The OpenLDAP password policy overlay allows administrators to implement password policies such as minimum length requirements and expirations. This guide explains how to use it and demonstrates with a few examples. The password policy overlay configuration is a bit different from other overlays. The configuration of most overlays takes place in the overlay entry of… Read More »
While I prefer nss-pam-ldapd for authentication and password resolution on Linux systems, sssd has a few advantages. I consider the biggest advantage of SSSD is the ability to cache credentials. I am going to assume you have a directory server up and running. If not, you can always follow my guides on installing OpenLDAP and… Read More »
Adding a disk to LVM is pretty straightforward. The typical scenario is you have a virtual machine (VM) that is running low on space, so you add another virtual disk to it. Another possible scenario is adding another physical disk to create a software mirror. Perhaps you have a new host and wish to store… Read More »
The OpenLDAP referential integrity overlay is used to keep attributes that refer to the DNs of other entries consistent when changes occur. If you are trying to make groups more manageable, consider using the memberOf overlay. The referential integrity overlay will automatically modify or remove attributes if the entry they refer to is renamed or… Read More »
The OpenLDAP memberOf overlay automatically creates and removes attributes when attributes of other entries that refer to their DN are added and removed. That statement, while technically accurate, was confusing to me and I wrote it! For example, if you create a groupOfNames entry with a member attribute of uid=user,ou=users,dc=tylersguides,dc=com, the memberOf overlay can automatically… Read More »
How the hostname is set is operating system specific. This is because the hostname is typically set by the startup process, and different operating systems have different startup processes. CentOS is no different. CentOS 7 uses systemd, while CentOS 6 uses upstart. This means how to change the hostname in CentOS depends on which major… Read More »
To temporarily disable SELinux on CentOS 7, run this command as root: root@centos7 ~]# setenforce 0 If you want to turn it back on, use the command: root@centos7 ~]# setenforce 1 This will not persist across a reboot. If you want it to be disabled when the system boots, edit /etc/sysconfig/selinux and replace this line:… Read More »
OpenLDAP Multi-Master Replication is for high availability, not load balancing. If a split-brain is possible, consider the mirror mode architecture described in the OpenLDAP Administrator’s Guide. A split-brain is where two or more nodes of a cluster are operating independently, which can cause the cluster data to become corrupt or out of sync. If you… Read More »
This guide will walk you through setting up CentOS 7 to use an LDAP directory server for authentication. This guide will not work with CentOS 8. If you want to use LDAP authentication with CentOS 8, click here. I am assuming you have a directory server up and running. If you don’t, you can follow… Read More »
This guide will walk you through setting up OpenSUSE LEAP 15 to use an LDAP directory server for authentication. I am assuming you have a directory server up and running. If you don’t, you can follow these two guides to install and configure OpenLDAP: Install OpenLDAP From Source – OpenSUSE Configure OpenLDAP Install Packages First,… Read More »