[CentOS] CentOS7: Setting up ldap over TLS in kickstart file
Patrick Begou
Patrick.Begou at legi.grenoble-inp.fr
Fri Jun 15 13:12:24 UTC 2018
Thanks Paul and Gordon for your reply.
I'm not sure, but I think the problem is setting up ldap+TLS while the
certificates are not uploaded on the server. So I decide to setup LDAP in a
"post" section only, adding the "--enablesssd --enablesssdauth" options
suggested by Gordon too.
in the kickstart file:
*auth --useshadow --passalgo=sha512
*
in a post section:
# LDAP setup
*authconfig --enableldap --enableldapauth --enablesssd --enablesssdauth
--ldapserver="ldaps://my.ldap.server" --ldapbasedn=dc=my,dc=local,dc=dn --update**
*# Certificat Upload
*cd /etc/openldap/cacerts/ && wget
http://xxx.xxx.xxx.xxx/Softwares7/LDAPCERTS/ca-bundle.crt**
*# server public key upload
*cd /etc/openldap/cacerts/ && wget
http://xxx.xxx.xxx.xxx/Softwares7/LDAPCERTS/server.crt**
*cd /
# TLS setup
*authconfig --enableldaptls --update**
*
And this works fine. Certificat bundle seams to be accepted (I've also tryed to
split the file, no change) and the last command builds the hashes of the
certificates too.
My last problem is that
firstboot --disabled
don't seams to work in my config but...
Thanks for your helpfull suggestions about sssd and certificates.
Patrick
--
===================================================================
| Equipe M.O.S.T. | |
| Patrick BEGOU | mailto:Patrick.Begou at grenoble-inp.fr |
| LEGI | |
| BP 53 X | Tel 04 76 82 51 35 |
| 38041 GRENOBLE CEDEX | Fax 04 76 82 52 71 |
===================================================================
More information about the CentOS
mailing list