13.7. Configuring a System to Authenticate Using OpenLDAP
- Install the Necessary LDAP Package
- First, make sure that the appropriate packages are installed on both the LDAP server and the LDAP client machines. The LDAP server needs the
nss_ldappackages need to be installed on all LDAP client machines.
- Edit the Configuration Files
- On the server, edit the
/etc/openldap/slapd.conffile on the LDAP server to make sure it matches the specifics of the organization. Refer to Section 13.6.1, “Editing
/etc/openldap/slapd.conf” for instructions about editing
- On the client machines, both
/etc/openldap/ldap.confneed to contain the proper server and search base information for the organization.To do this, run the graphical Authentication Configuration Tool (
system-config-authentication) and select Enable LDAP Support under the User Information tab.It is also possible to edit these files by hand.
- On the client machines, the
/etc/nsswitch.confmust be edited to use LDAP.To do this, run the Authentication Configuration Tool (
system-config-authentication) and select Enable LDAP Support under the User Information tab.If editing
/etc/nsswitch.confby hand, add
ldapto the appropriate lines.For example:
passwd: files ldap shadow: files ldap group: files ldap
13.7.1. PAM and LDAP
system-config-authentication) and select Enable LDAP Support under the the Authentication tab. For more about configuring PAM, refer to Chapter 16, Pluggable Authentication Modules (PAM) and the PAM man pages.