LDAP Config on RHEL-like Systems

Client setup

authconfig  --enableldap \  
            --enableldapauth \  
            --enableldaptls \  
            --ldapserver=ldap://directory.example.com/ \  
            --ldapbasedn='dc=example,dc=edu' \  
            --enablemkhomedir \  
            --enableshadow \  
            --enablelocauthorize \  

From here. StartTLS will be enabled for each lookup. The command above modifies three files:



Can’t change passwords

New UNIX password:   
Retype new UNIX password:   
LDAP password information update failed: Constraint violation  
invalid password syntax - passwords with storage scheme are not allowed

Disable SELinux. Another problem could be that the passwords are hashed before they’re sent. They need to be protected with SSL/TLS and sent in the clear.