LDAP Authentication

[alexm]

Hi all,

If this is not in the right forum, please feel free to move it. I am not sure if it should be "Networking" or "Security", but as soon as I typed "Authentication" I thought security...

Anyway: I have many, many CentOS servers (6 and 7) running. They all use LDAP to authenticate SSH users, with the LDAP server being a Symas LDAP server on our network. This has worked very very well, and I want to continue using this method.

However, I have grepped the internet and can't find a really good explanation on the "new" way to do this, in CentOS 8. I know RH dropped OpenLDAP (why, I have no friggin idea, since it's kind of the gold standard) to move to their new IPA (this reeks of M$ and AD). I am up for trying IPA, but my needs are extremely simple, and all of the information I've found for IPA have been much more robust than just a simple LDAP authentication configuration.

Does anyone have any pointers or documentation for doing this? I could install the OpenLDAP client, but then updates could be compromised...

TIA!

Alex

[TrevorH]

I've looked at ipa and for my needs it is way over-complicated and complete overkill. I will be using something like 389-ds in the future (my openldap servers are currently still on el6).

[alexm]

OK, I have it working. Basically, I set it up *exactly* as I did CentOS 7, using openldap-client, nslcd, and PAM (though the config files are now in /etc/authselect). I had to completely disable SSSD as our LDAP server does not support TLS (I know, it should, but that's for another time with lots of safeguards in place).

Anyway, just thought I'd update this. If anyone wants details, let me know and I can post my documentation.

Thanks!

Alex

[sles]

If anyone wants details, let me know and I can post my documentation.

Well, I'm not migrating from 7 to 8 right now, but this will be interesting in future.
Thank you!