Saturday, January 24, 2009

Configuring The LDAP Client

When we have configured our LDAP server properly, we can configure and test the client.

Edit the ldap.conf configuration file

LDAP clients are configured using the /etc/openldap/ldap.conf file. We need to make sure that the file refers to the LDAP server's IP address for the mydomain.com. The file should look like this:

HOST x.x.x.x
BASE dc=mydomain,dc=com

Edit the /etc/nsswitch file

The /etc/nsswitch.conf file defines the order in which the Linux operating system searches login databases for login information.

Here we want to configure it to first search its /etc/passwd file. If it doesn't find the user password information there, it goes to the LDAP server. The easiest way set this up is to use the /usr/bin/authconfig-tui command or using the setup command and there select Authentication Configuration:

  1. Select use LDAP.
  2. Give the LDAP server's IP address, which is x.x.x.x.
  3. Give the base DN as dc=mydomain,dc=com
  4. Do not select TLS.
  5. Use MD5 and shadow passwords.

After finishing the same, once check the details in /etc/nsswitch.conf file and make sure it has references to LDAP.

Create Home Directories On The LDAP Client

Check if ldapuser is Missing From the /etc/passwd file

We can look for ldapuser by searching the /etc/passwd file with the grep command. There should be no response.

# grep ldapuser /etc/passwd
 
Create The Home Directory For ldapuser On The LDAP Client
 # mkdir /home/ldapuser
# chmod 700 /home/ldapuser/
 

No comments: