Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

NOTE: CentOS Enterprise Linux is built from the Red Hat Enterprise Linux source code. Other than logo and name changes CentOS Enterprise Linux is compatible with the equivalent Red Hat version. This document applies equally to both Red Hat and CentOS Enterprise Linux.
Red Hat Enterprise Linux 4: Reference Guide
Prev Chapter 13. Lightweight Directory Access Protocol (LDAP) Next

13.7. Configuring a System to Authenticate Using OpenLDAP

This section provides a brief overview of how to configure OpenLDAP user authentication. Unless you are an OpenLDAP expert, more documentation than is provided here is necessary. Refer to the references provided in Section 13.9 Additional Resources for more information.

Install the Necessary LDAP Package

First, make sure that the appropriate packages are installed on both the LDAP server and the LDAP client machines. The LDAP server needs the openldap-servers package.

The openldap, openldap-clients, and nss_ldap packages need to be installed on all LDAP client machines.

Edit the Configuration Files

  • On the server, edit the /etc/openldap/slapd.conf file on the LDAP server to make sure it matches the specifics of the organization. Refer to Section 13.6.1 Editing /etc/openldap/slapd.conf for instructions about editing slapd.conf.

  • On the client machines, both /etc/ldap.conf and /etc/openldap/ldap.conf need to contain the proper server and search base information for the organization.

    To do this, run the graphical Authentication Configuration Tool (system-config-authentication) and select Enable LDAP Support under the User Information tab.

    It is also possible to edit these files by hand.

  • On the client machines, the /etc/nsswitch.conf must be edited to use LDAP.

    To do this, run the Authentication Configuration Tool (system-config-authentication) and select Enable LDAP Support under the User Information tab.

    If editing /etc/nsswitch.conf by hand, add ldap to the appropriate lines.

    For example:

    passwd: files ldap
shadow: files ldap
group: files ldap

13.7.1. PAM and LDAP

To have standard PAM-enabled applications use LDAP for authentication, run the Authentication Configuration Tool (system-config-authentication) and select Enable LDAP Support under the the Authentication tab. For more about configuring PAM, refer to Chapter 16 Pluggable Authentication Modules (PAM) and the PAM man pages.

13.7.2. Migrating Old Authentication Information to LDAP Format

The /usr/share/openldap/migration/ directory contains a set of shell and Perl scripts for migrating authentication information into an LDAP format.

Note Note
 

Perl must be installed on the system to use these scripts.

First, modify the migrate_common.ph file so that it reflects the correct domain. The default DNS domain should be changed from its default value to something like:

$DEFAULT_MAIL_DOMAIN = "example";

The default base should also be changed, to something like:

$DEFAULT_BASE =
"dc=example,dc=com";

The job of migrating a user database into a format that is LDAP readable falls to a group of migration scripts installed in the same directory. Using Table 13-1, decide which script to run to migrate the user database.

Run the appropriate script based on the existing name service.

The README and the migration-tools.txt files in the /usr/share/openldap/migration/ directory provide more details on how to migrate the information.

Existing name service Is LDAP running? Script to Use
/etc flat files yes migrate_all_online.sh
/etc flat files no migrate_all_offline.sh
NetInfo yes migrate_all_netinfo_online.sh
NetInfo no migrate_all_netinfo_offline.sh
NIS (YP) yes migrate_all_nis_online.sh
NIS (YP) no migrate_all_nis_offline.sh

Table 13-1. LDAP Migration Scripts

Prev Home Next
OpenLDAP Setup Overview Up Migrating Directories from Earlier Releases

 
 
  Published under the terms of the GNU General Public License Design by Interspire