Open LDAP importing certificate and mapping user`s home directory in redhat7

The OpenLDAP logo

LDAP is a platform-independent protocol. Several common Linux distributions include OpenLDAP Software for LDAP support. The software also runs on BSD-variants, as well as AIX, Android, HP-UX, macOS, Solaris, Microsoft Windows (NT and derivatives, e.g. 2000, XP, Vista, Windows 7, etc.), and z/OS.

We have an open LDAP server :

First we need to check ldap package is installed or not in the LDAP server

#rpm -qa | grep openldap

#rpm -qa | grep nfs*

Here we created some users in home/guests

Next step go to Client server system or desktop system

configure static IP add LDAP server IP in /etc/hosts

Ping with the LDAP server IP

install yum install -y sssd*

The System Security Services Daemon is a software package originally developed for the Linux operating system that provides a set of daemons to manage access to remote directories and authentication mechanisms.

install authconfig*
the authconfig-tui command being deprecated (tui stands for Text User Interface), the only remaining options are the system-config-authentication and authconfig commands. One is a graphical command, this other a text one.

#yum install authconfig*

#authconfig-gtk in GNOME terminal
note: in TUI #authconfig-tui

check the URL certificate link :

Then check in /etc/openldap/cacerts/

you can see that .pem file

Restart sssd service

#systemctl restart sssd

Verification :

#getent passwd <username> here am using the user ldapuser0


#id ldapuser0

If you can see the userid details then you configured ldap certificate successfully.

Other wise you may check the URL link and the LDAP server URL name whether its correct or not .

You can check with ssh localhost also ;

Now you can check with the user with ldapuser0@localhost or su – ldapuser0

You can log in but you must get permission denied error .That we can fix with autofs configuration .

Mapping User`s home directory

#yum install -y autofs*

check the installed package

create a map file under # vi /etc/auto.ami (anyname you can give )

add the line

ldapuser0 -rw

Above command and URL should be corrected

Then save and quit

here i wanted ldapuser0 home directory should mount when log in to the server :

then add this in to auto.master file:

#systemctl restart autofs

#su – ldapuser0

For adding all other users by default read and write

ldapuser0 -fstype=auto (for individual user)

* -fstype= auto (for all the users)

If we are adding this entry all the users can get read and write ie won`t get permission denied error

Only single user home directory mount this will be the output : here ldapuser1 entry added so users can read and write :

Below example all the ldap users can able to read and write :

If you are getting error like mkdir: warning cannot create directory ‘home/guests’: permission denied then try

authconfig --enablemkhomedir --update

Thats it ……

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s