Integrate OpenLdap with CentOS using SSSD

446 Manu Chacko August 4, 2024 Tweaks & Configuration 6451

How to integrate OpenLdap with Centos 8 using SSSD?

Overview : This article provides a step-by-step guide on installing and configuring SSSD for LDAP integration on a CentOS server, including package installation, SSSD configuration, and verification of LDAP user details.

Run the following commands to install the SSSD packages

[root@jumpserver ~]# yum install sssd sssd-client nscd -y

Add ldap_search_base,ldap_default_bind_dn,ldap_default_authtok,ldap_uri to /etc/sssd/sssd.conf

[sssd]
services = nss, pam
config_file_version = 2
domains = default
[nss]
[pam]
offline_credentials_expiration = 60
[domain/default]
ldap_id_use_start_tls = False
cache_credentials = True
ldap_search_base = dc=ldap,dc=ez,dc=com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
access_provider = ldap
ldap_uri = ldap://192.168.1.10
ldap_default_bind_dn = cn=admin,dc=ldap,dc=ez,dc=com
ldap_default_authtok = paswword
ldap_search_timeout = 50
ldap_network_timeout = 60
ldap_access_order = filter
ldap_access_filter = (objectClass=posixAccount)
override_shell = /usr/local/bin/ezsh

Restart sssd and nscd using below commands.

[root@jumpserver ~]# service sssd restart && service nscd restart

Note:

When sssd restart fails, make sure to change the permissions of sssd.conf to 600

[root@jumpserver ~]# chmod 600 /etc/sssd/sssd.conf

Enable autocreate home directory on login by the following command

authconfig --enablemkhomedir --update

Now run the id / finger command and see whether you are able to get LDAP user details

[root@jumpserver ~]# finger marc
Login: marc             Name: Marc c
Directory: /home/marc   Shell: /usr/local/bin/ezsh
Last login Wed Jun 13 05:02 (EDT) on pts/1 from 10.1.1.13
No mail.
No Plan.
[root@jumpserver ~]# id marc
uid=1001(marc) gid=20001(domain users) groups=1547600513(domain users)
root@gateway ~]# getent passwd marc
marc:*:1701601108:1701600513:marc user:/home/[email protected]:/usr/local/bin/ezsh

Note:

Use the below command to clear the cache of the user.

[root@jumpserver ~]# sss_cache -u username

Integrate Windows AD on RHEL 8 using SSSD

Integrate Windows AD with Centos 8 using SSSD

1 people found this article helpful what about you?