

Start and enable oddjobd to run on system boot. echo "session optional pam_oddjob_mkhomedir.so skel=/etc/skel/ umask=0022" > /etc/pam.d/system-auth Load the pam_oddjob_mkhomedir module in PAM auth file /etc/pam.d/system-auth to enable auto home directory creation.
INSTALL MONGODB CENTOS 6.7 INSTALL
Install the oddjob-mkhomedir, which provides the pam_oddjob_mkhomedir module to create a home directory for a user at login-time. This can be achieved using the authconfig utility Configure Automatic Home Directory Creation
INSTALL MONGODB CENTOS 6.7 UPDATE
Update the NSS and PAM to use SSSD to manage authentication resources. chown -R root:root /etc/sssd/Ĭhmod -R 600 /etc/sssd/ Integrate NSS and PAM with SSSD on CentOS 7/CentOS 6 Set the proper ownership and permissions on SSSD configuration file. If the you get the, Verify return code: 0 (ok) status, then the certificate is fine. Verify the CA certificate openssl s_client -connect :636 -CAfile /etc/openldap/certs/cacert.pem TLS_CACERT /etc/openldap/certs/cacert.pem HGs85jrn634RNXMPWZ8lqChr1QLKlDsOz89tTQ4zvDBqQPweo8de2B/ybTIUJu0oĪlso, on the /etc/openldap/nf configuration, specify the path to CA certificates as defined by the value of ldap_tls_cacertdir parameter. SLwoxITLon23PB1Twc6heMFh1hkug3JXbtr5AJglU8JdGNtXM6e3ct+cAf2F/hRR MIIDPDCCAiSgAwIBAgIULKGcNBKQU9LqklS27aLVr5NFgoQwDQYJKoZIhvcNAQELīQAwHzEdMBsGA1UEAwwUKi5raWZhcnVuaXgtZGVtby5jb20wHhcNMjAwNDEzMTAx vim /etc/openldap/certs/cacert.pem -BEGIN CERTIFICATE. true | openssl s_client -connect :636 2>/dev/null | openssl x509Ĭopy the certificate and store it on the specified file by the value of the ldap_tls_cacert parameter, /etc/openldap/certs/cacert.pem. Set the appropriate the values, at least, for the following parameters ĭownload the CA certificate of the OpenLDAP server by running the command below. Ldap_access_filter = (objectClass=posixAccount)

Ldap_tls_cacert = /etc/openldap/certs/cacert.pem Ldap_default_bind_dn = cn=readonly,ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com Ldap_search_base = dc=ldapmaster,dc=kifarunix-demo,dc=com Setup you SSSD LDAP authentication parameters such that it may look like in below As such, you need to create it and define you authentication parameter options. Once the installation completes, the next step is to configure SSSD for OpenLDAP authentication on CentOS 6/CentOS 7.īy default, SSSD doesn’t create a configuration file.

The install SSSD and other SSSD userspace tools for manipulating users, groups, and nested groups, run the command below yum install sssd sssd-tools Configure SSSD for OpenLDAP Authentication You should also install the same CA certificate on all of your client machines. You can confirm this by running slapcat -b "cn=config" | grep olcTLS olcTLSCACertificateFile: /etc/pki/tls/cacert.pemĬhange the location of the CA certificate on /etc/openldap/nf. You can the update OpenLDAP database as follows ldapadd -Y EXTERNAL -H ldapi:/// -f add-tls.ldif Replace the paths to the CA, Server Certificate and the key accordingly. OlcTLSCertificateFile: /etc/pki/tls/ldapserver.crt OlcTLSCertificateKeyFile: /etc/pki/tls/ldapserver.key OlcTLSCACertificateFile: /etc/pki/tls/cacert.pem

To configure OpenLDAP server with SSL/TLS support, you can update the OpenLDAP Server TLS certificates attributes as follows vi enable-tls.ldif dn: cn=config Another thing to note is that, SSSD does not support authentication over an unencrypted channel.
