CentOS 7
Sponsored Link

OpenLDAP : Configure LDAP Client (AD)2019/02/27

 
Configure LDAP Client for the case LDAP Server is Windows Active Directory.
[1]
[2] Install OpenLDAP Client.
[root@www ~]#
yum -y install openldap-clients nss-pam-ldapd
# ldapserver=(Active Directory's hostname or IP address)

# ldapbasedn="dc=(AD's Suffix)"

[root@www ~]#
authconfig --enableldap \
--enableldapauth \
--ldapserver=fd3s.srv.world \
--ldapbasedn="dc=srv,dc=world" \
--enablemkhomedir \
--update
[root@www ~]#
vi /etc/nslcd.conf
# line 29: add a user's Suffix (the user is for connection user of AD and Linux, you added in [1] section)

binddn cn=ldapusers,cn=Users,dc=srv,dc=world
# line 34: add the password of a user above

bindpw password
# line 107-117: uncomment all

# Mappings for Active Directory
pagesize 1000
referrals off
idle_timelimit 800
filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    passwd uid              sAMAccountName
map    passwd homeDirectory    unixHomeDirectory
map    passwd gecos            displayName
filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    shadow uid              sAMAccountName
map    shadow shadowLastChange pwdLastSet
filter group  (objectClass=group)

[root@www ~]#
systemctl restart nslcd
# verify with an user you added in [1] section on AD

[root@www ~]#
id Serverworld

uid=5000(Serverworld) gid=100(users) groups=100(users)
# login to localhost with the user

[root@www ~]#
ssh Serverworld@localhost

The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:FJ60H2JS8pafTcugLCIAs8Vw3LkGN5lXYJ+ehrHCYmw.
ECDSA key fingerprint is MD5:25:fe:3d:55:e1:29:fb:f1:a9:2b:53:d6:22:06:7e:83.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Serverworld@localhost's password:
Creating directory '/home/Serverworld'.
[Serverworld@www ~]$

[Serverworld@www ~]$ id 
uid=5000(Serverworld) gid=100(users) groups=100(users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Matched Content