The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
The Authentication Configuration GUI and
authconfig
configure access to LDAP via
sss
entries in
/etc/nsswitch.conf
so you must configure
the System Security Services Daemon (SSSD) on the LDAP client.
To configure an LDAP client to use SSSD:
Install the
sssd
andsssd-client
packages:#
yum install sssd sssd-client
Edit the
/etc/sssd/sssd.conf
configuration file and configure the sections to support the required services, for example:[sssd] config_file_version = 2 domains = default services = nss, pam [domain/default] id_provider = ldap ldap_uri =
ldap://ldap.mydom.com
ldap_id_use_start_tls = true ldap_search_base =dc=mydom,dc=com
ldap_tls_cacertdir = /etc/openldap/cacerts auth_provider = krb5 chpass_provider = krb5 krb5_realm =MYDOM.COM
krb5_server =krbsvr.mydom.com
krb5_kpasswd =krbsvr.mydom.com
cache_credentials = true [domain/LDAP] id_provider = ldap ldap_uri =ldap://ldap.mydom.com
ldap_search_base =dc=mydom,dc=com
auth_provider = krb5 krb5_realm =MYDOM.COM
krb5_server =kdcsvr.mydom.com
cache_credentials = true min_id = 5000 max_id = 25000 enumerate = false [nss] filter_groups = root filter_users = root reconnection_retries = 3 entry_cache_timeout = 300 [pam] reconnection_retries = 3 offline_credentials_expiration = 2 offline_failed_login_attempts = 3 offline_failed_login_delay = 5Change the mode of
/etc/sssd/sssd.conf
to 0600:#
chmod 0600 /etc/sssd/sssd.conf
Enable the SSSD service:
#
authconfig --update --enablesssd --enablesssdauth
For more information, see the sssd.conf(5)
manual page and Section 23.8, “About the System Security Services Daemon”.