linux (redhat) local authentication repository redirect to LDAP authentication
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have an application running on a linux server that can only authenticate using the local repository. However, I have LDAP configured on the machine and want to authenticate users using LDAP. Is there a redirection I can do to have the application think it is authenticating with local users but have the end authentication be LDAP.
Application (local authentication) ---> maybe access.conf or something ---> LDAP server
I would add my users to access.conf or some other file manually. Not sure if that is the appropriate file to use for this method.
So real example:
User goes to web based application (www.application.com) and types in LDAP username and password.
Application reads some local file and sees the username as a local authentication.
The local file says to go to the LDAP server to authenticate.
The LDAP users would all be mapped to the application server. So if I type 'id username', the LDAP information would display (the mapped user drives and such).
So far, I have the LDAP users mapped and if I try to add that user to the application, it says it doesn't exist. If I try to create a local user with the same name, it says it already exist.
'id ldapuser'
prints all the ldap information
'application adduser command ldapuser'
user does not exist
'useradd ldapuser'
user already exist
linux rhel authentication repository ldap
add a comment |Â
up vote
0
down vote
favorite
I have an application running on a linux server that can only authenticate using the local repository. However, I have LDAP configured on the machine and want to authenticate users using LDAP. Is there a redirection I can do to have the application think it is authenticating with local users but have the end authentication be LDAP.
Application (local authentication) ---> maybe access.conf or something ---> LDAP server
I would add my users to access.conf or some other file manually. Not sure if that is the appropriate file to use for this method.
So real example:
User goes to web based application (www.application.com) and types in LDAP username and password.
Application reads some local file and sees the username as a local authentication.
The local file says to go to the LDAP server to authenticate.
The LDAP users would all be mapped to the application server. So if I type 'id username', the LDAP information would display (the mapped user drives and such).
So far, I have the LDAP users mapped and if I try to add that user to the application, it says it doesn't exist. If I try to create a local user with the same name, it says it already exist.
'id ldapuser'
prints all the ldap information
'application adduser command ldapuser'
user does not exist
'useradd ldapuser'
user already exist
linux rhel authentication repository ldap
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have an application running on a linux server that can only authenticate using the local repository. However, I have LDAP configured on the machine and want to authenticate users using LDAP. Is there a redirection I can do to have the application think it is authenticating with local users but have the end authentication be LDAP.
Application (local authentication) ---> maybe access.conf or something ---> LDAP server
I would add my users to access.conf or some other file manually. Not sure if that is the appropriate file to use for this method.
So real example:
User goes to web based application (www.application.com) and types in LDAP username and password.
Application reads some local file and sees the username as a local authentication.
The local file says to go to the LDAP server to authenticate.
The LDAP users would all be mapped to the application server. So if I type 'id username', the LDAP information would display (the mapped user drives and such).
So far, I have the LDAP users mapped and if I try to add that user to the application, it says it doesn't exist. If I try to create a local user with the same name, it says it already exist.
'id ldapuser'
prints all the ldap information
'application adduser command ldapuser'
user does not exist
'useradd ldapuser'
user already exist
linux rhel authentication repository ldap
I have an application running on a linux server that can only authenticate using the local repository. However, I have LDAP configured on the machine and want to authenticate users using LDAP. Is there a redirection I can do to have the application think it is authenticating with local users but have the end authentication be LDAP.
Application (local authentication) ---> maybe access.conf or something ---> LDAP server
I would add my users to access.conf or some other file manually. Not sure if that is the appropriate file to use for this method.
So real example:
User goes to web based application (www.application.com) and types in LDAP username and password.
Application reads some local file and sees the username as a local authentication.
The local file says to go to the LDAP server to authenticate.
The LDAP users would all be mapped to the application server. So if I type 'id username', the LDAP information would display (the mapped user drives and such).
So far, I have the LDAP users mapped and if I try to add that user to the application, it says it doesn't exist. If I try to create a local user with the same name, it says it already exist.
'id ldapuser'
prints all the ldap information
'application adduser command ldapuser'
user does not exist
'useradd ldapuser'
user already exist
linux rhel authentication repository ldap
asked Oct 14 '17 at 17:31
kdoggett
32
32
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
Red Hat has a pretty comprehensive tool called SSSD. It can manage backend authentication on RHEL and, if configured properly would allow you to authenticate users on Linux with a Microsoft Windows domain.
It may involve quite a few components to configure (like nsswitch
and PAM
), so I suggest you look into documentation like this from Red Hat.
You don't need SSSD for it, but it is the "Red Hat way" and that made a few things simpler when I tested it.
I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
â kdoggett
Oct 15 '17 at 4:45
That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
â Zip
Oct 15 '17 at 5:02
Makes sense. I will study the docs in more detail.
â kdoggett
Oct 15 '17 at 18:14
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
Red Hat has a pretty comprehensive tool called SSSD. It can manage backend authentication on RHEL and, if configured properly would allow you to authenticate users on Linux with a Microsoft Windows domain.
It may involve quite a few components to configure (like nsswitch
and PAM
), so I suggest you look into documentation like this from Red Hat.
You don't need SSSD for it, but it is the "Red Hat way" and that made a few things simpler when I tested it.
I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
â kdoggett
Oct 15 '17 at 4:45
That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
â Zip
Oct 15 '17 at 5:02
Makes sense. I will study the docs in more detail.
â kdoggett
Oct 15 '17 at 18:14
add a comment |Â
up vote
1
down vote
accepted
Red Hat has a pretty comprehensive tool called SSSD. It can manage backend authentication on RHEL and, if configured properly would allow you to authenticate users on Linux with a Microsoft Windows domain.
It may involve quite a few components to configure (like nsswitch
and PAM
), so I suggest you look into documentation like this from Red Hat.
You don't need SSSD for it, but it is the "Red Hat way" and that made a few things simpler when I tested it.
I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
â kdoggett
Oct 15 '17 at 4:45
That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
â Zip
Oct 15 '17 at 5:02
Makes sense. I will study the docs in more detail.
â kdoggett
Oct 15 '17 at 18:14
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
Red Hat has a pretty comprehensive tool called SSSD. It can manage backend authentication on RHEL and, if configured properly would allow you to authenticate users on Linux with a Microsoft Windows domain.
It may involve quite a few components to configure (like nsswitch
and PAM
), so I suggest you look into documentation like this from Red Hat.
You don't need SSSD for it, but it is the "Red Hat way" and that made a few things simpler when I tested it.
Red Hat has a pretty comprehensive tool called SSSD. It can manage backend authentication on RHEL and, if configured properly would allow you to authenticate users on Linux with a Microsoft Windows domain.
It may involve quite a few components to configure (like nsswitch
and PAM
), so I suggest you look into documentation like this from Red Hat.
You don't need SSSD for it, but it is the "Red Hat way" and that made a few things simpler when I tested it.
answered Oct 15 '17 at 2:50
Zip
51118
51118
I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
â kdoggett
Oct 15 '17 at 4:45
That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
â Zip
Oct 15 '17 at 5:02
Makes sense. I will study the docs in more detail.
â kdoggett
Oct 15 '17 at 18:14
add a comment |Â
I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
â kdoggett
Oct 15 '17 at 4:45
That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
â Zip
Oct 15 '17 at 5:02
Makes sense. I will study the docs in more detail.
â kdoggett
Oct 15 '17 at 18:14
I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
â kdoggett
Oct 15 '17 at 4:45
I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'.
â kdoggett
Oct 15 '17 at 4:45
That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
â Zip
Oct 15 '17 at 5:02
That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you?
â Zip
Oct 15 '17 at 5:02
Makes sense. I will study the docs in more detail.
â kdoggett
Oct 15 '17 at 18:14
Makes sense. I will study the docs in more detail.
â kdoggett
Oct 15 '17 at 18:14
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f398138%2flinux-redhat-local-authentication-repository-redirect-to-ldap-authentication%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password