LDAP is a platform-independent protocol. Several common Linux distributions include OpenLDAP Software for LDAP support. The software also runs on BSD-variants, as well as AIX, Android, HP-UX, macOS, Solaris, Microsoft Windows (NT and derivatives, e.g. 2000, XP, Vista, Windows 7, etc.), and z/OS.
We have an open LDAP server :
First we need to check ldap package is installed or not in the LDAP server
#rpm -qa | grep openldap
#rpm -qa | grep nfs*
Here we created some users in home/guests
Next step go to Client server system or desktop system
configure static IP add LDAP server IP in /etc/hosts
Ping with the LDAP server IP
install yum install -y sssd*
The System Security Services Daemon is a software package originally developed for the Linux operating system that provides a set of daemons to manage access to remote directories and authentication mechanisms.
the authconfig-tui command being deprecated (tui stands for Text User Interface), the only remaining options are the system-config-authentication and authconfig commands. One is a graphical command, this other a text one.
#yum install authconfig*
#authconfig-gtk in GNOME terminal
note: in TUI #authconfig-tui
check the URL certificate link :
Then check in /etc/openldap/cacerts/
you can see that .pem file
Restart sssd service
#systemctl restart sssd
#getent passwd <username> here am using the user ldapuser0
If you can see the userid details then you configured ldap certificate successfully.
Other wise you may check the URL link and the LDAP server URL name whether its correct or not .
You can check with ssh localhost also ;
Now you can check with the user with ldapuser0@localhost or su – ldapuser0
You can log in but you must get permission denied error .That we can fix with autofs configuration .
Mapping User`s home directory
#yum install -y autofs*
check the installed package
create a map file under # vi /etc/auto.ami (anyname you can give )
add the line
ldapuser0 -rw classroom.example.com:/home/guests/ldapuser0
Above command and URL should be corrected
Then save and quit
here i wanted ldapuser0 home directory should mount when log in to the server :
then add this in to auto.master file:
#systemctl restart autofs
#su – ldapuser0
For adding all other users by default read and write
ldapuser0 -fstype=auto classroom.example.com:/home/guests/ldapuser0 (for individual user)
* -fstype= auto classroom.example.com:/home/guests/& (for all the users)
If we are adding this entry all the users can get read and write ie won`t get permission denied error
Only single user home directory mount this will be the output : here ldapuser1 entry added so users can read and write :
Below example all the ldap users can able to read and write :
If you are getting error like mkdir: warning cannot create directory ‘home/guests’: permission denied then try
authconfig --enablemkhomedir --update
Thats it ……