An LDAP server like the 389 Directory Server and OpenLDAP can be used to centralize the users and authentication information. This articles describes how to use LDAP based authentication in Red Hat Enterprise Linux 5 or CentOS 5.

The attributes below are required to be filled up to be able to use LDAP authentication.

  • uid – User name
  • userPassword – User password
  • uidNumber – UID
  • gidNumber – GID
  • homeDirectory – Home directory
  • loginShell – Login shell
Posix UserIf you are using Fedora Directory Server, it has a great GUI tool for managing the required Posix attributes.

Setup Authentication

Authentication1. Click System, select Administration and click Authentication. This will launch the Authentication Configuration window.
Authentication Configuration2. Check Enable LDAP Support and click the Configure LDAP button.
LDAP Settings3. Fill in the LDAP Search Base DN and LDAP Server fields. Click Ok when you are done.
Authentication4. Click the Authentications tab and check Enable LDAP Support.
LDAP Settings5. Click the Options tab and check Local authorization is sufficient for local users and Create home directories on the first login. Click Ok when you are done.
getent passwd6. Type in getent passwd in a terminal window. You should see your LDAP user accounts.

Finally, reboot your computer. You should now be able to login using LDAP user accounts.

NoteIf your LDAP server requires authentication or its attributes does not conform to the RFC 2307 specification, you need to edit the file /etc/ldap.conf to make this work. See Active Directory Authentication for an example.

ImportantThe version of sudo that comes with RHEL/CentOS 5 does not work with non local user accounts. While this is not yet fixed, use the sudo rpm package for Fedora 8.

Visit the forum to ask for help or to give a comment.

***
Posted on 3/8/2009 and last updated on 11/24/2009
Filed under CentOS 5 , LDAP , Red Hat Enterprise Linux 5