LDAP: Configure a system to use an existing LDAP directory service for user and group information.

Share this link

LDAP Server configuration

In order to test a LDAP client configuration, you will need to configure a LDAP directory service.
The LDAP server is called instructor.example.com in this procedure.

LDAP Client configuration

Install the following packages:

# yum install -y openldap-clients nss-pam-ldapd

Run the authentication menu:

# authconfig-tui

Choose the following options:

- Cache Information
- Use LDAP
- Use MD5 Passwords
- Use Shadow Passwords
- Use LDAP Authentication
- Local authorization is sufficient

In the LDAP Settings, type:

Use TLS
ldap://instructor.example.com
dc=example,dc=com

Note: Don’t use TLS if you specify ldaps.
Put the LDAP server certificate into the /etc/openldap/cacerts directory when asked.

Test the connection to the LDAP server (the ldapuser02‘s line of the /etc/passwd file should be displayed):

# getent passwd ldapuser02

You can also use the authconfig command to configure the client side.

NFS server configuration

To get the home directory mounted, you need to configure a NFS server.
The NFS server is called instructor.example.com in the procedure.
Note: it’s not required to have the LDAP server and the NFS server on the same machine, it’s only easier.

Automounter Client configuration

Install the following packages:

# yum install -y autofs nfs-utils

Create a new indirect /etc/auto.guests map and type:

* -rw,nfs4 instructor.example.com:/home/guests/&

Add the following line at the beginning of the /etc/auto.master file:

/home/guests /etc/auto.guests

Start the Automounter daemon and enable it at boot:

# service autofs start && chkconfig autofs on

Test the configuration:

# su - ldapuser02
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 4.00 out of 5)
Loading...

Leave a Reply

8 Comments on "LDAP: Configure a system to use an existing LDAP directory service for user and group information."

Notify of
Sort by:   newest | oldest
Shikaz
Member
Shikaz

First let me congrat and thank you for this amazing website, seriously there is nothing like this all over the web, it’s straight and to the point! 🙂

Man I’ve been to RHCSA 7 Exam and I did pass BUT I had a little problem, I did not succeed in getting the ldap client running.

I did add all the above configuration but it did not work, the openldap-client and the nss were already installed.

The only thing am thinking of now, can this be that I have to firewall-cmd and add the service or add-port on the client?

Abdelrahman
Member
Abdelrahman

Hi,
Good day,

Thank you for your effort.
I just have a question, What do you mean by this part “Note: Don’t use TLS if you specify ldaps”? Do you mean that I shouldn’t check the “[ ] Use TLS” if I specify the ldap server in the following field “ldap://instructor.example.com” ?

bos1234
Member
bos1234

On this line: * -rw,nfs4 instructor.example.com:/home/guests/&

what does the ampersand signify?

Gjorgi
Member
Gjorgi

Ampersand means “mount point will bear the same name as the remote mount.” The asterisk will be named after whatever the ampersand is named.
If shared resource /resource is mounted on a subdirectory of /mnt of the local host, that subdirectory will be named “resource”.

wpDiscuz

RHCSA7: Task of the day

Allowed time: 10 minutes.
Archive and compress the content of the /opt directory (create files if none exists).
Uncompress and unarchive the resulting file in /root

RHCE7: Task of the day

Allowed time: 10 minutes.
Configure a system to forward all email to a central mail server at 192.168.1.1 (change the IP address accordingly).

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...