No Title[an error occurred while processing this directive]
Reference: Cisco: Internetworking Basics
When a user logs in to a Linux system, the username and password combination must be verified, or authenticated, as a valid and active user. A lot of times the information needed to authenticate the user is located on the local system through entries in the /etc/passwd and /etc/shadow files. Another option is to allow the system to defer user authentication to a user database on a remote system like, for example, an LDAP directory. This is a popular option as it allows administrators to centralize username and password information.
In this guide, I will present the steps required to configure authentication for a Linux client through LDAP using Pluggable Authentication Modules (PAM) and Name Service Switch (NSS). The Linux client will be configured to access user information stored in an LDAP directory database such as username, UID number, GID number, home directory, login shell, and other user information that can be used to authenticate to the client system.
An LDAP client machine named ldaptest.idevelopment.info will be configured in this guide to authenticate users through an LDAP server named ldapsrv.idevelopment.info. The example used in this tutorial is based on a clean installation of OpenLDAP Software on the CentOS 6 platform. This tutorial will also work for Red Hat Enterprise Linux 6 and Oracle Linux 6. The LDAP directory used in this guide has been initialized with a base DN of dc=idevelopment,dc=info and organization units People, Group, and Hosts. Obviously, the name of your LDAP server and the base DN will differ and the examples presented in this guide will need to be modified accordingly for you environment.
Refer to the following three tutorials on how to install OpenLDAP Software, initialize the LDAP directory, and then import OS users and groups into the LDAP directory on the server (ldapsrv.idevelopment.info in this guide) on the CentOS 6 platform.
Jeffrey Hunter is an Oracle Certified Professional, Java Development Certified Professional, Author, and an Oracle ACE. Jeff currently works as a Senior Database Administrator for The DBA Zone, Inc. located in Pittsburgh, Pennsylvania. His work includes advanced performance tuning, Java and PL/SQL programming, developing high availability solutions, capacity planning, database security, and physical / logical database design in a UNIX / Linux server environment. Jeff's other interests include mathematical encryption theory, tutoring advanced mathematics, programming language processors (compilers and interpreters) in Java and C, LDAP, writing web-based database administration tools, and of course Linux. He has been a Sr. Database Administrator and Software Engineer for over 20 years and maintains his own website site at: http://www.iDevelopment.info. Jeff graduated from Stanislaus State University in Turlock, California, with a Bachelor's degree in Computer Science and Mathematics.
Copyright (c) 1998-2018 Jeffrey M. Hunter. All rights reserved.
All articles, scripts and material located at the Internet address of http://www.idevelopment.info is the copyright of Jeffrey M. Hunter and is protected under copyright laws of the United States. This document may not be hosted on any other site without my express, prior, written permission. Application to host any of the material elsewhere can be made by contacting me at firstname.lastname@example.org.
I have made every effort and taken great care in making sure that the material included on my web site is technically accurate, but I disclaim any and all responsibility for any loss, damage or destruction of data or any other property which may arise from relying on it. I will in no case be liable for any monetary damages arising from such loss, damage or destruction.
Last modified on
Wednesday, 22-Aug-2012 16:03:16 EDT
Page Count: 3228