Skip to main content

linux (redhat) local authentication repository redirect to LDAP authentication [Resolved]

I have an application running on a linux server that can only authenticate using the local repository. However, I have LDAP configured on the machine and want to authenticate users using LDAP. Is there a redirection I can do to have the application think it is authenticating with local users but have the end authentication be LDAP.

Application (local authentication) ---> maybe access.conf or something ---> LDAP server

I would add my users to access.conf or some other file manually. Not sure if that is the appropriate file to use for this method.

So real example:

User goes to web based application (www.application.com) and types in LDAP username and password. Application reads some local file and sees the username as a local authentication. The local file says to go to the LDAP server to authenticate.

The LDAP users would all be mapped to the application server. So if I type 'id username', the LDAP information would display (the mapped user drives and such).

So far, I have the LDAP users mapped and if I try to add that user to the application, it says it doesn't exist. If I try to create a local user with the same name, it says it already exist.

'id ldapuser' prints all the ldap information

'application adduser command ldapuser' user does not exist

'useradd ldapuser' user already exist


Question Credit: kdoggett
Question Reference
Asked October 15, 2017
Posted Under: Unix Linux
29 views
1 Answers

Red Hat has a pretty comprehensive tool called SSSD. It can manage backend authentication on RHEL and, if configured properly would allow you to authenticate users on Linux with a Microsoft Windows domain.

It may involve quite a few components to configure (like nsswitch and PAM), so I suggest you look into documentation like this from Red Hat.

You don't need SSSD for it, but it is the "Red Hat way" and that made a few things simpler when I tested it.


credit: Zip
Answered October 15, 2017
 
Makes sense. I will study the docs in more detail. – kdoggett 5 hours ago
 CanDoerz  1 month ago
 
That would be tough, as for example integrating linux with LDAP from 389ds as a server solution differs from LDAP on a Windows Active Directory. You didn't give any information on that and there are actually quite a few guides for each server type around the internet. None of those worked for you? – Zip 18 hours ago
 CanDoerz  1 month ago
 
I have read documents regarding SSSD involving nsswitch and PAM before asking the question. I ask because I wanted to see if someone responded with something like, 'we added this line to nsswitch, used PAM module X, and had to configure Y using SSSD'. – kdoggett 18 hours ago
 CanDoerz  1 month ago
Your Answer