An LDAP server like the 389 Directory Server and OpenLDAP can be used to centralize the users and authentication information. This articles describes how to use LDAP based authentication in Red Hat Enterprise Linux 5 or CentOS 5.
The attributes below are required to be filled up to be able to use LDAP authentication.
- uid – User name
- userPassword – User password
- uidNumber – UID
- gidNumber – GID
- homeDirectory – Home directory
- loginShell – Login shell
If you are using Fedora Directory Server, it has a great GUI tool for managing the required Posix attributes.Setup Authentication
1. Click System, select Administration and click Authentication. This will launch the Authentication Configuration window.
2. Check Enable LDAP Support and click the Configure LDAP button.
3. Fill in the LDAP Search Base DN and LDAP Server fields. Click Ok when you are done.
4. Click the Authentications tab and check Enable LDAP Support.
5. Click the Options tab and check Local authorization is sufficient for local users and Create home directories on the first login. Click Ok when you are done.
6. Type in getent passwd in a terminal window. You should see your LDAP user accounts.Finally, reboot your computer. You should now be able to login using LDAP user accounts.
If your LDAP server requires authentication or its attributes does not conform to the RFC 2307 specification, you need to edit the file /etc/ldap.conf to make this work. See Active Directory Authentication for an example.
The version of sudo that comes with RHEL/CentOS 5 does not work with non local user accounts. While this is not yet fixed, use the sudo rpm package for Fedora 8.