Skip to main content

Using LDAP for Authentication

Hands-On Lab

 

Photo of Rob Marti

Rob Marti

Linux Training Architect I in Content

Length

01:00:00

Difficulty

Intermediate

In this lab we are going to set up LDAP Authentication for a Centos 7 server. Doing this will help with understanding how LDAP authentication works and how to configure it. We'll use the authconfig tool along with some additional packages that will allow us to authenticate using LDAP users.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Using LDAP for Authentication

Introduction

In this lab we are going to set up LDAP Authentication for a Centos 7 server. Doing this will help with understanding how LDAP authentication works and how to configure it. We'll use the authconfig tool along with some additional packages that will allow us to authenticate using LDAP users.

Get Logged In

Use the credentials and server IP in the hands-on lab overview page to log into our lab server. Since we'll need to be root for the all of the commands, we'll run a quick sudo -i as soon as we're in. Once that's done, we can get moving.

Set the Server up to Authenticate Using ldap.linuxacademy.com

The first step is to install the required packages:

[root@host]# yum install nss-pam-ldapd pam_krb5 autofs nfs-utils openldap-clients

>Note that these packages aren't part of any other groups really, so you're going to have to memorize them, in order to install quickly them during the exam.

Once that is complete we can run:

[root@host]# authconfig --enableldap --enableldapauth --enablemkhomedir --enableldaptls 
--ldaploadcacert=http://ldap.linuxacademy.com/pub/cert.pem --ldapserver=ldap.linuxacademy.com 
--ldapbasedn="dc=linuxacademy,dc=com" --update

Alternatively, we could install authconfig-gtk and then run the export as root to make the same settings.

[root@host]# export XAUTHORITY=/home/cloud_user/.Xauthority

[root@host]# yum install authconfig-gtk 

[root@host]# authconfig-gtk

Note: you will need to use ssh- X to connect in order to use authconfig-gtk.

Get the UID of ldapuser3

Once authentication is complete we can run:

id ldapuser3

This will show the UID. We can also, as root, run su - ldapuser3 and run id.

Conclusion

That was fairly straight ahead. We set up LDAP authentication and then tried it out on a user account. Congratulations!