28.7. Configuring a System to Authenticate Using OpenLDAP
First, make sure that the appropriate packages are installed on both the LDAP server and the LDAP client machines. The LDAP server needs the
nss_ldappackages need to be installed on all LDAP client machines.
- On the server, edit the
/etc/openldap/slapd.conffile on the LDAP server to make sure it matches the specifics of the organization. Refer to Section 28.6.1, “Editing
/etc/openldap/slapd.conf” for instructions about editing
- On the client machines, both
/etc/openldap/ldap.confneed to contain the proper server and search base information for the organization.To do this, run the graphical Authentication Configuration Tool (
system-config-authentication) and select Enable LDAP Support under the User Information tab.It is also possible to edit these files by hand.
- On the client machines, the
/etc/nsswitch.confmust be edited to use LDAP.To do this, run the Authentication Configuration Tool (
system-config-authentication) and select Enable LDAP Support under the User Information tab.If editing
/etc/nsswitch.confby hand, add
ldapto the appropriate lines.For example:
passwd: files ldap shadow: files ldap group: files ldap
28.7.1. PAM and LDAP
system-config-authentication) and select Enable LDAP Support under the Authentication tab. For more about configuring PAM, refer to Section 48.4, “Pluggable Authentication Modules (PAM)” and the PAM man pages.
28.7.2. Migrating Old Authentication Information to LDAP Format
/usr/share/openldap/migration/directory contains a set of shell and Perl scripts for migrating authentication information into an LDAP format.
migrate_common.phfile so that it reflects the correct domain. The default DNS domain should be changed from its default value to something like:
$DEFAULT_MAIL_DOMAIN = "example";
$DEFAULT_BASE = "dc=example,dc=com";
migration-tools.txtfiles in the
/usr/share/openldap/migration/directory provide more details on how to migrate the information.
Table 28.1. LDAP Migration Scripts
|Existing name service||Is LDAP running?||Script to Use|
| ||yes|| |
| ||no|| |
|NIS (YP)||yes|| |
|NIS (YP)||no|| |