Bvm 18
asked on
configure pam_ldap in rhel7 to connect solaris ldap server
What is pam? What is ldap? I know those two are for authentication but still confused. Why system administrators usually configure authentication by pam_ldam.conf. What is the advantage with this.
how to configure pam_ldap in client side to connect solaris ldap server.
Thanks,
bvm
how to configure pam_ldap in client side to connect solaris ldap server.
Thanks,
bvm
ASKER
Thanks for the detailed explanation. I do want to configure openldap client on rhel7 to connect solaris's ldap server.
Any steps/article?
Any steps/article?
Is openldap setup on Solaris, or it configured using directory one ..
ldapcluent deals with joining ..
System-config-auth
Where you can configure the LDAP tie in..
You may gave depending on your setup authorize this client to query the LDAP ...
Much depends on the environment.
ldapcluent deals with joining ..
System-config-auth
Where you can configure the LDAP tie in..
You may gave depending on your setup authorize this client to query the LDAP ...
Much depends on the environment.
ASKER
ldap server running on solaris without tls.
Tried to setup openldap on rhel7 by following https://suresh-chandra.blogspot.in/2013/08/configuring-openldap-serverclient-on.html?showComment=1521678467727#c1305532625055249848
But, I see, ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) while adding user with ldapadd. I couldn't see slapd running on my box. I ended up with lot of issues. Can you throw some light how to configure ldap server and authenticate with ldap users by using pam. (pam_ldap)
Tried to setup openldap on rhel7 by following https://suresh-chandra.blogspot.in/2013/08/configuring-openldap-serverclient-on.html?showComment=1521678467727#c1305532625055249848
But, I see, ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) while adding user with ldapadd. I couldn't see slapd running on my box. I ended up with lot of issues. Can you throw some light how to configure ldap server and authenticate with ldap users by using pam. (pam_ldap)
You do not need to setup openldap on the rhel, it is a client and need only connect and query the one running on Solaris unless you want to setup the rhel as a replica...
Before there was a system-config-authenticati
Often when the system is installed, the selection of directory, LDAP goes through collecting information ....
Please post the output from
rpm -qa |egrep -i '(ldap|system|auth)'
Before there was a system-config-authenticati
Often when the system is installed, the selection of directory, LDAP goes through collecting information ....
Please post the output from
rpm -qa |egrep -i '(ldap|system|auth)'
ASKER
Tried with system-config_authenticati
That's why, I am trying to configure ldap server on my own.
output:
basesystem-10.0-7.el7.cent
openldap-2.4.44-5.el7.x86_
system-config-printer-1.4.
openldap-devel-2.4.44-5.el
xorg-x11-xauth-1.0.9-1.el7
firewalld-filesystem-0.4.4
vim-filesystem-7.4.160-2.e
color-filesystem-1-13.el7.
gnome-system-monitor-3.22.
filesystem-3.2-21.el7.x86_
mesa-filesystem-17.0.1-6.2
authconfig-6.2.8-30.el7.x8
systemd-python-219-42.el7_
systemtap-devel-3.1-5.el7_
systemtap-3.1-5.el7_4.x86_
telepathy-filesystem-0.0.2
mozilla-filesystem-1.9-11.
liboauth-0.9.7-4.el7.x86_6
systemd-sysv-219-42.el7_4.
systemtap-client-3.1-5.el7
fontpackages-filesystem-1.
control-center-filesystem-
cups-filesystem-1.6.3-29.e
openldap-servers-2.4.44-5.
systemd-libs-219-42.el7_4.
system-config-printer-udev
openldap-servers-sql-2.4.4
bind-dyndb-ldap-11.1-4.el7
libreport-filesystem-2.1.1
boost-system-1.53.0-27.el7
systemtap-runtime-3.1-5.el
system-config-printer-libs
emacs-filesystem-24.3-20.e
plymouth-system-theme-0.8.
openldap-clients-2.4.44-5.
gnome-system-log-3.9.90-3.
systemd-219-42.el7_4.10.x8
nss-pam-ldapd-0.8.13-8.el7
compat-openldap-2.3.43-5.e
That's why, I am trying to configure ldap server on my own.
output:
basesystem-10.0-7.el7.cent
openldap-2.4.44-5.el7.x86_
system-config-printer-1.4.
openldap-devel-2.4.44-5.el
xorg-x11-xauth-1.0.9-1.el7
firewalld-filesystem-0.4.4
vim-filesystem-7.4.160-2.e
color-filesystem-1-13.el7.
gnome-system-monitor-3.22.
filesystem-3.2-21.el7.x86_
mesa-filesystem-17.0.1-6.2
authconfig-6.2.8-30.el7.x8
systemd-python-219-42.el7_
systemtap-devel-3.1-5.el7_
systemtap-3.1-5.el7_4.x86_
telepathy-filesystem-0.0.2
mozilla-filesystem-1.9-11.
liboauth-0.9.7-4.el7.x86_6
systemd-sysv-219-42.el7_4.
systemtap-client-3.1-5.el7
fontpackages-filesystem-1.
control-center-filesystem-
cups-filesystem-1.6.3-29.e
openldap-servers-2.4.44-5.
systemd-libs-219-42.el7_4.
system-config-printer-udev
openldap-servers-sql-2.4.4
bind-dyndb-ldap-11.1-4.el7
libreport-filesystem-2.1.1
boost-system-1.53.0-27.el7
systemtap-runtime-3.1-5.el
system-config-printer-libs
emacs-filesystem-24.3-20.e
plymouth-system-theme-0.8.
openldap-clients-2.4.44-5.
gnome-system-log-3.9.90-3.
systemd-219-42.el7_4.10.x8
nss-pam-ldapd-0.8.13-8.el7
compat-openldap-2.3.43-5.e
have not used it recently, but I think you have the option to specify without TLS/secure connection.
See if the below reference helps.
Usually, there is an /etc/ldap.conf file...
using the system-config-authenticati
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/
https://www.tecmint.com/setup-ldap-server-and-configure-client-authentication/
The item of interest from the second is:
authconfig --enableldap --enableldapauth --ldapserver=your_Solaris_
See if the below reference helps.
Usually, there is an /etc/ldap.conf file...
using the system-config-authenticati
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/
https://www.tecmint.com/setup-ldap-server-and-configure-client-authentication/
The item of interest from the second is:
authconfig --enableldap --enableldapauth --ldapserver=your_Solaris_
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
The controlling is in /etc/nsswitch.conf where the system determines against
There are many writeups on PAM
Pam is the interface/interchange to the authentication
Pum_unix uses the /etc/shadow /etc/passwd to validate the login attempt (files in nsswitch.conf)
Pam_ldap.conf often relies on an additional LDAP.conf to interact with an openldap, or other LDAP server against which it validate a user's login attempt.
Think of it as a translator.
Pam_ldap speaks LDAP
Pam_unix speaks UNIX files.
LDAP, nis, nis+ are centrally managed directories such that adding a user to the directory avails the administrator organization the ability to grant or revoke rights of a user without the need to access individual systems.
I.e. In a thirty server/system environment adding a user to the directory could grant the user access to each system, without the need as mentioned if using files where the admin would have to log into each system to add the user or remove the user depending on a scenario