RHCSA Series: Setting Up LDAP-based Authentication in RHEL 7 – Part 14

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

34 Responses

  1. Tomas says:

    This is about eighth tutorial on LDAP I have tried. Yet again, suffering by some issues – this time “ldap_bind: Invalid credentials (49)” while running query. The LDAP solution is so fragile and pain to administer. Looking at the logs – no suggestion at all that could go wrong. Considering the fact that the LDAP setup is “ten” commands and still going wrong is a joke.

  2. Sriram says:

    Hi, I got this error

    [[email protected] cn=config]# setsebool -P allow_ypbind=0 authlogin_nsswitch_use_ldap=0
    [[email protected] cn=config]# systemctl enable slapd.service

    Created symlink from /etc/systemd/system/multi-user.target.wants/slapd.service to /usr/lib/systemd/system/slapd.service.

    [[email protected] cn=config]# systemctl start slapd.service

    Job for slapd.service failed because the control process exited with error code. See “systemctl status slapd.service” and “journalctl -xe” for details.

    [[email protected] cn=config]# systemctl restart slapd

    Job for slapd.service failed because the control process exited with error code. See “systemctl status slapd.service” and “journalctl -xe” for details.

  3. sriram says:

    Hi, I am using CentOS 7, and getting the below error

    # systemctl start slapd
    Job for slapd.service failed because the control process exited with error code. 
    See "systemctl status slapd.service" and "journalctl -xe" for

    Please let me know what to do.

  4. david1024 says:

    I get “ldap_sasl_interactive_bind_sL Local error (-2)” when I try to “ldapadd -H ldap:/// -f ldaprootpasswd.ldif” following the recipe here. Shouldn’t it be something like “ldapmodify” with EXTERNAL, etc… ?

    Maybe you guys should verify this stuff.

  5. Michael Berg says:

    If you end up with ldap_bind: Invalid credentials (49) play with the formatting of your .ldif files I’m using a windows admin tool called LDAP Admin and I noticed that olcRootPW was under olcDatabase={0}config and when I created it under {2}hdb the auth issues went away, its late and I’ve been fighting this all day, else I would validate what I got wrong in the .ldif I loaded before baseldapdomain.ldif.

  6. Michael Berg says:

    I reformatted it like this and it was happy

    dn: olcDatabase={1}monitor,cn=config
    changetype: modify
    replace: olcAccess
    olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=4uii,dc=com" read by * none

    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    replace: olcSuffix
    olcSuffix: dc=4uii,dc=com

    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    replace: olcRootDN
    olcRootDN: cn=Manager,dc=4uii,dc=com

    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    add: olcRootPW

    dn: olcDatabase={2}hdb,cn=config
    changetype: modify
    add: olcAccess
    olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=Manager,dc=4uii,dc=com" write by anonymous auth by self write by * none
    olcAccess: {1}to dn.base="" by * read
    olcAccess: {2}to * by dn="cn=Manager,dc=4uii,dc=com" write by * read

    • Michael Berg says:

      Well that didn’t post as I thought I should. I using vi I hit tab in front of all the lines except the ones starting with dn and changetype.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.