Fedora 35
Sponsored Link

OpenLDAP : Configure LDAP Client2021/11/15

 
Configure LDAP Client in order to share users' accounts in your local networks.
[1] Install OpenLDAP Client.
[root@node01 ~]#
dnf -y install openldap-clients sssd sssd-ldap oddjob-mkhomedir
# switch authentication provider to sssd

[root@node01 ~]#
authselect select sssd with-mkhomedir --force
Profile "sssd" was selected.
The following nsswitch maps are overwritten by the profile:
- passwd
- group
- netgroup
- automount
- services

Make sure that SSSD service is configured and enabled. See SSSD documentation for more information.

- with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module
  is present and oddjobd service is enabled
  - systemctl enable oddjobd.service
  - systemctl start oddjobd.service

[root@node01 ~]#
vi /etc/openldap/ldap.conf
# add to the end : your LDAP server's URL and Suffix

URI ldap://dlp.srv.world/
BASE dc=srv,dc=world
[root@node01 ~]#
vi /etc/sssd/sssd.conf
# create new
# replace [ldap_uri], [ldap_search_base] to your own environment value

[domain/default]
id_provider = ldap
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://dlp.srv.world/
ldap_search_base = dc=srv,dc=world
ldap_id_use_start_tls = True
ldap_tls_cacertdir = /etc/openldap/certs
cache_credentials = True
ldap_tls_reqcert = allow

[sssd]
services = nss, pam, autofs
domains = default

[nss]
homedir_substring = /home

[root@node01 ~]#
chmod 600 /etc/sssd/sssd.conf

[root@node01 ~]#
systemctl restart sssd oddjobd

[root@node01 ~]#
systemctl enable sssd oddjobd

[root@node01 ~]#
logout
Fedora Linux 35 (Server Edition)
Kernel 5.14.10-300.fc35.x86_64 on an x86_64 (ttyS0)

Web console: https://node01.srv.world:9090/ or https://10.0.0.51:9090/

node01 login: redhat      # LDAP user
Password:                 # LDAP password
Creating home directory for redhat.
[redhat@node01 ~]$        # logined

# changing LDAP password is common way with passwd

[redhat@node01 ~]$
Changing password for user redhat.
Current Password:        # current password
New password:            # new password
Retype new password:
passwd: all authentication tokens updated successfully.
Matched Content