https://www.chepkov.com/w/index.php?action=history&feed=atom&title=LDAP_Authentication 2026-04-28T17:21:43Z Revision history for this page on the wiki MediaWiki 1.43.6 https://www.chepkov.com/w/index.php?title=LDAP_Authentication&diff=374&oldid=prev 2009-12-09T01:17:34Z

<p></p> <p><b>New page</b></p><div>* Install required packages<br /> yum install openldap-servers openldap-clients nss_ldap<br /> * generate admin user password<br /> &lt;pre&gt;<br /> [root@centos64 ~]# slappasswd <br /> New password: <br /> Re-enter new password: <br /> {SSHA}KaqRGp1hT8E8s6pqdtyAamWxXxVRODZ9<br /> &lt;/pre&gt;<br /> * update &#039;&#039;&#039;/etc/openldap/slapd.conf&#039;&#039;&#039;<br /> &lt;pre&gt;<br /> database bdb<br /> suffix &quot;dc=chepkov,dc=lan&quot;<br /> rootdn &quot;cn=root,dc=chepkov,dc=lan&quot;<br /> rootpw {SSHA}KaqRGp1hT8E8s6pqdtyAamWxXxVRODZ9<br /> <br /> access to attrs=&quot;userPassword&quot;<br /> by anonymous auth<br /> by self write<br /> by * none<br /> <br /> access to *<br /> by users read<br /> by * none<br /> <br /> &lt;/pre&gt;<br /> <br /> * copy DB_CONFIG in place<br /> &lt;pre&gt;<br /> cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG<br /> chown ldap:ldap /var/lib/ldap/DB_CONFIG<br /> &lt;/pre&gt;<br /> <br /> * start ldap server<br /> chkconfig ldap on<br /> service ldap start<br /> <br /> * edit &#039;&#039;&#039;/usr/share/openldap/migration/migrate_common.ph&#039;&#039;&#039;<br /> &lt;pre&gt;<br /> $DEFAULT_MAIL_DOMAIN = &quot;chepkov.lan&quot;;<br /> $DEFAULT_BASE = &quot;dc=chepkov,dc=lan&quot;;<br /> &lt;/pre&gt;<br /> <br /> * populate basic entries<br /> /usr/share/openldap/migration/migrate_base.pl |ldapadd -x -D &quot;cn=root,dc=chepkov,dc=lan&quot; -W<br /> <br /> * create a user template from root user<br /> grep ^root /etc/passwd | /usr/share/openldap/migration/migrate_passwd.pl - &gt; /tmp/testuser.ldiff<br /> <br /> * edit &#039;&#039;&#039;/tmp/testuser.ldiff&#039;&#039;&#039;:<br /> &lt;pre&gt;<br /> dn: uid=testuser,ou=People,dc=chepkov,dc=lan<br /> uid: testuser<br /> cn: testuser<br /> objectClass: account<br /> objectClass: posixAccount<br /> objectClass: top<br /> objectClass: shadowAccount<br /> userPassword: {crypt}$1$33w5rgPO$bd.N.h6yMRiiCPvRLAJPV.<br /> shadowLastChange: 14481<br /> shadowMax: 99999<br /> shadowWarning: 7<br /> loginShell: /bin/bash<br /> uidNumber: 1000<br /> gidNumber: 100<br /> homeDirectory: /home/testuser<br /> gecos: Test User<br /> <br /> &lt;/pre&gt;<br /> <br /> * Add testuser<br /> ldapadd -x -D &quot;cn=root,dc=chepkov,dc=lan&quot; -W -f /tmp/testuser.ldiff<br /> <br /> * enable pam_ldap<br /> authconfig --update --enableldap --enableldapauth --ldapserver=&quot;centos64.chepkov.lan&quot; \<br /> --ldapbasedn=&quot;dc=chepkov,dc=lan&quot; --enablelocauthorize --enablemkhomedir<br /> <br /> * update /etc/ldap.conf<br /> &lt;pre&gt;<br /> # The distinguished name to bind to the server with<br /> # if the effective user ID is root. Password is<br /> # stored in /etc/ldap.secret (mode 600)<br /> rootbinddn cn=root,dc=chepkov,dc=lan<br /> &lt;/pre&gt;<br /> <br /> * Now you can change testuser password using regular passwd utility<br /> passwd testuser<br /> <br /> * and login as testuser<br /> &lt;pre&gt;<br /> [root@centos64 migration]# ssh testuser@localhost<br /> testuser@localhost&#039;s password: <br /> Creating directory &#039;/home/testuser&#039;.<br /> [testuser@centos64 ~]$ id<br /> uid=1000(testuser) gid=100(users) groups=100(users)<br /> &lt;/pre&gt;<br /> <br /> * Enjoy</div>

Vvc