RHEL6 as LDAP client with ldap authentication

Edit the file /etc/openldap/ldap.conf

URI ldap://$FQDN_OF_SERVER/ (has to be the same fqdn as in the certificate)
BASE dc=mydomain,dc=com
TLS_CACERTDIR /etc/openldap/cacerts

now edit the /etc/nsswitch.conf file to tell linux where to get the login information from:

passwd:     files sss ldap
shadow:     files sss ldap
group:      files sss ldap

After that run the command authconfig-gtk


User Account Database: ldap
Ldap base search DN: dc=domain,dc=com
ldap server: FQDN of ldap Server
Check the Box use TLS encryption
Add the correct url  which points to the ladpcertificate.pem file. Normally this file is located on a webserver (https://internal.webserver.com/ladpcertificate.pem
Authentication configuration: ldap

If you want to create directly a new home directory for the new user you can go to the advanced tab and check the box “Create Home directories on first login”


Now you are done with the authentication part.

6 thoughts on “RHEL6 as LDAP client with ldap authentication”

  1. Pingback: links for 2011-06-01 « MILK4CANDY

  2. Hi Laurent,

    Can you please let me know which URL I should use for this:
    “Enter the url where to get the ladpcertificate.pem file”

    1. This is the URL to the pem file. You need to have the certificate somewhere (for example on a webserver), where the ldap client can download it.

  3. Hi, thnx a lot for the wonderful tutorial.. i am getting stuck in the validation part of my configuration. I’m running a VM LDAP Server (with settings from your server tutorial) and a VM LDAP Client (with this tutorial).
    I’ve followed all the instructions; however, on reboot when i enter the ldap user name and passwd, it shows authentication failure.
    Am i missing something?
    Thnx in advance.!

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.