Using CentOS 6.2 and openldap 2.4-23
1) Install packages
#> yum -y install openldap-clients nss-pam-ldapd
2) Configure the ldap.conf configure file
#> vi /etc/openldap/ldap.conf
# add at the last line
# LDAP server's URI
URI ldap:///
# specify Suffix
BASE dc=mycompany,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
3) Configure the nslcd.conf configure file
#> vi /etc/nslcd.conf
# line 131: specify URI, Suffix
uri ldap:///
base dc=mycompany,dc=com
ssl no
tls_cacertdir /etc/openldap/cacerts
4) Configure the pam_ldap.conf configure file
#> vi /etc/pam_ldap.conf
# line 17: make it comment
#host 127.0.0.1
# line 20: specify Suffix
base dc=mycompany,dc=com
# add at the last line
uri ldap:///
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
5) Configure the system-auth configure file
#> vi /etc/pam.d/system-auth
# add like follows
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
# add if you need ( create home directory automatically if it's none )
session optional pam_mkhomedir.so skel=/etc/skel umask=077
6) Configure the msswitch.conf configure file
#> vi /etc/nsswitch.conf
passwd:files ldap# line 33: add
shadow:files ldap# add
group:files ldap
# addnetgroup:ldap
# line 57: change
automount: files ldap
# line 61: change
7) Configure the authconfig configure file
#> vi /etc/sysconfig/authconfig
# line 18: change
USELDAP=yes
8) Add and restart services
#> chkconfig nslcd on
#> shutdown -r now
0 Comments