Feb. 11, 2011, 3:25 a.m.
posted by whitehat
Configuring the LDAP Client
Edit the ldap.conf Configuration File
LDAP clients are configured using the /etc/openldap/ldap.conf file. You need to make sure that the file refers to the LDAP server's IP address for the domain example.com. The file should look like this:
HOST 192.168.1.100 BASE dc=example,dc=com
Edit the /etc/nsswitch File
The /etc/nsswitch.conf file defines the order in which the Linux operating system searches login databases for login information.
You want to configure it to first search its /etc/passwd file. If it doesn't find the user password information there, it goes to the LDAP server. The easiest way set this up is to use the /usr/bin/authconfig command:
The screen should look like this:
[*] Use Shadow Passwords [*] Use MD5 Passwords [*] Use LDAP [ ] Use TLS Server: 192.168.1.100 Base DN: dc=example,dc=com
When finished, look at the /etc/nsswitch.conf file and make sure it has references to LDAP.
Create Home Directories on the LDAP Client
You previously created a user named ldapuser in the group users on server Bigboy. You now need to make sure that this user has a home directory on the LDAP client Smallfry. The example in this section creates the directory and makes ldapuser the owner. As you can see, server Smallfry correctly gets its user information about ldapuser from Bigboy; the chown command doesn't complain about ldapuser not existing in Smallfry's /etc/passwd file.
Check If ldapuser Is Missing from the /etc/passwd File
You can look for ldapuser by searching the /etc/passwd file with the grep command. There should be no response.
[[email protected] tmp]# grep ldapuser /etc/passwd [[email protected] tmp]#
Create the Home Directory for ldapuser on the LDAP Client
In this phase, you create the home directory, copy a BASH login profile file into it, and modify the ownership of the directory and all the files to user ldapuser.
In some cases, you may want to use NFS mounts to provide home directories for your users, which will significantly reduce the need to do this step. The benefits and disadvantages of NFS are covered in Chapter 29, "Remote Disk Access with NFS," and Chapter 30, "Centralized Logins Using NIS," covers using NFS for home directories.
[[email protected] tmp]# mkdir /home/ldapuser [[email protected] tmp]# chmod 700 /home/ldapuser/ [[email protected] tmp]# chown ldapuser:users /home/ldapuser/ [[email protected] tmp]# ll /home total 2 drwx------ 2 ldapuser users 1024 Aug 4 08:05 ldapuser [[email protected] tmp]# [[email protected] tmp]# cp /etc/skel/.* /home/ldapuser/ cp: omitting directory `/etc/skel/.' cp: omitting directory `/etc/skel/..' cp: omitting directory `/etc/skel/.kde' [[email protected] tmp]# chown ldapuser:users /home/ldapuser/.* [[email protected] tmp]#