LDAP

Question 1

Check to see if authconfig is installed

Answer 1

rpm -q authconfig

Question 2

check to see if nss-pam-ldapd is installed

Answer 2

rpm -q nss-pam-ldapd

Question 3

Necessary packages for LDAP auth

Answer 3

yum install authconfig nss-pam-ldapd openldap openldap-clients -y

Question 4

how to see the authconfig options ldap options

Answer 4

authconfig –help | grep ldap

Question 5

What options to use with authconfig

Answer 5

authconfig –enableldap –enableldapauth –ldapserver=ldap://ldap.cert.com –ldapbasedn=”dc=cert,dc=com” –update

Question 6

restart the local LDAP name service

Answer 6

systemctl restart nslcd.service

Question 7

What is the nslcd.service?

Answer 7

nslcd is a daemon that will do LDAP queries for local processes based on a simple configuration file.

Question 8

To create home dir when authenticated with ldap

Answer 8

authconfig –enablemkhomedir –update

Question 9

Check if ldap is working

Answer 9

su - ldap2

Question 10

Configuring LDAP with authconfig-tui

Answer 10

cd /etc/openldap/cacerts

wget ftp://ipa.cert.local/pub/ca.cert

restorecon ca.crt

authconfig-tui

Select:
[ ] Use LDAP
[ ] Use LDAP Authentication
[ ] Local authorization is sufficient

Next
Server: ldap://server.cert.com
Base DN: dc=cert, dc=com

Question 11

Check if none local user is able to auth

Answer 11

getent passwd ldapuser1

Question 12

Ensure that you are able to connect to the LDAP server

Answer 12

add entry to /etc/hosts

192.168.1.2 hostname.cert.com

Question 13

Allow connection with through firewalld

Answer 13

firewall-cmd –permanent –add-service=ldap