Configuring the LDAP Client





Configuring the LDAP Client

Now that the LDAP server is configured properly, you can turn your attention to configuring and testing the clients.

Edit the ldap.conf Configuration File

LDAP clients are configured using the /etc/openldap/ldap.conf file. You need to make sure that the file refers to the LDAP server's IP address for the domain example.com. The file should look like this:

     HOST 192.168.1.100
     BASE dc=example,dc=com

Edit the /etc/nsswitch File

The /etc/nsswitch.conf file defines the order in which the Linux operating system searches login databases for login information.

You want to configure it to first search its /etc/passwd file. If it doesn't find the user password information there, it goes to the LDAP server. The easiest way set this up is to use the /usr/bin/authconfig command:

1.
Run /usr/bin/authconfig.

2.
Select LDAP.

3.
Give the LDAP server's IP address, which is 192.168.1.100 in this case.

4.
Give the base DN as dc[eq]example,dc[eq]com.

5.
Do not select TLS.

6.
Use MD5 and shadow passwords.

The screen should look like this:

     [*] Use Shadow Passwords
     [*] Use MD5 Passwords
     [*] Use LDAP                    [ ] Use TLS
                             Server: 192.168.1.100
                            Base DN: dc=example,dc=com

When finished, look at the /etc/nsswitch.conf file and make sure it has references to LDAP.

Create Home Directories on the LDAP Client

You previously created a user named ldapuser in the group users on server Bigboy. You now need to make sure that this user has a home directory on the LDAP client Smallfry. The example in this section creates the directory and makes ldapuser the owner. As you can see, server Smallfry correctly gets its user information about ldapuser from Bigboy; the chown command doesn't complain about ldapuser not existing in Smallfry's /etc/passwd file.

Check If ldapuser Is Missing from the /etc/passwd File

You can look for ldapuser by searching the /etc/passwd file with the grep command. There should be no response.

     [[email protected] tmp]# grep ldapuser /etc/passwd
     [[email protected] tmp]#

Create the Home Directory for ldapuser on the LDAP Client

In this phase, you create the home directory, copy a BASH login profile file into it, and modify the ownership of the directory and all the files to user ldapuser.

Tip

If the chown command fails, it is probably because of an incorrect LDAP configuration in which the LDAP client cannot read the user information from the LDAP server.


In some cases, you may want to use NFS mounts to provide home directories for your users, which will significantly reduce the need to do this step. The benefits and disadvantages of NFS are covered in Chapter 29, "Remote Disk Access with NFS," and Chapter 30, "Centralized Logins Using NIS," covers using NFS for home directories.

     [[email protected] tmp]# mkdir /home/ldapuser
     [[email protected] tmp]# chmod 700 /home/ldapuser/
     [[email protected] tmp]# chown ldapuser:users /home/ldapuser/
     [[email protected] tmp]# ll /home
     total 2
     drwx------    2 ldapuser users        1024 Aug 4 08:05 ldapuser
     [[email protected] tmp]#
     [[email protected] tmp]# cp /etc/skel/.* /home/ldapuser/
     cp: omitting directory `/etc/skel/.'
     cp: omitting directory `/etc/skel/..'
     cp: omitting directory `/etc/skel/.kde'
     [[email protected] tmp]# chown ldapuser:users /home/ldapuser/.*
     [[email protected] tmp]#

Testing

You next need to do basic testing. For details, see what is covered in the "Troubleshooting LDAP Logins" section.


     Python   SQL   Java   php   Perl 
     game development   web development   internet   *nix   graphics   hardware 
     telecommunications   C++ 
     Flash   Active Directory   Windows