C7: Need Authconfig Against LDAP
Hi all,
On a C6 box, when I want to enable LDAP authentication, I issue:
# yum -y install nss-pam-ldapd pam_ldap nscd
# authconfig –enableldap –enableldapauth –enablemkhomedir \
–ldapserver=ldap://ldap-blabla/ \
–ldapbasedn=”blabla” \
–enablecache –disablefingerprint \
–kickstart –update
All is working fine, the directory structure is fine and compliant.
What about C7?
As far as I read,
– there is a switch to “sssd”
– I found 1 link:
http://www.certdepot.net/ldap-client-configuration-authconfig/
Is there something in particular I should pay attention for?
Note that I have only GUI-less servers.
Thank you.
2 thoughts on - C7: Need Authconfig Against LDAP
sssd is a hard peace to configure. In C7 it wants absolutely to have an encrypted connection to the LDAP server. Therefore, it must at least have a valid CAcert at disposition. Also, the LDAP server itself must have a valid CAcert (eventually the same as the sssd client) and a valid server-certificate with the Common-Name of the host it runs on.
Follows our /etc/sssd/sssd.conf:
[domain/default]
autofs_provider = ldap cache_credentials = True ldap_search_base = ou=pam-ldap,dc=mydomain,dc=com ldap_user_search_base = ou=people,ou=pam-ldap,dc=mydomain,dc=com ldap_group_search_base = ou=group,ou=pam-ldap,dc=mydomain,dc=com ldap_default_bind_dn = cn=pam-ldap-checker,ou=pam-ldap,dc=mydomain,dc=com ldap_default_authtok = ********
cache_credentials = true enumerate = true id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://casablanca.lan/
ldap_id_use_start_tls = True ldap_tls_cacertdir = /etc/openLDAP/cacerts
[sssd]
services = nss, pam, autofs config_file_version = 2
domains = default
[nss]
[pam]
[sudo]
[autofs]
[ssh]
[pac]
—————————–
Our LDAP servers are all clear text for the moment and there is no short|mid-term plan to bring an encryption.
It’s then a no go for the moment :-(. Thanks.