Welcome to the Linux Foundation Forum!

openldap client configuration LAB 9.5

Hello,

I'm stuck with openldap client configuration and I would really appreciate if someone could help me

I have two VMs, one is turnkey-openldap server (suggested in the lab) and the other is ubuntu 18.04

I've followed the steps in the lab, with some minor problems that I overcame while configuring the openldap server (I couldn't add group.ldif because there was no ou Group available so I created it)

Also please note that my domain is zvezdara.lokal instead of example.com

Here is the output of ldapsearch -H ldap://192.168.122.252 -D cn=admin,dc=zvezdara,dc=lokal -x -W -b dc=zvezdara,dc=lokal ran from the client VM:

  1. # extended LDIF
  2. #
  3. # LDAPv3
  4. # base <dc=zvezdara,dc=lokal> with scope subtree
  5. # filter: (objectclass=*)
  6. # requesting: ALL
  7. #
  8.  
  9. # zvezdara.lokal
  10. dn: dc=zvezdara,dc=lokal
  11. objectClass: top
  12. objectClass: dcObject
  13. objectClass: organization
  14. o: Zvezdara
  15. dc: zvezdara
  16.  
  17. # admin, zvezdara.lokal
  18. dn: cn=admin,dc=zvezdara,dc=lokal
  19. objectClass: simpleSecurityObject
  20. objectClass: organizationalRole
  21. cn: admin
  22. description: LDAP administrator
  23. userPassword:: e1NTSEF9WUF4aFhjM0JkRHlxRnpEK2UzbTFZMG02bDR1L3JnSDI=
  24.  
  25. # luser1, zvezdara.lokal
  26. dn: cn=luser1,dc=zvezdara,dc=lokal
  27. uid: luser1
  28. cn: luser1
  29. givenName: luser1
  30. sn: linux
  31. homeDirectory: /home/users/luser1
  32. objectClass: inetOrgPerson
  33. objectClass: posixAccount
  34. objectClass: top
  35. uidNumber: 999001
  36. gidNumber: 999001
  37. userPassword:: e1NTSEF9Ukt1dXBWUnp5SjhEWkkrUVQ4cXVsVms3UkZud1hUZjIgICA=
  38.  
  39. # Groups, zvezdara.lokal
  40. dn: ou=Groups,dc=zvezdara,dc=lokal
  41. objectClass: organizationalUnit
  42. objectClass: top
  43. ou: Groups
  44.  
  45. # luser1, Groups, zvezdara.lokal
  46. dn: cn=luser1,ou=Groups,dc=zvezdara,dc=lokal
  47. cn: luser1
  48. objectClass: posixGroup
  49. objectClass: top
  50. gidNumber: 999001
  51. memberUid: luser1
  52.  
  53. # search result
  54. search: 2
  55. result: 0 Success
  56.  
  57. # numResponses: 6
  58. # numEntries: 5

So server seems to show user luser1

On the client VM I've installed sssd sssd-ldap ldap-utils oddjob-mkhomedir and I've created /etc/sssd/conf.d/00-sssd.conf

  1. [sssd]
  2. config_file_version = 2
  3. domains = zvezdara.lokal
  4. services = nss, pam, autofs
  5.  
  6. [domain/zvezdara.lokal]
  7. enumerate = true
  8. id_provider = ldap
  9. autofs_provider = ldap
  10. auth_provider = ldap
  11. chpass_provider = ldap
  12. ldap_uri = ldap://192.168.122.252/
  13. ldap_search_base = dc=zvezdara,dc=lokal
  14. ldap_id_use_start_tls = true
  15. cache_credentials = True
  16. ldap_tls_reqcert = allow

and added a line session optional pam oddjob mkhomedir.so into /etc/pam.d/common-session.conf

However, after restarting sssf and oddjobd and issuing getent passwd luser1 I don't get anything in response

What am I missing ?

The one potentially problematic thing is that in the lab these steps are written for Ubuntu 20.01 and I'm running Ubuntu 18.04.

Comments

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training