>ldap authentication

By | April 23, 2013

>

In my last two posts http://www.linuxmantra.com/2013/04/openldap-on-centos.html and http://www.linuxmantra.com/2013/04/ldap-on-centos-part-2.html, I discussed ldap basics and its setup on centos server. 

As we know User account verification and authentication are two different thing. I already discussed account verification using ldap in my last post http://www.linuxmantra.com/2013/04/ldap-on-centos-part-2.html.
User Authentication  is a independent process. There are multiple authentication method in Linux. Have a look on below image

In authentication section there are a number of option. Generally we use “Use Shadow Passwords” option. Shadow passwords option use /etc/shadow file. You can continue to use Shadow Password option for ldap user as well. If you use shadow password for ldap user, then user account information getting stored on ldap server and password get stored in /etc/shadow

Other than using method “Use Shadow Passwords” we can go for “Use LDAP Authentication”. In LDAP authentication scenario password will be stored in ldap format in the ldap server. 

Let us understand this by an example, 

Suppose there is a user “uid=ldapuser1,dc=linuxmantra,dc=com” and we want to set password of this user. Following commad will set password of this user to ‘Passw0rd’


root# ldappasswd -x -D”cn=Manager,dc=linuxmantra,dc=com” -W “uid=ldapuser1,dc=linuxmantra,dc=com”  -s ‘Passw0rd’

Above given command will set userPassword attribute of given DN to whatever value you set as password. You can notice this value in output of slapcat command


Now you have a ldap user “uid=ldapuser1,dc=linuxmantra,dc=com” and more importantly user password is stored inside ldap server.

Finally issue command authconfig-tui and enable the option “Use LDAP Authentication” 
Share itShare on FacebookEmail this to someoneTweet about this on TwitterShare on Google+Share on LinkedInPrint this page

One thought on “>ldap authentication

  1. Pingback: LDAP | KBTECHWORLD

Leave a Reply

Your email address will not be published. Required fields are marked *

Current month ye@r day *