LDAP (Lightweight Directory Access Protocol) is an authentication protocol used to allow secure access to directory servers. It’s an open standard protocol so all of it’s documentation is freely available for those who desire to build an LDAP server. It uses port 389 to communicate and is a TCP/IP protocol.
In order to install use LDAP we will need to install three programs: sssd, authconfig-gtk, and krb5-workstation.
So let’s do a
(the -y in our command will automatically answer yes to any prompts/questions we get from yum during the installation)
Once the installation is complete let’s configure our LDAP settings.
There are two ways to do this but we will stick to doing it from the terminal.
Run system-config-authentication and you will get the Authentication settings window. There a few things we will change here.
Under User Account Configuration
Set User Account Configuration to LDAP
The rest of the settings will be contingent upon your situation but I advise you check the box next to Use TLS to encrypt connections for an extra layer of security.
Uncheck the box next to Use DNS to locate KDCs for realms
Change this to LDAP password.
Switch over to the Advanced Options tab and check the box next to Create home directory on the first login
Click apply and close out.
Now test that you are able to login to the server using ssh.
Now that we have LDAP configured let’s dive deeper and create an automounting home directory using autofs.
yum -y install autofs
Now let’s enable and start the service
systemctl enable autofs
systemctl start autofs
In order to set up autofs we need to create two files. The first one is called the master-map file and is called /etc/auto.master.d/*.autofs (replace * with any name, /etc/auto.master.d/example.autofs for example).
Run vim /etc/auto.master.d/example.autofs
and we will enter one line to this file
the entry should look like this
Replace /home/guests with the directory of your choice and you may change where it says “example” to the name of your choice. Now let’s save and exit.
We will create our second file now.
Add one line to this entry with the following format
ldapuserX options servername:/directory/ldapuserX
The options will determine what permissions the user has. You can also indicate what version of NFS to use. We can now save this file.
Now let’s update our settings by restarting autofs
systemctl restart autofs
That’s it! Let’s test our autofs by logging in using the LDAP credentials and checking to see if our directory is automatically mounted once we login.