openldap_client_with_tls_centos_6.5
Table of Contents
CentOS 6 - OpenLDAP 2.4 client with TLS
Install packages
yum install pam_ldap nss-pam-ldapd sssd openldap-clients
Configure OpenLDAP client
Import CA root certificate
mkdir -p /etc/openldap/cacerts cp caroot.crt /etc/openldap/cacerts/
Authconfig
authconfig-tui [*] Use LDAP [*] Use Shadow passwords [*] Use LDAP Authentication [*] Local authorization is sufficient [*] Use TLS Server: ldaps://<your server FQDN:636> Base DN: <your DN>
Configure ldap.conf
vi /etc/openldap/ldap.conf URI ldaps://<yourserver FQDN>:636/ BASE <your DN> TLS_CACERTDIR /etc/openldap/cacerts TLS_REQCERT allow
Configure pam_ldap
vi /etc/pam_ldap.conf base <your DN> uri ldaps://<yourserver>:636/ pam_password exop ssl start_tls tls_cacertdir /etc/openldap/cacerts
Configure sssd.conf
vi /etc/sssd/sssd.conf !Configure FQDN server names! ldap_chpass_uri = ldaps://<your ldap server FQDN> [nss] filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
Test
service sssd restart
See if symlink exists in /etc/openldap/cacerts
ldapsearch -x -b "dc=<your DN>" getent passwd <username> getent group <groupname> id -a <username>
Clear the SSSD cache
You can clear the passwd/group cache with
sss_cache -U -G
openldap_client_with_tls_centos_6.5.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1