In environments with an existing LDAP authentication infrastructure, it may be preferable to enable LDAP authentication on each Oracle VM Server instance, to control and log access attempts on Dom0. This can enhance security for a critical asset (Dom0) for the same reasons that make centralized user control valuable in other contexts.

The packages required to the LDAP client are not included on the Oracle VM Server ISO. Therefore, it is necessary to download and install the packages manually. This section describes the steps required to do this.

Add the public or internal Yum repositories at the Oracle Linux 5u7 level. The most direct way to do this is to follow the instructions at http://public-yum.oracle.com/ for Oracle Linux 5:

# cd /etc/yum.repos.d
# wget http://public-yum.oracle.com/public-yum-el5.repo

Install the required packages to enable LDAP authentication, as well as any dependencies:

# yum install openldap-clients
# yum install nss_ldap

The installation prompts you to determine whether you wish to proceed, to which you should respond by returning the y character to the prompt. The required dependencies are also listed and downloaded. If you intend to copy the package files and install them manually on your server instances, take note of the listed dependencies and ensure that these are also made available on each server where you intend to install the LDAP client.

Once installation is complete, copy the server SSL/TLS certificate to /etc/openldap/cacerts/openldap.pem. Make sure the certificate has the right permissions:

# chmod 644 /etc/openldap/cacerts/openldap.pem

Rehash the CA certificates:

# cacertdir_rehash /etc/openldap/cacerts

Enable LDAP authentication using the authconfig command:

# authconfig-tui

Ensure that LDAP is configured correctly to access your LDAP server. Configuration is specific to your own environment and requirements and falls outside of the scope of this document, however the following example configurations may serve to assist you: