Documentation

Configure LDAP Client

Configure LDAP Client in order to share users' accounts in your local networks.

[1] Install OpenLDAP Client.

[root@ns2 ~]# dnf install openldap-clients authselect sssd sssd-ldap oddjob-mkhomedir -y

# swicth authentication provider to sssd
[root@ns2 ~]# authselect select sssd with-mkhomedir --force

Backup stored at /var/lib/authselect/backups/2021-09-30-07-56-06.zy1Pze
Profile "sssd" was selected.
The following nsswitch maps are overwritten by the profile:
- passwd
- group
- netgroup
- automount
- services

Make sure that SSSD service is configured and enabled. See SSSD documentation for more information.

  - with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module
  is present and oddjobd service is enabled
  - systemctl enable oddjobd.service
  - systemctl start oddjobd.service

[root@ns2 ~]# vi /etc/openldap/ldap.conf

# add to the end: your LDAP server's URL and Suffix
URI ldap://ns1.futurelinux.org/
BASE dc=futurelinux,dc=org

[root@ns2 ~]# vi /etc/sssd/sssd.conf

# create new
# replace [ldap_uri], [ldap_search_base] to your own environment value

[domain/default]
id_provider = ldap
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://ns1.futurelinux.org/
ldap_search_base = dc=futurelinux,dc=org
ldap_id_use_start_tls = True
ldap_tls_cacertdir = /etc/openldap/certs
cache_credentials = True
ldap_tls_reqcert = allow

[sssd]
services = nss, pam, autofs
domains = default

[nss]
homedir_substring = /home

[root@ns2 ~]# chmod 600 /etc/sssd/sssd.conf
[root@ns2 ~]# systemctl restart sssd oddjobd
[root@ns2 ~]# systemctl enable sssd oddjobd
Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service β†’ /usr/lib/systemd/system/sssd.service.
Created symlink /etc/systemd/system/multi-user.target.wants/oddjobd.service β†’ /usr/lib/systemd/system/oddjobd.service.
[root@ns2 ~]# exit
logout

Future OS 1 (Tesla)
Kernel 5.10.39-300.fx1.x86_64 on an x86_64 (tty1)

ns2 login: future      # LDAP user
Password:              # password
[future@ns2 ~]$        # just logined

# changing LDAP password is common way with passwd
[future@ns2 ~]$ passwd
Changing password for user future.
Current Password:      # current password
New password:          # new password
Retype new password:
passwd: all authentication tokens updated successfully.