Skip to Content

How do I configure Ezeelogin to authenticate using OpenLdap(Pam-Ldap) in CentOS ?

185  Manu Chacko June 14, 2023  Tweaks & Configuration

Integration of Open-LDAP (PAM-LDAP) in CentOS

Make sure that the PHP-LDAP extension is installed on the server 

root@jumpserver:~# yum install php-ldap openldap openldap-clients ;apachectl restart

1.  Login to Web-GUI > Settings > LDAP

 Add the details of LDAP configurations

2. Under Settings > General > Authentication > change webpanel authentication to LDAP & Enable External SSH Auth

3. Select the LDAP users and import them to Ezeelogin
 

 

You can confirm the imported LDAP users were listed in the Users 

 

Now you can login to Ezeelogin GUI with LDAP user.

After importing the users to Ezeelogin, log in with the user and set up security code for the user under Account > Password > New Security Code

Let's configure PAM_LDAP Authentication for SSH  

Login to the Ezeelogin ssh server to configure pam-LDAP
 
1. Install pam-LDAP module by the following command

root@gateway ~]# yum install nss-pam-ldapd nscd  

2.  Enter the command to auto-configure  

root@gateway ~]# authconfig-tui  

 Select use LDAP & use LDAP authentication 
 
 
3.  Add Binddn & bind password to /etc/nslcd.conf  
 

root@gateway ~]#  vi /etc/nslcd.conf

binddn cn=admin,dc=eztest,dc=net

bindpw chaSD@#234JH56hj^7

map passwd loginShell  "/usr/local/bin/ezsh" 

  And add bindn and bind password to the file
 
4. Enable autocreate home directory on login by the following command  

root@gateway ~]# authconfig --enablemkhomedir --update

 
5. Restart nslcd & nscd service

root@gateway ~]# service nslcd restart && service nscd restart  

Ensure the login shell of LDAP user is /usr/local/bin/ezsh  

Now run the id/finger command and see whether you are able to get LDAP user details 
 

[root@jumpserver ~]# finger jake

Login: jake          Name: jake t

Directory: /home/jake     Shell: /usr/local/bin/ezsh

Last login Wed Jun 13 05:02 (EDT) on pts/1 from 10.1.1.13

No mail.

No Plan.

[root@jumpserver ~]# id jake

uid=1001(jake) gid=20001(domain users) groups=1547600513(domain users)

Run an ldapsearch to ensure that results are correctly fetched from the LDAP server.
 

ldapsearch -v -x -H ldap://10.11.1.164 -b "cn=jake j,cn=Users,dc=ad2016,dc=admod,dc=net" -D "cn=administrator,dc=ad2016,dc=admod,dc=net" -w redhat
ldap_initialize( ldap://10.11.1.103:389/??base )
filter: (objectclass=*)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <cn=jake j,dc=ad2016,dc=admod,dc=net> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# jake j, ad2016.admod.net
dn: cn=jake j,dc=ad2016,dc=admod,dc=net
cn: jake j
givenName: jake
gidNumber: 500
sn: j
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword:: e01ENX15VHpOZUxJSFpTZzBZaGF6c3ZjQjVnPT0=
uidNumber: 1001
uid: jake
homeDirectory: /home/jake
loginShell: /usr/local/bin/ezsh

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Quotation content

Related Articles:
Rating: 5 (1 Votes)