Edit the file /etc/openldap/ldap.conf
URI ldap://$FQDN_OF_SERVER/ (has to be the same fqdn as in the certificate)
BASE dc=mydomain,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
now edit the /etc/nsswitch.conf file to tell linux where to get the login information from:
passwd: files sss ldap
shadow: files sss ldap
group: files sss ldap
After that run the command authconfig-gtk
Select:
User Account Database: ldap
Ldap base search DN: dc=domain,dc=com
ldap server: FQDN of ldap Server
Check the Box use TLS encryption
Add the correct url which points to the ladpcertificate.pem file. Normally this file is located on a webserver (https://internal.webserver.com/ladpcertificate.pem
Authentication configuration: ldap
If you want to create directly a new home directory for the new user you can go to the advanced tab and check the box “Create Home directories on first login”
reboot
Now you are done with the authentication part.
Hi Laurent,
Can you please let me know which URL I should use for this:
“Enter the url where to get the ladpcertificate.pem file”
Thought this is clear. It is the url to the pem file which usually is on a webserver
which url you mean it confused me
This is the URL to the pem file. You need to have the certificate somewhere (for example on a webserver), where the ldap client can download it.
Hi, thnx a lot for the wonderful tutorial.. i am getting stuck in the validation part of my configuration. I’m running a VM LDAP Server (with settings from your server tutorial) and a VM LDAP Client (with this tutorial).
I’ve followed all the instructions; however, on reboot when i enter the ldap user name and passwd, it shows authentication failure.
Am i missing something?
Thnx in advance.!