## Client setup

    authconfig  --enableldap \
                --enableldapauth \
                --enableldaptls \
                --ldapserver=ldap://directory.example.com/ \
                --ldapbasedn='dc=example,dc=edu' \
                --enablemkhomedir \
                --enableshadow \
                --enablelocauthorize \
                --update

[From here.](http://www.syntaxtechnology.com/2009/09/openldap-on-centos-5-3-part-3-the-client/) StartTLS will be enabled for each lookup. The command above modifies three files:

    /etc/nsswitch.conf
    /etc/ldap.conf
    /etc/openldap/ldap.conf

## Problems

### Can't change passwords

    New UNIX password:
    Retype new UNIX password:
    LDAP password information update failed: Constraint violation
    invalid password syntax - passwords with storage scheme are not allowed

**Disable SELinux**. Another problem could be that the passwords are [hashed before they're sent](http://www.redhat.com/archives/fedora-directory-users/2009-September/msg00051.html). They need to be protected with SSL/TLS and sent in the clear.