HOWTO : Configure OpenSSH to Fetch Public Keys from OpenLDAP for Authentication on CentOS

Today we will configure our OpenLDAP server to store SSH public keys so that the OpenSSH daemon can fetch them and thus authenticate our users.

To do this, we first need two CentOS machines. This is easy to achieve via a KickStart. If you need help building a KickStart server, follow my previous blog post. Then we need a working OpenLDAP server. If you don't have one, then follow my previous blog posts to set one up.

HOWTO : OpenLDAP 2.4 Replication on CentOS 6.2

We continue our OpenLDAP 2.4 on CentOS 6.2 with a description on how to setup  between two OpenLDAP 2.4 servers. This happens to be the final bullet point in our list of goals :

1. Install OpenLDAP 2.4.
2. Configure Transport Layer Security (TLS).
3. Manage users and groups in OpenLDAP.
4. Configure pam_ldap to authenticate users via OpenLDAP.
5. Use OpenLDAP as sudo's configuration repository.
6. Use OpenLDAP as automount map repository for autofs.
7. Use OpenLDAP as NFS netgroup repository again for autofs.
8. Use OpenLDAP as the Kerberos principal repository.
9. Setup OpenLDAP backup and recovery.
10. Setup OpenLDAP replication.

Of course the first thing to do in order to be able to replication our DIT is to have another CentOS machine. So go ahead and install it on a seperate computer. We will continue with our example two machines : alice and bob. Alice is the current OpenLDAP server while bob was the client. At the end of this document, bob will be the second OpenLDAP server. Which in OpenLDAP syncrepl parlance, we have these entities :

• provider : alice.company.com (a.k.a. master server)
• consumer : bob.company.com (a.k.a. replica server)

HOWTO : OpenLDAP 2.4 Backup & Recovery on CentOS 6.2

This blog post will explain how to backup and restore our OpenLDAP 2.4 server. This is goal number nine.

1. Install OpenLDAP 2.4.
2. Configure Transport Layer Security (TLS).
3. Manage users and groups in OpenLDAP.
4. Configure pam_ldap to authenticate users via OpenLDAP.
5. Use OpenLDAP as sudo's configuration repository.
6. Use OpenLDAP as automount map repository for autofs.
7. Use OpenLDAP as NFS netgroup repository again for autofs.
8. Use OpenLDAP as the Kerberos principal repository.
9. Setup OpenLDAP backup and recovery.
10. Setup OpenLDAP replication.

The Maintenance chapter in the OpenLDAP Administrator's Guide on this topic is not very explicit. We hope this blog post will be more helpful.

HOWTO : Kerberos KDC with OpenLDAP 2.4 Back-End and SASL GSSAPI Authentication on CentOS 6.2

We continue our OpenLDAP 2.4 series with goal number 8. Recall that our goals are :

1. Install OpenLDAP 2.4.
2. Configure Transport Layer Security (TLS).
3. Manage users and groups in OpenLDAP.
4. Configure pam_ldap to authenticate users via OpenLDAP.
5. Use OpenLDAP as sudo's configuration repository.
6. Use OpenLDAP as automount map repository for autofs.
7. Use OpenLDAP as NFS netgroup repository again for autofs.
8. Use OpenLDAP as the Kerberos principal repository.
9. Setup OpenLDAP backup and recovery.
10. Setup OpenLDAP replication.

In this document, we will learn how to setup our OpenLDAP 2.4 server as a repository for our Kerberos principals. We will also explore how to configure the client machines. Kerberos is a computer network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks. Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography by utilizing asymmetric key cryptography during certain phases of authentication.

HOWTO : OpenLDAP NFS NetGroup Repository for AutoFS

We continue our OpenLDAP 2.4 series with goal number 7. Recall that our goals are :

1. Install OpenLDAP 2.4.
2. Configure Transport Layer Security (TLS).
3. Manage users and groups in OpenLDAP.
4. Configure pam_ldap to authenticate users via OpenLDAP.
5. Use OpenLDAP as sudo's configuration repository.
6. Use OpenLDAP as automount map repository for autofs.
7. Use OpenLDAP as NFS netgroup repository again for autofs.
8. Use OpenLDAP as the Kerberos principal repository.
9. Setup OpenLDAP backup and recovery.
10. Setup OpenLDAP replication.

In this document, we will learn how to setup our OpenLDAP 2.4 server as a repository of NFS netgroup configuration. Then we will configure an NFS client to see if our netgroup configuration actually works. A netgroup is a set of (host, user, domain) tuples that are to be given similar network access.

HOWTO : OpenLDAP 2.4 NFSv4 Automount Map Repository on CentOS 6.2

We continue our OpenLDAP 2.4 series with goal number 6.

1. Install OpenLDAP 2.4.
2. Configure Transport Layer Security (TLS).
3. Manage users and groups in OpenLDAP.
4. Configure pam_ldap to authenticate users via OpenLDAP.
5. Use OpenLDAP as sudo's configuration repository.
6. Use OpenLDAP as automount map repository for autofs.
7. Use OpenLDAP as NFS netgroup repository again for autofs.
8. Use OpenLDAP as the Kerberos principal repository.
9. Setup OpenLDAP backup and recovery.
10. Setup OpenLDAP replication.

In this document, we will learn how to setup an NFS server along with an NFS client which runs autofs(5) version 5. This daemon will fetch his automount maps from our OpenLDAP 2.4 server. The client will then be configured to mount users home directories from the NFS server. All OpenLDAP users DN will be modified to reflect this change. We will also create a central NFS software repository.

HOWTO : OpenLDAP 2.4 sudo Repository on CentOS 6.2

Today we continue with our OpenLDAP series of blog posts. Recall that our goals were :

1. Install OpenLDAP 2.4.
2. Configure Transport Layer Security (TLS).
3. Manage users and groups in OpenLDAP.
4. Configure pam_ldap to authenticate users via OpenLDAP.
5. Use OpenLDAP as sudo's configuration repository.
6. Use OpenLDAP as automount map repository for autofs.
7. Use OpenLDAP as NFS netgroup repository again for autofs.
8. Use OpenLDAP as the Kerberos principal repository.
9. Setup OpenLDAP backup and recovery.
10. Setup OpenLDAP replication.

Since goals 1 to 4 are already achieved in previous blog posts, we are now ready to tackle goal number 5 which is to configure OpenLDAP to be a repository of sudo rules. The official sudo website, the sudoers LDAP manual and the sudo LDAP README file are a good place to start.

HOWTO : OpenLDAP 2.4 Users & Groups Management and PAM Authentication on CentOS 6.2

Today we will create and manage users and groups in our OpenLDAP 2.4 daemon running on a CentOS 6.2 machine. Recall our goals :

1. Install OpenLDAP 2.4.
2. Configure Transport Layer Security (TLS).
3. Manage users and groups in OpenLDAP.
4. Configure pam_ldap to authenticate users via OpenLDAP.
5. Use OpenLDAP as sudo's configuration repository.
6. Use OpenLDAP as automount map repository for autofs.
7. Use OpenLDAP as NFS netgroup repository again for autofs.
8. Use OpenLDAP as the Kerberos principal repository.
9. Setup OpenLDAP backup and recovery.
10. Setup OpenLDAP replication.

HOWTO : CentOS 6.2 OpenLDAP 2.4 Setup

This blog post will show how to install and configure OpenLDAP 2.4 on CentOS 6.2.

Goals

1. Install OpenLDAP 2.4.
2. Configure Transport Layer Security (TLS).
3. Manage users and groups in OpenLDAP.
4. Configure pam_ldap to authenticate users via OpenLDAP.
5. Use OpenLDAP as sudo's configuration repository.
6. Use OpenLDAP as automount map repository for autofs.
7. Use OpenLDAP as NFS netgroup repository again for autofs.
8. Use OpenLDAP as the Kerberos principal repository.
9. Setup OpenLDAP backup and recovery.
10. Setup OpenLDAP replication.