This assumes you've created a user in LDAP. Let's say you've created user JohnDoe in example.com.
Install the following packages on Red Hat distribution, such as Red Hat, CentOS, or Fedora, that you want to configure to use LDAP authentication.
yum install openldap-clients yum install nss-pam-ldapd
Use the authconfig command to configure your system to use your LDAP server. In this example, LDAP (non-secure is being used), not LDAPS (secured).
authconfig --enableldap --enableldapauth --ldapserver="ldap.example.com" --ldapbasedn="dc=example,dc=com" --update
To reduce complexity, disable SSS as an authentication mechanism.
authconfig --disablesssd --update
The above commands would have updated /etc/nslcd.conf to have the following.
uri ldap://example.com/ base dc=example,dc=com
Ensure the changes have been properly set.
authconfig --test | grep -i ldap nss_ldap is enabled LDAP+TLS is disabled LDAP server = "ldap.example.com" LDAP base DN = "dc=example,dc=com" pam_ldap is enabled LDAP+TLS is disabled LDAP server = "ldap.example.com" LDAP base DN = "dc=example,dc=com" LDAP schema = "rfc2307"
The ldapsearch command can be used to query your LDAP database.
Update /etc/nssswitch.conf to use ldap.
passwd: files ldap group: files ldap shadow: files ldap
The ps command can be used to determine if your system is using init or systemd. If PID 1 is init, then you will use the service command. If PID 1 is systemd, then you will use the systemctl command.
If your system is using systemd, use the systemctl command to restart and enable Name Service LDAP Client Daemon (nslcd).
systemctl enable nslcd systemctl restart nslcd systemctl status nslcd
chkconfig nslcd on service nslcd restart service nslcd status
The getent command can be used to see that you are able to get an LDAP user, but the user is not in the local /etc/passwd or /etc/shadow files.
getent passwd JohnDoe JohnDoe:x:1001:1001:JohnDoe:/home/JohnDoe:/bin/bash getent shadow JohnDoe JohnDoe:*::0:99999:7:::0
You should also be able to authenticate on the client using your LDAP user.
su - JohnDoe
Mount home directory
When switching to JohnDoe on a client PC, the client PC will not have a home directory for John Doe, such as /home/JohnDoe. To resolve this, share /home/JohnDoe on the LDAP server using AutoFS.