Introduction
In this tutorial, We are going to configure LDAP client to get authenticated from LDAP server. So our LDAP server will act as a centralize authentication server. Users which are present on the LDAP server will get authenticated from client. We will use sssd service for making this configuration work.
For LDAP server Configuration check : Openldap Server Configuration RHEL/Centos7
1) Package installation:
~]# yum install -y openldap-clients sssd nss-pam-ldapd
i) openldap-clients contains openldap client packages.
ii) sssd is the System security services daemon.
iii) nss-pam-ldapd is implementation of nss and pam for ldap which installs require libraries for client.
2) Configuration:
To configure ldap client we will use authconfig utility.
Run above command which will do necessary configuration required for sssd and will start sssd service daemon.
i) enablelocauthorize: directive will allow you to login if your LDAP server goes down.
ii) enablerfc2307bis: is schema varient which recognizes uniquember as the attribute for storing group member dns.
iii) enablemkhomedir and enablecachecreds are not mandatory but it will create home directories on first logon and it will help for avoid consequences of periodic network issues respectively,
Verify above configuration in the /etc/openldap/ldap.conf file. Make sure to have entry in host file of the ldap server. Also, enable sssd services to start after reboot every time.
~]# getent passwd test2
Above test2 user is not exist locally but it present on ldap server. After running above command it will fetch the user info from ldap server.
You can login with user test2 which is not present on client but on ldap server.So your centralize authentication through LDAP is working.
In our next LDAP tutorial we will use phpldapadmin for managing LDAP server.
Comments
Post a Comment