0

I have been trying to get the users on the LDAP server to get authenticated over centOS 6 clients, but, the client will not accept the passwords of the LDAP users.

I have Ubuntu Systems which successfully does the job, with the basic settings.

How do I enable LDAP users to be able to log-in to the CentOS servers, and also be able to change their LDAP passwords from the CentOS clients?

I have followed the tutorial mentioned on this link http://www.server-world.info/en/note?os=CentOS_6&p=ldap&f=2

and a few more that i found over google.

Vijit Jain
  • 86
  • 3
  • 15
  • Basically what i want to do is, be able to achieve what has been achieved in Ubuntu in the following 2 links http://www.supportsages.com/blog/2012/06/ldap-configuration-for-user-and-group-centralization-on-ubuntu-12-04-lts-part-1/ http://www.supportsages.com/blog/2012/06/ldap-configuration-for-user-and-group-centralization-on-ubuntu-12-04-lts-part-2/ – Vijit Jain Jun 11 '13 at 21:35

2 Answers2

0

Quick reply with a few things to check:

  • Ensure you have proper LDAP server(s) specified. If using FQDN, ensure it properly resolves to LDAP server on the client.
  • Double check LDAP tree suffixes, etc.
  • Check that you are getting proper info via command-line tools from the server
  • Check for proper ports being open on both the client and the server

Also I would recommend using SSL with older LDAPv2 servers (slapd v1.2.x). Or use latest slapd 2.x for LDAPv3 with SSL out of the box.

Swartz
  • 294
  • 5
  • 14
  • i have the LDAP server with proper FQDN - something like dc=example,dc=com... LDAP tree suffixes are proper, I know this, coz i have been able to authenticate Ldap users from Ubuntu Client Systems... on the CentOS system(the one troubling me)- command - id test1 --gives necessary information (test1 is a user on LDAP and not a local client user)... – Vijit Jain Jun 11 '13 at 21:52
  • port 389 is opened, anyways, i have flushed the IPtables on the client and server, so this should not be a problem – Vijit Jain Jun 11 '13 at 21:54
  • i do not want to use SSL, as of now, i just need to get the users working, SSL was not setup on the server, so it would be a hectic issue, considering i will have to setup the server again (which was very difficult in the first place) – Vijit Jain Jun 11 '13 at 21:55
  • Make sure to save the IPtables and restart IPtables just in case. I've been bit by IPtables a few time before even tho I have made the necessary changes to rules. However if you are able to query LDAP from the CentOS client, then firewall isn't the likely reason. Re-check configs. Would be helpful if you posted the settings that you have. Someone might spot the issue. – Swartz Jun 11 '13 at 21:56
  • Use or not use SSL, but be aware that without SSL or some other way of securely sending user credentials, the information may be visible to others. Just a suggestion. Proceed at your own risk. – Swartz Jun 11 '13 at 21:58
  • Check logs for error message on both client and server. These might contain hints. – Swartz Jun 11 '13 at 22:00
  • i will restart the iptables, currently the deployment is on VM's in my laptop, will post the configs, ASAP – Vijit Jain Jun 11 '13 at 22:03
0

After conducting a lot of research, i finally was able to get LDAP installed on CentOS, and make it as my Central Authentication Server.

this is what i did.

#

SERVER

#

yum -y install openldap openldap-clients openldap-servers cyrus nss-pam-ldapd pam_ldap

yum -y install nscd

cd /etc/openldap/slapd.d/cn\=config/

vi olcDatabse*

edited all the olcDatabase files which had dn.base: dc=my-domain,dc=com to dc=example,dc=com

and cnRoot to cn=admin,dc=example,dc=com

slappasswd -h {SHA}

password:

re-type password:

{SHA}htbwnsaklreh=

copy the output and paste it in olcDatabase*bdb.ldif

olcRootPW: {SHA}htbwnsaklreh=

cd /etc/sysconfig

vi ldap

change SLAPD_LDAPS=no to yes

start log for slapd

echo "local4.* /var/log/slapd.log" >> /etc/rsyslog.conf

service rsyslog restart

/etc/init.d slapd start

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

chown -R ldap:ldap /var/lib/ldap/DB_CONFIG

chown -R ldap:ldap /etc/openldap/slapd.d

iptables -A INPUT -m state --state new -m tcp -p tcp --dport 389 -j ACCEPT

#

CLIENT and Tree initialization

#

for the client config, i followed the steps mentioned by Mr. Adrian, in his post on here

http://wiki.centos.org/AdrianHall/CentralizedLDAPAuth

THIS SHOULD HELP YOU SET-UP openLDAP on centOS 6 as well as CentOS6.4, i have tried it on these two versions Personally.

Vijit Jain
  • 86
  • 3
  • 15