Main Menu
PHP Tools
PHP Help Request
PHP Editors Newsletter
Editor Search
Reviewed PHP Editors
Latest News
Submit News
PHP Tutorials
PHP Book Reviews
Online Book Chapters
PHP Games

Forums
RSS 2.0
PHP Desktop Editors
Other PHP Tools
PHP Contests
PHP Programming Help
Linux Help
Apache Help
MySQL Help
PHP Games
PHP Jobs
PHP Forums Home

Programming Contest
PHP Contests
PHP Contests Archive

Documentation
PHP Manual
PEAR Manual
PHP-GTK Manual
Smarty Manual
PostgreSQL Manual
CSS 2 Reference
Redhat Linux 9
HTML 4.01
Apache 2 Manual

Partner Sites
Ajax Tutorials
Webmaster Resources
Web Templates
PHP Scripts
PHP Code Examples
Learn PHP playing Trivia
PHP & MySQL Forums
Web Development Index
web site templates

Sponsors

NuSphere



All Red Hat Linux documents are copyrighted to Red Hat Inc.

Red Hat Linux 9: Red Hat Linux Reference Guide
PrevChapter 13. Lightweight Directory Access Protocol (LDAP)Next

13.7. Configuring Your System to Authenticate Using OpenLDAP

This section provides a brief overview of how to configure a Red Hat Linux system to authenticate using OpenLDAP. Unless you are an OpenLDAP expert, you will probably need more documentation than is provided here. Please refer to the references provided in Section 13.9 Additional Resources for more information.

Install the Necessary LDAP Package

First, you should make sure that the appropriate packages are installed on both the LDAP server and the LDAP client machines. The LDAP server needs the openldap-servers package.

The openldap, openldap-clients, and nss_ldap packages need to be installed on all LDAP client machines.

Edit the Configuration Files

  • On the server, edit the /etc/openldap/slapd.conf file on the LDAP server to make sure it matches the specifics of your organization. Please refer to Section 13.6.1 Editing /etc/openldap/slapd.conf for instructions on editing slapd.conf.

  • On the client machines, both /etc/ldap.conf and /etc/openldap/ldap.conf need to contain the proper server and search base information for your organization.

    The simplest way to do this is to run the Authentication Configuration Tool (authconfig-gtk) and select Enable LDAP Support under the User Information tab.

    You can also edit these files by hand.

  • On the client machines, the /etc/nsswitch.conf must be edited to use LDAP.

    The simplest way to do this is to run the Authentication Configuration Tool (authconfig-gtk) and select Enable LDAP Support under the User Information tab.

    If editing /etc/nsswitch.conf by hand, add ldap to the appropriate lines.

    For example: 

    passwd: files ldap
shadow: files ldap
group: files ldap

13.7.1. PAM and LDAP

To have standard PAM-enabled applications use LDAP for authentication, run the Authentication Configuration Tool (authconfig-gtk) and select Enable LDAP Support under the the Authentication tab. For more on configuring PAM consult, Chapter 14 Pluggable Authentication Modules (PAM) and the PAM man pages.

13.7.2. Migrating Old Authentication Information to LDAP Format

The /usr/share/openldap/migration/ directory contains a set of shell and Perl scripts for migrating authentication information into LDAP format.

First, modify the migrate_common.ph file so that it reflects your domain. The default DNS domain should be changed from its default value to something like: 

$DEFAULT_MAIL_DOMAIN = "your_company";

The default base should also be changed, to something like: 

$DEFAULT_BASE = "dc=your_company,dc=com";

The job of migrating a user database into a format that is LDAP readable falls to a group of migration scripts installed in the same directory. Using Table 13-1, decide which script to run in order to migrate your user database.

Existing name serviceIs LDAP running?Script to Use
/etc flat filesyesmigrate_all_online.sh
/etc flat filesnomigrate_all_offline.sh
NetInfoyesmigrate_all_netinfo_online.sh
NetInfonomigrate_all_netinfo_offline.sh
NIS (YP)yesmigrate_all_nis_online.sh
NIS (YP)nomigrate_all_nis_offline.sh

Table 13-1. LDAP Migration Scripts

Run the appropriate script based on your existing name service.

NoteNote
 

You must have Perl installed on your system to use some of these scripts.

The README and the migration-tools.txt files in the /usr/share/openldap/migration/ directory provide more details on how to migrate the information.

PrevHomeNext
OpenLDAP Setup OverviewUpUpgrading to OpenLDAP Version 2.0
© Copyright 2003-2023 www.php-editors.com. The ultimate PHP Editor and PHP IDE site.