The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
The Authentication Configuration GUI and
authconfig configure access to LDAP via
sss entries in
/etc/nsswitch.conf so you must configure
the System Security Services Daemon (SSSD) on the LDAP client.
To configure an LDAP client to use SSSD:
Install the
sssdandsssd-clientpackages:#
yum install sssd sssd-clientEdit the
/etc/sssd/sssd.confconfiguration file and configure the sections to support the required services, for example:[sssd] config_file_version = 2 domains = default services = nss, pam [domain/default] id_provider = ldap ldap_uri =
ldap://ldap.mydom.comldap_id_use_start_tls = true ldap_search_base =dc=mydom,dc=comldap_tls_cacertdir = /etc/openldap/cacerts auth_provider = krb5 chpass_provider = krb5 krb5_realm =MYDOM.COMkrb5_server =krbsvr.mydom.comkrb5_kpasswd =krbsvr.mydom.comcache_credentials = true [domain/LDAP] id_provider = ldap ldap_uri =ldap://ldap.mydom.comldap_search_base =dc=mydom,dc=comauth_provider = krb5 krb5_realm =MYDOM.COMkrb5_server =kdcsvr.mydom.comcache_credentials = true min_id = 5000 max_id = 25000 enumerate = false [nss] filter_groups = root filter_users = root reconnection_retries = 3 entry_cache_timeout = 300 [pam] reconnection_retries = 3 offline_credentials_expiration = 2 offline_failed_login_attempts = 3 offline_failed_login_delay = 5Change the mode of
/etc/sssd/sssd.confto 0600:#
chmod 0600 /etc/sssd/sssd.confEnable the SSSD service:
#
authconfig --update --enablesssd --enablesssdauth
For more information, see the sssd.conf(5)
manual page and Section 23.8, “About the System Security Services Daemon”.