LDAP Server configuration
In order to test a LDAP client configuration, you will need to configure a LDAP directory service.
The LDAP server is called instructor.example.com in this procedure.
LDAP Client configuration
Install the following packages:
# yum install -y openldap-clients nss-pam-ldapd
Run the authentication menu:
# authconfig-tui
Choose the following options:
- Cache Information - Use LDAP - Use MD5 Passwords - Use Shadow Passwords - Use LDAP Authentication - Local authorization is sufficient
In the LDAP Settings, type:
Use TLS ldap://instructor.example.com dc=example,dc=com
Note: Don’t use TLS if you specify ldaps.
Put the LDAP server certificate into the /etc/openldap/cacerts directory when asked.
Test the connection to the LDAP server (the ldapuser02‘s line of the /etc/passwd file should be displayed):
# getent passwd ldapuser02
You can also use the authconfig command to configure the client side.
NFS server configuration
To get the home directory mounted, you need to configure a NFS server.
The NFS server is called instructor.example.com in the procedure.
Note: it’s not required to have the LDAP server and the NFS server on the same machine, it’s only easier.
Automounter Client configuration
Install the following packages:
# yum install -y autofs nfs-utils
Create a new indirect /etc/auto.guests map and type:
* -rw,nfs4 instructor.example.com:/home/guests/&
Add the following line at the beginning of the /etc/auto.master file:
/home/guests /etc/auto.guests
Start the Automounter daemon and enable it at boot:
# service autofs start && chkconfig autofs on
Test the configuration:
# su - ldapuser02
+ recommend: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-config-autofs-LDAP.html
First let me congrat and thank you for this amazing website, seriously there is nothing like this all over the web, it’s straight and to the point! 🙂
Man I’ve been to RHCSA 7 Exam and I did pass BUT I had a little problem, I did not succeed in getting the ldap client running.
I did add all the above configuration but it did not work, the openldap-client and the nss were already installed.
The only thing am thinking of now, can this be that I have to firewall-cmd and add the service or add-port on the client?
First, congratulation for your success!
Then, concerning the LDAP configuration, there shouldn’t be any requirement to open ports on the LDAP client side as all the flows aren’t coming in but out.
Would it be possible that there were any restrictions at the /etc/hosts.deny level or somewhere else? I sincerely don’t know.
Hi,
Good day,
Thank you for your effort.
I just have a question, What do you mean by this part “Note: Don’t use TLS if you specify ldaps”? Do you mean that I shouldn’t check the “[ ] Use TLS” if I specify the ldap server in the following field “ldap://instructor.example.com” ?
According to my tests (done more than one year ago), you have to make some choices:
– check the Use TLS box and specify the ldap://instructor.example.com url,
– or leave the Use TLS box unchecked and use the ldaps://instructor.example.com url.
But you can’t mix the options or it won’t work!
On this line: * -rw,nfs4 instructor.example.com:/home/guests/&
what does the ampersand signify?
I’m just cuting and pasting the man 5 autofs pages:
The & repeats what the * represented.
Ampersand means “mount point will bear the same name as the remote mount.” The asterisk will be named after whatever the ampersand is named.
If shared resource /resource is mounted on a subdirectory of /mnt of the local host, that subdirectory will be named “resource”.
Hi all, I’m preparing RHCSA exam for next week.
Could you explain me please what is the advantage to use autofs for ldap users although the –enablemkhomedir of authconfig tool allow the creation of the home dir? Thank you
Autofs’s got nothing to do with the creation of the user’s home directory. It’s only a way to transparently mount a remote directory when a user wants to access it. Autofs removes the need for a permanent NFS mount and therefore minimizes the load on the NFS server.
Ok I understand it. But what is the difference with the home dir created during the authentication to the ldap’s user obtained by –enablemkhomedir of authconfig? Thanks
I don’t know. There are perhaps no differences.