LDAP Client Configurations

1. First you need to Install required packages (nscd, openldap, openldap-clients, nss-pam-ldapd)
yum install nscd openldap openldap-clients nss-pam-ldapd

2. Then edit LDAP configuration files /etc/openldap/ldap.conf

HOST 10.141.8.45

BASE dc=infra,dc=sd

URI ldap://10.141.8.45/

TLS_CACERTDIR /etc/openldap/cacerts

SASL_NOCANON on

3. There is multiple ways to do this step either using authconfig-tui or by editing the configuration files
directly.

i. By using authconfig-tui

Figure 1 authconfig-tui Step 1

 Figure 2 authconfig-tui Step 2

ii. By using authconfig command

authconfig --enablecache --enableldap --enablemd5 --enableshadow --

enableldapauth --enablelocauthorize --updateall --disableldaptls --
ldapserver ldap://10.141.8.45 --ldapbasedn dc=infra,dc=sd

iii. By editing the /etc/nsswitch.conf configuration file:

passwd: files sss ldap

shadow: files sss ldap

group: files sss ldap

4. Restart nscd and nslcd services

systemctl stop nscd.service

systemctl start nscd.service

systemctl stop nslcd.service

systemctl start nslcd.service

5. Finally to verify the ldap user is checked from client:

getent passwd m.ayman

 To Automatically Create Home Directory of LDAP User
1. First you need to install package
yum install authconfig oddjob-mkhomedir.x86_64 -y

2. Then you need to enable service

systemctl enable oddjobd.service --now

3. Then you need to edit pam configurations by the following command:

authconfig --enablemkhomedir --updateall

This command will change the following line in /etc/pam.d/password-auth and

/etc/pam.d/system-auth as showing below:

session optional pam_oddjob_mkhomedir.so umask=0077

To backup LDAP client configurations