HPE Community
Operating System - Linux
1821583 Members
3357 Online
109633 Solutions
New Discussion юеВ

Configure user authentication using OpenLDAP on Redhat Linux Enterprise 3

 
yyghp
Super Advisor

тАО05-16-2005 02:08 AM

тАО05-16-2005 02:08 AM

Configure user authentication using OpenLDAP on Redhat Linux Enterprise 3

I am now configuring OpenLDAP on two servers running Redhat Linux Enterprise 3, in order to centralize user management, that is, i don't have to maintain users separately when they change password on one server, like windows PDC-BDC.

I followed "Red Hat Enterprise Linux Reference" guide, details below:
---------------------
Install the Necessary LDAP Package
First, make sure that the appropriate packages are installed on both the LDAP server and the
LDAP client machines. The LDAP server needs the openldap-servers package.
The openldap, openldap-clients, and nss_ldap packages need to be installed on all LDAP
client machines.

Edit the Configuration Files
a. On the server, edit the /etc/openldap/slapd.conf le on the LDAP
server to make sure it matches the speci cs of the organization. Refer to
Section 13.6.1 Editing /etc/openldap/slapd.conf for instructions about editing
slapd.conf.
b. On the client machines, both /etc/ldap.conf and /etc/openldap/ldap.conf need to
contain the proper server and search base information for the organization.
To do this, run the graphical Authentication Con guration Tool
(system-config-authentication) and select Enable LDAP Support under the User
Information tab.
It is also possible to edit these les by hand.
c. On the client machines, the /etc/nsswitch.conf must be edited to use LDAP.
To do this, run the Authentication Configuration Tool
(system-config-authentication) and select Enable LDAP Support under the User
Information tab.
If editing /etc/nsswitch.conf by hand, add ldap to the appropriate lines.
For example:
passwd: files ldap
shadow: files ldap
group: files ldap
---------------------

But after that, I created a new user "test" on ServerA(LDAP server), and try to login ServerB(LDAP client) as "test" ("test" don't have info. on ServerB), but failed to login, seemed it didn't search the authentication from LDAP server (ServerA)...

Do I miss any step(s) ?
How can I troubleshoot this ?
Thanks!
0 Kudos
Reply
5 REPLIES 5
Gopi Sekar
Honored Contributor

тАО05-16-2005 03:17 AM

тАО05-16-2005 03:17 AM

Re: Configure user authentication using OpenLDAP on Redhat Linux Enterprise 3


If i am not mistaken, i think you should have People object group in your LDAP server, which defines all the objects required for login process.

I am not very sure whether you have it enabled. if not add it, define basic settings for user (password, shell, expiry etc). and see whether it works.

Regards,
Gopi
Never Never Never Giveup
0 Kudos
Reply
Johan Bergstr├╢m
Occasional Advisor

тАО05-16-2005 03:21 AM

тАО05-16-2005 03:21 AM

Re: Configure user authentication using OpenLDAP on Redhat Linux Enterprise 3

What "system-config-authentication" probably does is edit the PAM settings for your machine. I've never set this up on a RHEL machine. But look at your /etc/pam.d/login file. PAM needs to be aware of the ldapserver when trying to authenticate a user who is logging into the server.

You should have something like,
sufficient /lib/security/pam_ldap.so

in it. You can also try to add a "debug" after the module name. It should produce debug info in the syslog.

For more info see http://ldots.org/ldap/
0 Kudos
Reply
yyghp
Super Advisor

тАО05-16-2005 03:40 AM

тАО05-16-2005 03:40 AM

Re: Configure user authentication using OpenLDAP on Redhat Linux Enterprise 3

hi Gopi,

Thanks, but I don't think the user information ( including passwords ) are stored in the LDAP database, so I wonder whether I need to add Objects into the db...
0 Kudos
Reply
yyghp
Super Advisor

тАО05-16-2005 03:46 AM

тАО05-16-2005 03:46 AM

Re: Configure user authentication using OpenLDAP on Redhat Linux Enterprise 3

Hi Johan,

Yes, I couldn't find "/lib/security/pam_ldap.so" in the file "/etc/pam.d/login", why the offical redhat reference guide(http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/ch-ldap.html) doesn't mentioned this at all?
I am not familiar with PAM stuff, I worry about changing thing here, which may not be recoverable by myself.
Do you know any complete doc with which someone has successfully setup such environment ?
Thanks!
0 Kudos
Reply
Gopi Sekar
Honored Contributor

тАО05-16-2005 06:06 PM

тАО05-16-2005 06:06 PM

Re: Configure user authentication using OpenLDAP on Redhat Linux Enterprise 3


have you added user in to ldap database? it works like this, you have to add user information like user name, shell, password etc in to LDAP objects (People).

then from the other system you can login as the newly added user in ldap.

to give one line answer: yes, you need to have user information including user id and password into ldap objects so that ldap based authentication will succeed

Gopi
Never Never Never Giveup
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.