

Ldap_access_filter = (objectClass=posixAccount) Ldap_tls_cacert = /etc/openldap/certs/cacert.pem Ldap_default_bind_dn = cn=readonly,ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com Ldap_search_base = dc=ldapmaster,dc=kifarunix-demo,dc=com Setup you SSSD LDAP authentication parameters such that it may look like in below As such, you need to create it and define you authentication parameter options. Once the installation completes, the next step is to configure SSSD for OpenLDAP authentication on CentOS 6/CentOS 7.īy default, SSSD doesn’t create a configuration file. The install SSSD and other SSSD userspace tools for manipulating users, groups, and nested groups, run the command below yum install sssd sssd-tools Configure SSSD for OpenLDAP Authentication

You should also install the same CA certificate on all of your client machines. You can confirm this by running slapcat -b "cn=config" | grep olcTLS olcTLSCACertificateFile: /etc/pki/tls/cacert.pemĬhange the location of the CA certificate on /etc/openldap/nf. You can the update OpenLDAP database as follows ldapadd -Y EXTERNAL -H ldapi:/// -f add-tls.ldif Replace the paths to the CA, Server Certificate and the key accordingly. OlcTLSCertificateFile: /etc/pki/tls/ldapserver.crt OlcTLSCertificateKeyFile: /etc/pki/tls/ldapserver.key OlcTLSCACertificateFile: /etc/pki/tls/cacert.pem To configure OpenLDAP server with SSL/TLS support, you can update the OpenLDAP Server TLS certificates attributes as follows vi enable-tls.ldif dn: cn=config Another thing to note is that, SSSD does not support authentication over an unencrypted channel.
