How to configure client machine running Centos to authenticate to OpenLDAP

Description

LDAP (Lightweight Directory Access Protocol) allows you to keep information such as authentication credentials stored in one central location. If you have an OpenLDAP server set up, LDAP users can access any client machine that has been configured to authenticate through the OpenLDAP server. For example, users would be able to SSH to a configured client machine using their LDAP credentials. Use the following instructions to configure a Linux Centos client machine.

Instructions

1. Install all of the necessary packages with the following command:

yum -y install openldap openldap-clients nss-pam-ldapd pam_ldap nscd autofs rpcbind nfs-utils 


2. Configure the system authentication resources to know where to look for the LDAP server when a user connects. Run the following command and replace example.com with your domain and dc=example,dc=com with your LDAP domain controller:

authconfig --enableldap --enableldapauth --ldapserver=ldap://ldap.example.com:389/ --ldapbasedn="dc=example,dc=com" \
--enablecache --disablefingerprint --kickstart 


3. Configure nsswitch.conf to automount LDAP so it's accessible when users query it. Locate the following file and open it in a text editor:

  • /etc/nsswitch.conf

Find the automount line and change it to the following:

automount:  files ldap

If the line does not exist, add it to the file as it appears above.

4. Edit autofs to configure automount. Locate the following file and open it in a text editor:

  • /etc/sysconfig/autofs

The file should include the following section. Replace example.com with your domain and dc=example,dc=com with your LDAP domain controller name:

LDAP_URI="ldap://ldap.example.com:389/"
SEARCH_BASE="ou=Maps,dc=example,dc=com"
MAP_OBJECT_CLASS="nisMap"
ENTRY_OBJECT_CLASS="nisObject"
MAP_ATTRIBUTE="nisMapName"
ENTRY_ATTRIBUTE="cn"



5. Restart autofs, nscd, and enable autofs to start at bootup. Use the following commands:

service nscd restart
service autofs restart
chkconfig autofs on



6. Your client machine is now configured to authenticate with the OpenLDAP server.

Note: The client must be able to resolve the domain name to authenticate to LDAP. This article also assumes that the LDAP server has map records under the ou 'Maps'.

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk