Skip to Content

How do i configure Ezeelogin to authenticate using OpenLdap(Pam-Ldap) in centos ?

Integration of Open-LDAP (PAM-LDAP) in centos

Make sure that the PHP-LDAP extension is installed on the server 

[email protected]:~# yum install php-ldap openldap openldap-clients ;apachectl restart

1.  Login to Web-GUI > open settings > Ldap

 Add the details of LDAP configurations

 

2  Under Settings > general > Authentication > change Webpanel authentication to ldap & Check PAM Authentication

 
 
3. Select the LDAP users and import them to Ezeelogin
 
 
 

you can confirm the imported LDAP users were listed in the Users 

 

Now you can login to Ezeelogin GUI with ldap user.

After importing the users to Ezeelogin, log in with the user and set up security code for the user under Account > Password > New Security Code

Let’s configure PAM_LDAP Authentication for SSH  
 
Login to Ezeelogin ssh server to configure pam-LDAP
 
 
1. Install pam-LDAP module by the following command

 #yum install nss-pam-ldapd nscd  

 
2.  Enter the command to auto-configure  

#authconfig-tui  

   
 Select use LDAP & use LDAP authentication 
 
 
 
 
3.  Add Binddn & bind password to /etc/nslcd.conf  
 

vi /etc/nslcd.conf

binddn cn=admin,dc=eztest,dc=net

bindpw [email protected]#234JH56hj^7

map passwd loginShell  "/usr/local/bin/ezsh" 

  And add bindn and bind password to the file
 
4. Enable autocreate home directory on login by the following command  

authconfig --enablemkhomedir --update

 
5. Restart nslcd & nscd service

service nslcd restart && service nscd restart  

Ensure the login shell of LDAP user is /usr/local/bin/ezsh  

     
Now run the id/finger command and see whether you are able to get LDAP user details 
 

[[email protected] ~]# finger jake

Login: jake          Name: jake t

Directory: /home/jake     Shell: /usr/local/bin/ezsh

Last login Wed Jun 13 05:02 (EDT) on pts/1 from 10.1.1.13

No mail.

No Plan.

[[email protected] ~]# id jake

uid=1001(jake) gid=20001(domain users) groups=1547600513(domain users)

 
Run an ldapsearch to ensure that  results are correctly fetched from the ldap server.

ldapsearch -v -x -H ldap://10.11.1.164 -b "cn=jake j,cn=Users,dc=ad2016,dc=admod,dc=net" -D "cn=administrator,dc=ad2016,dc=admod,dc=net" -w redhat
ldap_initialize( ldap://10.11.1.103:389/??base )
filter: (objectclass=*)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <cn=jake j,dc=ad2016,dc=admod,dc=net> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# jake j, ad2016.admod.net
dn: cn=jake j,dc=ad2016,dc=admod,dc=net
cn: jake j
givenName: jake
gidNumber: 500
sn: j
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword:: e01ENX15VHpOZUxJSFpTZzBZaGF6c3ZjQjVnPT0=
uidNumber: 1001
uid: jake
homeDirectory: /home/jake
loginShell: /usr/local/bin/ezsh

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Quotation content