Skip to Content

How do I configure Ezeelogin to authenticate using OpenLdap(Pam-Ldap) in CentOS ?

185  Manu Chacko July 12, 2024  Tweaks & Configuration

Integration of Open-LDAP (PAM-LDAP) in CentOS

Overview: This article details how to integrate OpenLDAP (PAM-LDAP) with CentOS for SSH authentication using Ezeelogin. It covers installing PHP-LDAP, configuring LDAP settings via the web GUI, and setting up PAM_LDAP for SSH access. Verification steps ensure imported LDAP users are correctly configured for seamless integration.

Make sure that the PHP-LDAP extension is installed on the server 

root@jumpserver:~# yum install php-ldap openldap openldap-clients ;apachectl restart

Step 1.  Login to Web-GUI -> Settings -> LDAP

 Add the details of LDAP configurations

Step 2. Under Settings -> General -> Authentication -> change webpanel authentication to LDAP & Enable External SSH Auth

Step 3. Select the LDAP users and import them to Ezeelogin
 

You can confirm the imported LDAP users were listed in the Users 

Now you can login to Ezeelogin GUI with LDAP user.

After importing the users to Ezeelogin, log in with the user and set up security code for the user under Account -> Password -> New Security Code

Let's configure PAM_LDAP Authentication for SSH  

Login to the Ezeelogin ssh server to configure pam-LDAP
 
Step 1. Install pam-LDAP module by the following command

root@gateway ~]# yum install nss-pam-ldapd nscd  

Step 2.  Enter the command to auto-configure  

root@gateway ~]# authconfig-tui  

 Select use LDAP & use LDAP authentication 
 
 
Step 3.  Add Binddn & bind password to /etc/nslcd.conf  
 

root@gateway ~]#  vi /etc/nslcd.conf

binddn cn=admin,dc=eztest,dc=net

bindpw chaSD@#234JH56hj^7

map passwd loginShell  "/usr/local/bin/ezsh" 

  And add bindn and bind password to the file
 
Step 4. Enable autocreate home directory on login by the following command  

root@gateway ~]# authconfig --enablemkhomedir --update 

5. Restart nslcd & nscd service

root@gateway ~]# service nslcd restart && service nscd restart  

Ensure the login shell of LDAP user is /usr/local/bin/ezsh  

Now run the id/finger command and see whether you are able to get LDAP user details 
 

[root@jumpserver ~]# finger jake

Login: jake          Name: jake t

Directory: /home/jake     Shell: /usr/local/bin/ezsh

Last login Wed Jun 13 05:02 (EDT) on pts/1 from 10.1.1.13

No mail.

No Plan.

[root@jumpserver ~]# id jake

uid=1001(jake) gid=20001(domain users) groups=1547600513(domain users)

Run an ldapsearch to ensure that results are correctly fetched from the LDAP server.
 

ldapsearch -v -x -H ldap://10.11.1.164 -b "cn=jake j,cn=Users,dc=ad2016,dc=admod,dc=net" -D "cn=administrator,dc=ad2016,dc=admod,dc=net" -w redhat
ldap_initialize( ldap://10.11.1.103:389/??base )
filter: (objectclass=*)
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <cn=jake j,dc=ad2016,dc=admod,dc=net> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# jake j, ad2016.admod.net
dn: cn=jake j,dc=ad2016,dc=admod,dc=net
cn: jake j
givenName: jake
gidNumber: 500
sn: j
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword:: e01ENX15VHpOZUxJSFpTZzBZaGF6c3ZjQjVnPT0=
uidNumber: 1001
uid: jake
homeDirectory: /home/jake
loginShell: /usr/local/bin/ezsh

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Quotation content

Related Articles
 
 
Rating: 5 (1 Votes)