LDAP Config on RHEL-like Systems Revision as of Sunday, 20 December 2015 at 19:56 UTC
Client setup
authconfig --enableldap \
--enableldapauth \
--enableldaptls \
--ldapserver='
ldap://directory.example.com/
' \
--ldapbasedn='dc=example,dc=edu' \
--enablemkhomedir \
--enableshadow \
--enablelocauthorize \
--update
From
here.
StartTLS will be enabled for each lookup. The command above modifies
three files:
/etc/nsswitch.conf
/etc/ldap.conf
/etc/openldap/ldap.conf
Problems
Can’t change passwords
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Constraint violation
invalid password syntax - passwords with storage scheme are not allowed
Disable SELinux. Another problem could be that the passwords are
hashed before they’re
sent.
They need to be protected with SSL/TLS and sent in the clear.
Category:Nikhil’s Notes
Category:Installation Logs
Category:From a past sysadmin
life