LDAP Config on RHEL-like Systems Revision as of Thursday, 28 May 2026 at 13:06 UTC

Client setup

authconfig  --enableldap \
            --enableldapauth \
            --enableldaptls \
            --ldapserver=ldap://directory.example.com/ \
            --ldapbasedn='dc=example,dc=edu' \
            --enablemkhomedir \
            --enableshadow \
            --enablelocauthorize \
            --update

From here. StartTLS will be enabled for each lookup. The command above modifies three files:

/etc/nsswitch.conf
/etc/ldap.conf
/etc/openldap/ldap.conf

Problems

Can’t change passwords

New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Constraint violation
invalid password syntax - passwords with storage scheme are not allowed

Disable SELinux. Another problem could be that the passwords are hashed before they’re sent. They need to be protected with SSL/TLS and sent in the clear.