Configuring the LDAP Client
Now that the LDAP server is configured properly, you can turn your attention to configuring and testing the clients.
Edit the ldap.conf Configuration File
LDAP clients are configured using the /etc/openldap/ldap.conf file. You need to make sure that the file refers to the LDAP server's IP address for the domain example.com. The file should look like this:
HOST 192.168.1.100
BASE dc=example,dc=com
Edit the /etc/nsswitch File
The /etc/nsswitch.conf file defines the order in which the Linux operating system searches login databases for login information.
You want to configure it to first search its /etc/passwd file. If it doesn't find the user password information there, it goes to the LDAP server. The easiest way set this up is to use the /usr/bin/authconfig command:
1. | Run /usr/bin/authconfig.
| 2. | Select LDAP.
| 3. | Give the LDAP server's IP address, which is 192.168.1.100 in this case.
| 4. | Give the base DN as dc[eq]example,dc[eq]com.
| 5. | Do not select TLS.
| 6. | Use MD5 and shadow passwords.
|
The screen should look like this:
[*] Use Shadow Passwords
[*] Use MD5 Passwords
[*] Use LDAP [ ] Use TLS
Server: 192.168.1.100
Base DN: dc=example,dc=com
When finished, look at the /etc/nsswitch.conf file and make sure it has references to LDAP.
Create Home Directories on the LDAP Client
You previously created a user named ldapuser in the group users on server Bigboy. You now need to make sure that this user has a home directory on the LDAP client Smallfry. The example in this section creates the directory and makes ldapuser the owner. As you can see, server Smallfry correctly gets its user information about ldapuser from Bigboy; the chown command doesn't complain about ldapuser not existing in Smallfry's /etc/passwd file.
Check If ldapuser Is Missing from the /etc/passwd File
You can look for ldapuser by searching the /etc/passwd file with the grep command. There should be no response.
[root@smallfry tmp]# grep ldapuser /etc/passwd
[root@smallfry tmp]#
Create the Home Directory for ldapuser on the LDAP Client
In this phase, you create the home directory, copy a BASH login profile file into it, and modify the ownership of the directory and all the files to user ldapuser.
|
If the chown command fails, it is probably because of an incorrect LDAP configuration in which the LDAP client cannot read the user information from the LDAP server.
|
In some cases, you may want to use NFS mounts to provide home directories for your users, which will significantly reduce the need to do this step. The benefits and disadvantages of NFS are covered in Chapter 29, "Remote Disk Access with NFS," and Chapter 30, "Centralized Logins Using NIS," covers using NFS for home directories.
[root@smallfry tmp]# mkdir /home/ldapuser
[root@smallfry tmp]# chmod 700 /home/ldapuser/
[root@smallfry tmp]# chown ldapuser:users /home/ldapuser/
[root@smallfry tmp]# ll /home
total 2
drwx------ 2 ldapuser users 1024 Aug 4 08:05 ldapuser
[root@smallfry tmp]#
[root@smallfry tmp]# cp /etc/skel/.* /home/ldapuser/
cp: omitting directory `/etc/skel/.'
cp: omitting directory `/etc/skel/..'
cp: omitting directory `/etc/skel/.kde'
[root@smallfry tmp]# chown ldapuser:users /home/ldapuser/.*
[root@smallfry tmp]#
Testing
You next need to do basic testing. For details, see what is covered in the "Troubleshooting LDAP Logins" section.
| 