document.
Installing Identity Management
Also, the Red Hat Directory Server itself was mentioned.
so. What should I do with CentOS?
It seems that you will be using 389 Directory Server.
First, let's check the current situation.
CentOS 7
For CentOS 7.8.
$ cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
Try searching the repository with ʻopenldap`.
$ yum search openldap
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: ftp.tsukuba.wide.ad.jp
* extras: ftp.tsukuba.wide.ad.jp
* updates: ftp.tsukuba.wide.ad.jp
=========================================================================== N/S matched: openldap ============================================================================
compat-openldap.i686 : OpenLDAP compatibility shared libraries
compat-openldap.x86_64 : OpenLDAP compatibility shared libraries
openldap-servers-sql.x86_64 : SQL support module for OpenLDAP server
openldap.i686 : LDAP support libraries
openldap.x86_64 : LDAP support libraries
openldap-clients.x86_64 : LDAP client utilities
openldap-devel.i686 : LDAP development libraries and header files
openldap-devel.x86_64 : LDAP development libraries and header files
openldap-servers.x86_64 : LDAP server
perl-Mozilla-LDAP.x86_64 : LDAP Perl module that wraps the OpenLDAP C SDK
Name and summary matches only, use "search all" for everything.
$ yum list *openldap*
Failed to set locale, defaulting to C
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.tsukuba.wide.ad.jp
* extras: ftp.tsukuba.wide.ad.jp
* updates: ftp.tsukuba.wide.ad.jp
Installed Packages
openldap.x86_64 2.4.44-21.el7_6 @anaconda
Available Packages
compat-openldap.i686 1:2.3.43-5.el7 base
compat-openldap.x86_64 1:2.3.43-5.el7 base
openldap.i686 2.4.44-21.el7_6 base
openldap-clients.x86_64 2.4.44-21.el7_6 base
openldap-devel.i686 2.4.44-21.el7_6 base
openldap-devel.x86_64 2.4.44-21.el7_6 base
openldap-servers.x86_64 2.4.44-21.el7_6 base
openldap-servers-sql.x86_64 2.4.44-21.el7_6 base
Well, you can find it.
For CentOS 8.2.
$ cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
By the way, in CentOS 8, the yum command is an alias for dnf.
$ ll /usr/bin/yum
lrwxrwxrwx. 1 root root 5 Jul 21 18:46 /usr/bin/yum -> dnf-3
Search the repository with ʻopenldap`.
$ dnf search openldap
Last metadata expiration check: 0:00:18 ago on Tue Oct 27 03:03:31 2020.
======================================================================= Name Exactly Matched: openldap =======================================================================
openldap.x86_64 : LDAP support libraries
openldap.i686 : LDAP support libraries
====================================================================== Name & Summary Matched: openldap ======================================================================
collectd-openldap.x86_64 : OpenLDAP plugin for collectd
=========================================================================== Name Matched: openldap ===========================================================================
openldap-devel.i686 : LDAP development libraries and header files
openldap-devel.x86_64 : LDAP development libraries and header files
openldap-clients.x86_64 : LDAP client utilities
========================================================================= Summary Matched: openldap ==========================================================================
perl-Mozilla-LDAP.x86_64 : LDAP Perl module that wraps the OpenLDAP C SDK
$ dnf list *openldap*
Last metadata expiration check: 0:03:06 ago on Tue Oct 27 03:03:31 2020.
Installed Packages
openldap.x86_64 2.4.46-11.el8_1 @BaseOS
Available Packages
collectd-openldap.x86_64 5.9.0-5.el8 epel
openldap.i686 2.4.46-11.el8_1 BaseOS
openldap-clients.x86_64 2.4.46-11.el8_1 BaseOS
openldap-devel.i686 2.4.46-11.el8_1 BaseOS
openldap-devel.x86_64 2.4.46-11.el8_1 BaseOS
I can find packages for clients and development, but the ʻopenldap-servers` package is missing.
By the way, the OpenLDAP server uses 389 Directory Server, which will be described later, but it seems that the client tools used are those of OpenLDAP.
389 Directory Server seems to be server side only.
389 Directory Server is an open source LDAP server.
It's like a server, so you need a separate client.
Let's install this on CentOS 8.
$ cat /etc/redhat-release
CentOS Linux release 8.2.2004 (Core)
Only the command execution of the package installation is done. This time, I won't do anything more than that.
The download page will tell you how to install it. Sounds like using EPEL.
Download 389 Directory Server / CentOS 8.1+ (ds 1.4.x)
If you search for modules using dnf, you will find AppStream and EPEL.
$ dnf module list 389*
Last metadata expiration check: 0:22:33 ago on Tue Oct 27 03:03:31 2020.
CentOS-8 - AppStream
Name Stream Profiles Summary
389-ds 1.4 389 Directory Server (base)
Extra Packages for Enterprise Linux Modular 8 - x86_64
Name Stream Profiles Summary
389-directory-server stable default [d], legacy, minimal 389 Directory Server
389-directory-server testing default [d], legacy, minimal 389 Directory Server
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
This time, I'll try both.
As of dnf list, nothing about 389 Directory Server can be found.
$ dnf list 389*
Last metadata expiration check: 0:16:49 ago on Tue Oct 27 03:10:34 2020.
Error: No matching Packages to list
Let's look at the list of modules again.
$ dnf module list 389*
Last metadata expiration check: 0:22:33 ago on Tue Oct 27 03:03:31 2020.
CentOS-8 - AppStream
Name Stream Profiles Summary
389-ds 1.4 389 Directory Server (base)
Extra Packages for Enterprise Linux Modular 8 - x86_64
Name Stream Profiles Summary
389-directory-server stable default [d], legacy, minimal 389 Directory Server
389-directory-server testing default [d], legacy, minimal 389 Directory Server
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
Enable this.
389-ds 1.4 389 Directory Server (base)
Enable 389-ds on the module.
$ sudo dnf module enable 389-ds
Then it will appear in the list.
$ dnf list 389*
Last metadata expiration check: 1:20:08 ago on Tue Oct 27 03:03:31 2020.
Available Packages
389-ds-base.x86_64 1.4.2.4-10.module_el8.2.0+489+38ed056a AppStream
389-ds-base-devel.x86_64 1.4.2.4-10.module_el8.2.0+489+38ed056a AppStream
389-ds-base-legacy-tools.x86_64 1.4.2.4-10.module_el8.2.0+489+38ed056a AppStream
389-ds-base-libs.x86_64 1.4.2.4-10.module_el8.2.0+489+38ed056a AppStream
389-ds-base-snmp.x86_64 1.4.2.4-10.module_el8.2.0+489+38ed056a AppStream
It is now valid as a module ([e]).
$ dnf module list 389*
Last metadata expiration check: 1:22:15 ago on Tue Oct 27 03:03:31 2020.
CentOS-8 - AppStream
Name Stream Profiles Summary
389-ds 1.4 [e] 389 Directory Server (base)
Extra Packages for Enterprise Linux Modular 8 - x86_64
Name Stream Profiles Summary
389-directory-server stable [x] default [d], legacy, minimal 389 Directory Server
389-directory-server testing [x] default [d], legacy, minimal 389 Directory Server
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
Install 389-ds-base.
$ sudo dnf install 389-ds-base
Version confirmation.
$ /usr/sbin/ns-slapd --version
389 Project
389-Directory/1.4.2.4 B2020.255.2048
This time, it seems that this is installed.
http://mirror.centos.org/centos/8.2.2004/AppStream/x86_64/os/Packages/
Deleted because confirmation is over.
$ sudo dnf remove 389-ds-base
$ sudo dnf module disable 389-ds
If you want to use EPEL, follow these steps.
Download 389 Directory Server / CentOS 8.1+ (ds 1.4.x)
You can read yum as dnf.
$ sudo dnf module install 389-directory-server:stable/default
It will be enabled as a module at the same time as installation.
$ dnf module list 389*
Last metadata expiration check: 0:36:21 ago on Tue Oct 27 03:03:31 2020.
CentOS-8 - AppStream
Name Stream Profiles Summary
389-ds 1.4 [x] 389 Directory Server (base)
Extra Packages for Enterprise Linux Modular 8 - x86_64
Name Stream Profiles Summary
389-directory-server stable [e] default [d] [i], legacy, minimal 389 Directory Server
389-directory-server testing default [d], legacy, minimal 389 Directory Server
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
Check the version.
$ /usr/sbin/ns-slapd -v
389 Project
389-Directory/1.4.2.16 B2020.217.1124
It seems that this one has been installed.
https://dl.fedoraproject.org/pub/epel/8/Modular/x86_64/Packages/3/
Delete.
$ sudo dnf module remove 389-directory-server:stable/default
With this alone, it seems that it remains enabled as a module.
$ dnf module list 389*
Last metadata expiration check: 0:46:15 ago on Tue Oct 27 03:03:31 2020.
CentOS-8 - AppStream
Name Stream Profiles Summary
389-ds 1.4 [x] 389 Directory Server (base)
Extra Packages for Enterprise Linux Modular 8 - x86_64
Name Stream Profiles Summary
389-directory-server stable [e] default [d], legacy, minimal 389 Directory Server
389-directory-server testing default [d], legacy, minimal 389 Directory Server
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
Leave it as disable.
$ sudo dnf module disable 389-directory-server:stable/default
It's back to normal.
$ dnf module list 389*
Last metadata expiration check: 0:46:37 ago on Tue Oct 27 03:03:31 2020.
CentOS-8 - AppStream
Name Stream Profiles Summary
389-ds 1.4 [x] 389 Directory Server (base)
Extra Packages for Enterprise Linux Modular 8 - x86_64
Name Stream Profiles Summary
389-directory-server stable [x] default [d], legacy, minimal 389 Directory Server
389-directory-server testing [x] default [d], legacy, minimal 389 Directory Server
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
Roughly, I investigated why the OpenLDAP server disappeared from CentOS 8 and how to install the package of 389 Directory Server.