In my last two posts http://www.linuxmantra.com/2013/04/openldap-on-centos.html and http://www.linuxmantra.com/2013/04/ldap-on-centos-part-2.html, I discussed ldap basics and its setup on centos server.
As we know User account verification and authentication are two different thing. I already discussed account verification using ldap in my last post http://www.linuxmantra.com/2013/04/ldap-on-centos-part-2.html.
User Authentication is a independent process. There are multiple authentication method in Linux. Have a look on below image
In authentication section there are a number of option. Generally we use “Use Shadow Passwords” option. Shadow passwords option use /etc/shadow file. You can continue to use Shadow Password option for ldap user as well. If you use shadow password for ldap user, then user account information getting stored on ldap server and password get stored in /etc/shadow
Other than using method “Use Shadow Passwords” we can go for “Use LDAP Authentication”. In LDAP authentication scenario password will be stored in ldap format in the ldap server.
Let us understand this by an example,
Suppose there is a user “uid=ldapuser1,dc=linuxmantra,dc=com” and we want to set password of this user. Following commad will set password of this user to ‘Passw0rd’
root# ldappasswd -x -D”cn=Manager,dc=linuxmantra,dc=com” -W “uid=ldapuser1,dc=linuxmantra,dc=com” -s ‘Passw0rd’
Above given command will set userPassword attribute of given DN to whatever value you set as password. You can notice this value in output of slapcat command
Now you have a ldap user “uid=ldapuser1,dc=linuxmantra,dc=com” and more importantly user password is stored inside ldap server.
Finally issue command authconfig-tui and enable the option “Use LDAP Authentication”