LDAP Config on RHEL-like Systems Revision as of Sunday, 20 December 2015 at 19:56 UTC

Client setup

 authconfig  --enableldap \
             --enableldapauth \
             --enableldaptls \
             --ldapserver='ldap://directory.example.com/' \
             --ldapbasedn='dc=example,dc=edu' \
             --enablemkhomedir \
             --enableshadow \
             --enablelocauthorize \
             --update

From
here.

StartTLS will be enabled for each lookup. The command above modifies
three files:

 /etc/nsswitch.conf
 /etc/ldap.conf
 /etc/openldap/ldap.conf

Problems

Can’t change passwords

 New UNIX password: 
 Retype new UNIX password: 
 LDAP password information update failed: Constraint violation
 invalid password syntax - passwords with storage scheme are not allowed

Disable SELinux. Another problem could be that the passwords are
hashed before they’re
sent
.
They need to be protected with SSL/TLS and sent in the clear.

Category:Nikhil’s Notes
Category:Installation Logs
Category:From a past sysadmin
life