Here are the details about our setup once:

LDAP Server: rh54srv1.iptables.gen.tr
Linux client: rh54-2.iptables.gen.tr

[LDAP configuration]

Adjust the following lines in your /etc/openldap/slapd.conf

Start LDAP server:

Send a sample query to our fresh LDAP server to test the queries. Be careful command should be in single line and shouldn’t be wrapped, if so, use backslash.

This is a good answer:) though we haven’t received any records as we don’t have any.

Now we will migrate our current password and group files into LDAP. Get the following scripts for this purpose:

Edit the file MigrationTools-47/migrate_common.ph under /usr/local folder and adjust the DEFAULT_BASE variable according to your configuration.

We have the migration tools. Now we can migrate the files into LDAP database:

NOTICE: Before going further, I need to raise one point. Migration tool generated my base as “dc=gen,dc=tr” instead of “dc=iptables,dc=gen,dc=tr” and created the file base.ldif as such. That is why I needed to remove the heading line below from my base.ldif file in order to add it into LDAP.

The following heading lines were removed from the file.

Time to add ldif files into LDAP database:

After these commands, all your user information is transferred into LDAP server database.

[CLIENT CONFIGURATION]

As we have finished server side configuration, now we will setup our client so that all user authentication requests will be sent to our LDAP server. Again our handy tool authconfig does most of the dirty part for us. One command enables ldap authentication.

From this moment on, if you ssh into this client machine (rh54-2), you will be authenticated from LDAP server on rh54srv1 instead of /etc/passwd.  All your passwords in /etc/passwd file now are in LDAP. One more thing to do is to add a new username into LDAP to test authentication.

Create an LDIF file adduser.ldif with the following content:

I have already coloured the sections in this sample which needs to be changed. Password can be created with any crypt utility. For example, I have created this crypted password with the following perl command;

Now you can add this new entry into ldap ;

Best test is by trying to login to client via SSH

As you can see authentication is successful. (Note: You may have a different output “like home directory not found”. It is because there is no /home/ldapuser1 folder in the client system.

If you want to test ldap manually in the client machine (rh54-2) run the following. The output will be all the password entries in the LDAP server.

Now your authentication should be working. I would like to mention about a few points before finishing this article;

• You should also run authconfig command you run in client in the server. Otherwise authentication utilities will not be aware of LDAP configuration.
• As your users are now centrally managed, your home directories should be central as well. In order to configure automatically mounted user home directories, you can have a look at my previous article about autofs with NIS authentication.
• Always create backup and be careful as authconfig may cause your system inaccessible if not properly managed.

Please share your opinions or if you see any mistake in the document let me know.