Mac OS X Server,  Ubuntu,  Unix

Binding Redhat to Open Directory

I’ve done a number of articles on using Linux to provide services such as OpenLDAP for Mac OS X, but never on using the LDAP implementation in Mac OS X Server to provide authentication services for Linux. Well, it isn’t that difficult to do, but it is worth pointing out how to do it. To get started, we’re going to use Red Hat. You’ll want to have a known IP address for Open Directory and if SSL is required you’ll want to install the certificate on the Red Hat box before moving forward.

There are two tools that can be used to hook Red Hat into an LDAP environment. The first is an old school blue screen that you tab through called authconfig. You can get to authconfig using the /usr/bin/authconfig file. Once you run the command you’ll be able to tab through the fields, enabling LDAP authentication and providing a server name or IP as well as the Base DN, which can be obtained in the Open Directory settings from Server Admin. Additionally, if you will be using Kerberos, the Realm can also be obtained from Server Admin.

When you’ve configured the settings, tab to Ok and press enter to enable the changes. This will update the /etc/ldap.conf file on the client and kinit if needed. Another tool, with similar functionality but a more modern looking interface is Authentication Configuration, located at /usr/bin/system-config-authentication. This works identically, although it looks a bit prettier.

Once you have saved, the ldap.conf file should reflect the changes, as with authconfig:

host 10.0.0.254
base dc=krypted,dc=com
ssl no
pam_password md5

A common case for this type of configuration would be an Xsan environment, where the Open Directory Master and Replica are also metadata controllers and where you want to have RHEL clients on the SAN, leveraging the same directory services so the UID and groups are all matched up. Additionally, the common schema files for Red Hat are mostly included with Open Directory (core, cosine, inetorgperson, nis), but for autofs, you’ll need to load that into Open Directory manually (if you use it). It can be found on any Red Hat system in /etc/openldap/schema/redhat/autofs.schema.