linux (redhat) local authentication repository redirect to LDAP authentication

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I have an application running on a linux server that can only authenticate using the local repository. However, I have LDAP configured on the machine and want to authenticate users using LDAP. Is there a redirection I can do to have the application think it is authenticating with local users but have the end authentication be LDAP.



Application (local authentication) ---> maybe access.conf or something ---> LDAP server



I would add my users to access.conf or some other file manually. Not sure if that is the appropriate file to use for this method.



So real example:



User goes to web based application (www.application.com) and types in LDAP username and password.
Application reads some local file and sees the username as a local authentication.
The local file says to go to the LDAP server to authenticate.



The LDAP users would all be mapped to the application server. So if I type 'id username', the LDAP information would display (the mapped user drives and such).



So far, I have the LDAP users mapped and if I try to add that user to the application, it says it doesn't exist. If I try to create a local user with the same name, it says it already exist.



'id ldapuser'
prints all the ldap information



'application adduser command ldapuser'
user does not exist



'useradd ldapuser'
user already exist







share|improve this question
























    up vote
    0
    down vote

    favorite












    I have an application running on a linux server that can only authenticate using the local repository. However, I have LDAP configured on the machine and want to authenticate users using LDAP. Is there a redirection I can do to have the application think it is authenticating with local users but have the end authentication be LDAP.



    Application (local authentication) ---> maybe access.conf or something ---> LDAP server



    I would add my users to access.conf or some other file manually. Not sure if that is the appropriate file to use for this method.



    So real example:



    User goes to web based application (www.application.com) and types in LDAP username and password.
    Application reads some local file and sees the username as a local authentication.
    The local file says to go to the LDAP server to authenticate.



    The LDAP users would all be mapped to the application server. So if I type 'id username', the LDAP information would display (the mapped user drives and such).



    So far, I have the LDAP users mapped and if I try to add that user to the application, it says it doesn't exist. If I try to create a local user with the same name, it says it already exist.



    'id ldapuser'
    prints all the ldap information



    'application adduser command ldapuser'
    user does not exist



    'useradd ldapuser'
    user already exist







    share|improve this question






















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I have an application running on a linux server that can only authenticate using the local repository. However, I have LDAP configured on the machine and want to authenticate users using LDAP. Is there a redirection I can do to have the application think it is authenticating with local users but have the end authentication be LDAP.



      Application (local authentication) ---> maybe access.conf or something ---> LDAP server



      I would add my users to access.conf or some other file manually. Not sure if that is the appropriate file to use for this method.



      So real example:



      User goes to web based application (www.application.com) and types in LDAP username and password.
      Application reads some local file and sees the username as a local authentication.
      The local file says to go to the LDAP server to authenticate.



      The LDAP users would all be mapped to the application server. So if I type 'id username', the LDAP information would display (the mapped user drives and such).



      So far, I have the LDAP users mapped and if I try to add that user to the application, it says it doesn't exist. If I try to create a local user with the same name, it says it already exist.



      'id ldapuser'
      prints all the ldap information



      'application adduser command ldapuser'
      user does not exist



      'useradd ldapuser'
      user already exist







      share|improve this question












      I have an application running on a linux server that can only authenticate using the local repository. However, I have LDAP configured on the machine and want to authenticate users using LDAP. Is there a redirection I can do to have the application think it is authenticating with local users but have the end authentication be LDAP.



      Application (local authentication) ---> maybe access.conf or something ---> LDAP server



      I would add my users to access.conf or some other file manually. Not sure if that is the appropriate file to use for this method.



      So real example:



      User goes to web based application (www.application.com) and types in LDAP username and password.
      Application reads some local file and sees the username as a local authentication.
      The local file says to go to the LDAP server to authenticate.



      The LDAP users would all be mapped to the application server. So if I type 'id username', the LDAP information would display (the mapped user drives and such).



      So far, I have the LDAP users mapped and if I try to add that user to the application, it says it doesn't exist. If I try to create a local user with the same name, it says it already exist.



      'id ldapuser'
      prints all the ldap information



      'application adduser command ldapuser'
      user does not exist



      'useradd ldapuser'
      user already exist









      share|improve this question











      share|improve this question




      share|improve this question










      asked Oct 14 '17 at 17:31









      kdoggett

      32




      32




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          1
          down vote



          accepted










          Red Hat has a pretty comprehensive tool called SSSD. It can manage backend authentication on RHEL and, if configured properly would allow you to authenticate users on Linux with a Microsoft Windows domain.



          It may involve quite a few components to configure (like nsswitch and PAM), so I suggest you look into documentation like this from Red Hat.



          You don't need SSSD for it, but it is the "Red Hat way" and that made a few things simpler when I tested it.






          share|improve this answer




















          • I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
            – kdoggett
            Oct 15 '17 at 4:45










          • That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
            – Zip
            Oct 15 '17 at 5:02










          • Makes sense. I will study the docs in more detail.
            – kdoggett
            Oct 15 '17 at 18:14










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f398138%2flinux-redhat-local-authentication-repository-redirect-to-ldap-authentication%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          1
          down vote



          accepted










          Red Hat has a pretty comprehensive tool called SSSD. It can manage backend authentication on RHEL and, if configured properly would allow you to authenticate users on Linux with a Microsoft Windows domain.



          It may involve quite a few components to configure (like nsswitch and PAM), so I suggest you look into documentation like this from Red Hat.



          You don't need SSSD for it, but it is the "Red Hat way" and that made a few things simpler when I tested it.






          share|improve this answer




















          • I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
            – kdoggett
            Oct 15 '17 at 4:45










          • That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
            – Zip
            Oct 15 '17 at 5:02










          • Makes sense. I will study the docs in more detail.
            – kdoggett
            Oct 15 '17 at 18:14














          up vote
          1
          down vote



          accepted










          Red Hat has a pretty comprehensive tool called SSSD. It can manage backend authentication on RHEL and, if configured properly would allow you to authenticate users on Linux with a Microsoft Windows domain.



          It may involve quite a few components to configure (like nsswitch and PAM), so I suggest you look into documentation like this from Red Hat.



          You don't need SSSD for it, but it is the "Red Hat way" and that made a few things simpler when I tested it.






          share|improve this answer




















          • I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
            – kdoggett
            Oct 15 '17 at 4:45










          • That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
            – Zip
            Oct 15 '17 at 5:02










          • Makes sense. I will study the docs in more detail.
            – kdoggett
            Oct 15 '17 at 18:14












          up vote
          1
          down vote



          accepted







          up vote
          1
          down vote



          accepted






          Red Hat has a pretty comprehensive tool called SSSD. It can manage backend authentication on RHEL and, if configured properly would allow you to authenticate users on Linux with a Microsoft Windows domain.



          It may involve quite a few components to configure (like nsswitch and PAM), so I suggest you look into documentation like this from Red Hat.



          You don't need SSSD for it, but it is the "Red Hat way" and that made a few things simpler when I tested it.






          share|improve this answer












          Red Hat has a pretty comprehensive tool called SSSD. It can manage backend authentication on RHEL and, if configured properly would allow you to authenticate users on Linux with a Microsoft Windows domain.



          It may involve quite a few components to configure (like nsswitch and PAM), so I suggest you look into documentation like this from Red Hat.



          You don't need SSSD for it, but it is the "Red Hat way" and that made a few things simpler when I tested it.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Oct 15 '17 at 2:50









          Zip

          51118




          51118











          • I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
            – kdoggett
            Oct 15 '17 at 4:45










          • That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
            – Zip
            Oct 15 '17 at 5:02










          • Makes sense. I will study the docs in more detail.
            – kdoggett
            Oct 15 '17 at 18:14
















          • I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
            – kdoggett
            Oct 15 '17 at 4:45










          • That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
            – Zip
            Oct 15 '17 at 5:02










          • Makes sense. I will study the docs in more detail.
            – kdoggett
            Oct 15 '17 at 18:14















          I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
          – kdoggett
          Oct 15 '17 at 4:45




          I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
          – kdoggett
          Oct 15 '17 at 4:45












          That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
          – Zip
          Oct 15 '17 at 5:02




          That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
          – Zip
          Oct 15 '17 at 5:02












          Makes sense. I will study the docs in more detail.
          – kdoggett
          Oct 15 '17 at 18:14




          Makes sense. I will study the docs in more detail.
          – kdoggett
          Oct 15 '17 at 18:14

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f398138%2flinux-redhat-local-authentication-repository-redirect-to-ldap-authentication%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?