Configure a Red Hat Linux system to use LDAP authentication

Home > Search
  by

Install the following packages on Red Hat distribution, such as Red Hat, CentOS, or Fedora, that you want to configure to use LDAP authentication.

~]# yum install openldap-clients
~]# yum install nss-pam-ldapd

 

Use the authconfig command to configure your system to use your LDAP server. This will add dc=example,dc=com to /var/lib/authconfig/last/nslcd.conf. If you make a typo, edit the nslcd.conf, and correct the base DN.

Note: If the LDAP server is using TLS encryption, ensure the ldap server URL is ldaps.

~]# authconfig --enableldap --enableldapauth --ldapserver="ldap.example.com" --ldapbasedn="dc=example,dc=com" --update

 

If the LDAP server is using TLS encryption, enable TLS.

~]# authconfig --enableldaptls --update

 

Ensure the changes have been properly set.

~]# authconfig --test | grep -i ldap
nss_ldap is enabled
 LDAP+TLS is disabled
 LDAP server = "ldap.example.com"
 LDAP base DN = "dc=example,dc=com"

 

Ensure LDAP port 389 is open in iptables or firewalld

You should now be able to query your LDAP database. 

~]# ldapsearch -x
dn: uid=JohnDoe,ou=People,dc=example,dc=com
uid: JohnDoe
cd: JohnDoe
sn: JohnDoe
. . .

 

Ensure "ldap" is listed in the /etc/nssswitch.conf file.

~]# cat /etc/nsswitch.conf | grep ldap
passwd: files ldap sss
group: files ldap sss
shadow: files ldap sss

 

Restart and enable the Name Service LDAP Client Daemon (nslcd).

~]# systemctl restart nslcd
~]# systemctl enable nslcd

 

The getent command can be used to see that you are able to get an LDAP user, but the user is not in the local /etc/passwd file.

~]# getent passwd JohnDoe
JohnDoe:x:1001:1001:JohnDoe:/home/JohnDoe:/bin/bash

 

You should also be able to authenticate on the client using your LDAP user.

~]# su - JohnDoe

 


Mount home directory

When switching to JohnDoe on a client PC, the client PC will not have a home directory for John Doe, such as /home/JohnDoe. To resolve this, share /home/JohnDoe on the LDAP server using AutoFS.



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments