Install openLdap client
# yum install openldap-clients
# yum install authconfig
Start text mode utility. (I use it on servers where there are no X Windows Systems.)# authconfig-tui
In first window select User Information (Use LDAP) and Authenication (Use LDAP Authenication) press Next
In second window fill the following:
Server: ldap://ldap1.company.com,ldap://ldap2.company.com
Base DN: dc=example,dc=com
Now you can use LDAP to access the server.
NOTE:Change examlple.com to your LDAP domain
In graphical version (authconfig-gtk) there are third bookmark, where is useful checkmark
Create home directories on the first login.
or
use command
authconfig --enablemkhomedir --updateall
NOTE: If you are using ONLY authorized LDAP connections (or restrict public access to some fields as PASSWORD) you have to modify file /etc/ldap.conf and add LDAP bind account what have at least read access to all necessary LDAP information (password fields for all users for example)
#cat ldap.conf
#
base dc=example,dc=com
uri ldap://ldap1.example.com/ ldap://ldap2.example.com/
ldap_version 3
binddn cn=read-user,dc=example,dc=com
bindpw PASSWORD
rootbinddn cn=read-user,dc=example,dc=com
port 389
timelimit 30
bind_timelimit 5
bind_policy soft
idle_timelimit 30
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_min_uid 1000
pam_max_uid 100000
pam_crypt local
# In this case all accounts have to be stored in OU=systems !!!
nss_base_passwd ou=systems,dc=example,dc=com?one
nss_base_shadow ou=systems,dc=example,dc=com?one
# Groups stored in separate OU=Groups
nss_base_group ou=groups,dc=example,dc=com?one
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
No comments:
Post a Comment