Automated configuration of ldap authentication for RHEL5 servers

redhat ldap

Solution 1:

I typically edit:

/etc/ldap.conf
/etc/nsswitch.conf
/etc/openldap/ldap.conf (check for certs if necessary)
/etc/pam.d/system-auth

I think that covers the necessary evils. Might need /etc/sudoers as well.

Solution 2:

My preference is to manage /etc/sysconfig/authconfig (which contains a list of vars) then use authconfig --updateall, this lets me drop 1 file that controls everything.

Solution 3:

I'm not sure about any RedHat specific configurations, but take a look at this LDAP configuration guide.

Basically, besides the files you mention, you should also configure PAM like so:

auth       required     pam_env.so
auth       sufficient   pam_unix.so likeauth nullok
auth       sufficient   pam_ldap.so use_first_pass
auth       required     pam_deny.so

account    sufficient   pam_unix.so
account    sufficient   pam_ldap.so
account    required     pam_ldap.so

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3    
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   sufficient   pam_ldap.so use_first_pass
password   required     pam_deny.so

Related

Change Windows screen resolution remotely without reboot?
Possible to Change Screen Resolution with Script?
Home Network, router firewall vs Windows firewall [closed]
Backup of Active Directory
VMware ESX Auditing
Wireless Hotspot Security
MySQL database count limit
Differences between Active Directory Server and PDC
Improved SharePoint/MOSS 2007 Wiki
How to have downloads be automatically unblocked?
New Windows 2008 Disk Partitioning Offset question - should I worry about it?
What is the button on power supply of the Dell Optiplex 760 workstation for?