Configuring Linux LDAP & SSSD

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Follow the process below to get ldap working on Linux

First, Disable the firewall (or configure to allow LDAP traffic).

systemctl disable firewalld
systemctl stop firewalld

/etc/selinux/config
SELINUX=disabled

LDAP configuration

# DC1
echo -n | openssl s_client -connect ldap1.domain.com:1636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/openldap/cacerts/ldap1.pem
echo -n | openssl s_client -connect ldap2.domain.com:1636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/openldap/cacerts/ldap2.pem

# DC2
echo -n | openssl s_client -connect ldap3.domain.com:1636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/openldap/cacerts/ldap3.pem
echo -n | openssl s_client -connect ldap4.domain.com:1636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/openldap/cacerts/ldap4.pem

yum install sssd nss-pam-ldapd.x86_64 openldap-clients

scp solr:/etc/sssd/sssd.conf /etc/sssd/sssd.conf

service sssd start
systemctl enable sssd.service

authconfig --enableldap --enableldapauth --ldapserver=ldaps://ldap1.domain.com:1636/,ldaps://ldap2.domain.com:1636/ --ldapbasedn="o=devtech101.com,dc=subdomian,dc=com" --update

#modify /etc/pam.d/password-auth - change 1000 to 100
auth        requisite     pam_succeed_if.so uid >= 100 quiet_success

# Now Restart 
service sssd start

# Modify /etc/security/access.conf
+ : ALL : LOCAL
+ : root : ALL
+ : @sysadmin-group : ALL
+ : @webapp-group : ALL
-:ALL:ALL

You might also like How to configure SSSD / LDAP on Linux (Oracle big data appliance(BDA))

Leave a Reply

avatar
3000
  Subscribe  
Notify of