13.7. Configuring a System to Authenticate Using OpenLDAP
This section provides a brief overview of how to configure OpenLDAP user authentication. Unless you are an OpenLDAP expert, more documentation than is provided here is necessary. Refer to the references provided in Section 13.9, “Additional Resources” for more information.
- Install the Necessary LDAP Package
- First, make sure that the appropriate packages are installed on both the LDAP server and the LDAP client machines. The LDAP server needs the
openldap-servers
package.Theopenldap
,openldap-clients
, andnss_ldap
packages need to be installed on all LDAP client machines. - Edit the Configuration Files
- On the server, edit the
/etc/openldap/slapd.conf
file on the LDAP server to make sure it matches the specifics of the organization. Refer to Section 13.6.1, “Editing/etc/openldap/slapd.conf
” for instructions about editingslapd.conf
. - On the client machines, both
/etc/ldap.conf
and/etc/openldap/ldap.conf
need to contain the proper server and search base information for the organization.To do this, run the graphical Authentication Configuration Tool (system-config-authentication
) and select Enable LDAP Support under the User Information tab.It is also possible to edit these files by hand. - On the client machines, the
/etc/nsswitch.conf
must be edited to use LDAP.To do this, run the Authentication Configuration Tool (system-config-authentication
) and select Enable LDAP Support under the User Information tab.If editing/etc/nsswitch.conf
by hand, addldap
to the appropriate lines.For example:passwd: files ldap shadow: files ldap group: files ldap
13.7.1. PAM and LDAP
To have standard PAM-enabled applications use LDAP for authentication, run the Authentication Configuration Tool (
system-config-authentication
) and select Enable LDAP Support under the the Authentication tab. For more about configuring PAM, refer to Chapter 16, Pluggable Authentication Modules (PAM) and the PAM man pages.