RedHat LDAP Authentication

Moonark

Senior member
Oct 9, 1999
387
0
0
Does anyone know how to get LDAP authentication to work when installing RedHat? When installing it gives me the option to Enable LDAP. I give it my LDAP server which is 192.168.1.1, but I have no idea what the LDAP DN is and how to type it in... Has anyone gotten this to work or ever tried?
 

N11

Senior member
Mar 5, 2002
309
0
0
At the command line type: authconfig
Change your authentication settings here.
 

Buddha Bart

Diamond Member
Oct 11, 1999
3,064
0
0
The way LDAP authentication usually works is there is an account on the LDAP server (lets say called "SERVAUTH") that has the permissions to search the LDAP database for the DN of whatever account is trying to login. It then returns the DN (distinguished name, basically a primary key) to the server, which makes a second connection to the LDAP server as the person it just looked up, using the password the person logging in supplied it. If the connection (called "binding") is succsesful, then the password/account matched as far as LDAP is concerned and RedHat (actually the PAM module) will say "all clear, password was good".

In other words....

1.) "jsmith81" tries to login to the redhat machine through SSH
2.) SSH has been compiled to use PAM for its authentication, so it sends PAM the username/password
3.) PAM checks its configuration and says "for the SSH service, i've been configured to authenticate against LDAP"
4.) PAM connects (binds) to the LDAP server as the "servauth" account, using a password stored in some config file
5.) once connected it searches for the DistinguishedName of the account "jsmith81"
6.) lets say it gets back something like "John Peter Smith" as the DN
7.) it disconnects as "servauth"
8.) Now it re-connects as "John Peter Smith" using the password "jsmith81" supplied in step1, effectivly loggin into the LDAP server as that user.
9.) If the LDAP server accepts the password, and the connection bind's, then the password was right
10.) PAM will tell the service (SSH) that the authentication was succesful.

So, what RedHat is probably asking you for, is the DN of the account that will make that first connection, and do the searching. (servauth in my example).

bart