There are a few good reasons for setting up an HAProxy LDAP backend. Perhaps the client’s TLS implementation is lacking. Maybe the application only supports a single server and you can’t afford down time. In the latter scenario, setting up multiple address records in DNS with the same domain name. The problem with that is… Read More »
This guide will walk you through setting up CentOS 8 to use an LDAP directory server for authentication. I am assuming you have a directory server up and running. If you don’t, you can follow these two guides to install and configure OpenLDAP: Install OpenLDAP From Source – CentOS 8 Configure OpenLDAP In this guide,… Read More »
This guide will walk you through installing OpenLDAP from source on CentOS 8. It should work with Red Hat Enterprise Linux (RHEL) 8, Oracle Linux 8, and any other RHEL clones. I am assuming you are able to use a command line shell and text editor on a UNIX like operating system. This guide was… Read More »
The OpenLDAP password policy overlay allows administrators to implement password policies such as minimum length requirements and expirations. This guide explains how to use it and demonstrates with a few examples. The password policy overlay configuration is a bit different from other overlays. The configuration of most overlays takes place in the overlay entry of… Read More »
While I prefer nss-pam-ldapd for authentication and password resolution on Linux systems, sssd has a few advantages. I consider the biggest advantage of SSSD is the ability to cache credentials. I am going to assume you have a directory server up and running. If not, you can always follow my guides on installing OpenLDAP and… Read More »
The OpenLDAP referential integrity overlay is used to keep attributes that refer to the DNs of other entries consistent when changes occur. If you are trying to make groups more manageable, consider using the memberOf overlay. The referential integrity overlay will automatically modify or remove attributes if the entry they refer to is renamed or… Read More »
My OpenLDAP Online Configuration (OLC) Reference provides the OLC equivalents of the configuration file options. It should be pretty accurate as I read the source code to determine which OLC attributes correspond to the configuration file options. For a description of what the various options do, consult the appropriate man page or the official Administrator’s… Read More »
The OpenLDAP memberOf overlay automatically creates and removes attributes when attributes of other entries that refer to their DN are added and removed. That statement, while technically accurate, was confusing to me and I wrote it! For example, if you create a groupOfNames entry with a member attribute of uid=user,ou=users,dc=tylersguides,dc=com, the memberOf overlay can automatically… Read More »
OpenLDAP Multi-Master Replication is for high availability, not load balancing. If a split-brain is possible, consider the mirror mode architecture described in the OpenLDAP Administrator’s Guide. A split-brain is where two or more nodes of a cluster are operating independently, which can cause the cluster data to become corrupt or out of sync. If you… Read More »
This guide will walk you through setting up CentOS 7 to use an LDAP directory server for authentication. This guide will not work with CentOS 8. If you want to use LDAP authentication with CentOS 8, click here. I am assuming you have a directory server up and running. If you don’t, you can follow… Read More »