Skip to Content

How do I configure Ezeelogin to authenticate using OpenLdap(Pam-Ldap) in CentOS ?

185  Manu Chacko May 16, 2022  Tweaks & Configuration

Integration of Open-LDAP (PAM-LDAP) in CentOS

Make sure that the PHP-LDAP extension is installed on the server 

[email protected]:~# yum install php-ldap openldap openldap-clients ;apachectl restart

1.  Login to Web-GUI > Settings > LDAP

 Add the details of LDAP configurations

2. Under Settings > General > Authentication > change webpanel authentication to LDAP & Enable External SSH Auth

3. Select the LDAP users and import them to Ezeelogin
 

 

You can confirm the imported LDAP users were listed in the Users 

 

Now you can login to Ezeelogin GUI with LDAP user.

After importing the users to Ezeelogin, log in with the user and set up security code for the user under Account > Password > New Security Code

Let's configure PAM_LDAP Authentication for SSH  

Login to the Ezeelogin ssh server to configure pam-LDAP
 
1. Install pam-LDAP module by the following command

[email protected] ~]# yum install nss-pam-ldapd nscd  

2.  Enter the command to auto-configure  

[email protected] ~]# authconfig-tui  

 Select use LDAP & use LDAP authentication 
 
 
3.  Add Binddn & bind password to /etc/nslcd.conf  
 

[email protected] ~]#  vi /etc/nslcd.conf

binddn cn=admin,dc=eztest,dc=net

bindpw [email protected]#234JH56hj^7

map passwd loginShell  "/usr/local/bin/ezsh" 

  And add bindn and bind password to the file
 
4. Enable autocreate home directory on login by the following command  

[email protected] ~]# authconfig --enablemkhomedir --update

 
5. Restart nslcd & nscd service

[email protected] ~]# service nslcd restart && service nscd restart  

Ensure the login shell of LDAP user is /usr/local/bin/ezsh  

Now run the id/finger command and see whether you are able to get LDAP user details 
 

[[email protected] ~]# finger jake

Login: jake          Name: jake t

Directory: /home/jake     Shell: /usr/local/bin/ezsh

Last login Wed Jun 13 05:02 (EDT) on pts/1 from 10.1.1.13

No mail.

No Plan.

[[email protected] ~]# id jake

uid=1001(jake) gid=20001(domain users) groups=1547600513(domain users)

Run an ldapsearch to ensure that results are correctly fetched from the LDAP server.
 

ldapsearch -v -x -H ldap://10.11.1.164 -b "cn=jake j,cn=Users,dc=ad2016,dc=admod,dc=net" -D "cn=administrator,dc=ad2016,dc=admod,dc=net" -w redhat
ldap_initialize( ldap://10.11.1.103:389/??base )
filter: (objectclass=*)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <cn=jake j,dc=ad2016,dc=admod,dc=net> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# jake j, ad2016.admod.net
dn: cn=jake j,dc=ad2016,dc=admod,dc=net
cn: jake j
givenName: jake
gidNumber: 500
sn: j
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword:: e01ENX15VHpOZUxJSFpTZzBZaGF6c3ZjQjVnPT0=
uidNumber: 1001
uid: jake
homeDirectory: /home/jake
loginShell: /usr/local/bin/ezsh

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Quotation content

 
Rating: 5 (1 Votes)