This section provides a brief overview of how to configure a Red Hat Linux
system to authenticate using OpenLDAP. Unless you are an OpenLDAP
expert, you will probably need more documentation than is provided here.
Please refer to the references provided in Section 13.9 Additional Resources for more information.
13.7.1. PAM and LDAP
To have standard PAM-enabled applications use LDAP for authentication,
run the Authentication Configuration Tool
(authconfig-gtk) and select Enable LDAP
Support under the the Authentication
tab. For more on configuring PAM consult, Chapter 14 Pluggable Authentication Modules (PAM) and
the PAM man pages.
13.7.2. Migrating Old Authentication Information to LDAP
The /usr/share/openldap/migration/ directory
contains a set of shell and Perl scripts for migrating
authentication information into LDAP format.
First, modify the migrate_common.ph file so that
it reflects your domain. The default DNS domain should be changed from
its default value to something like:
$DEFAULT_MAIL_DOMAIN = "your_company";
The default base should also be changed, to something like:
$DEFAULT_BASE = "dc=your_company,dc=com";
The job of migrating a user database into a format that is LDAP
readable falls to a group of migration scripts installed in the same
directory. Using Table 13-1, decide which
script to run in order to migrate your user database.
|Existing name service||Is LDAP running?||Script to Use|
|/etc flat files||yes||migrate_all_online.sh|
|/etc flat files||no||migrate_all_offline.sh|
Table 13-1. LDAP Migration Scripts
Run the appropriate script based on your existing name service.
You must have Perl installed on your system to use some of these
The README and the
migration-tools.txt files in the
/usr/share/openldap/migration/ directory provide
more details on how to migrate the information.