Fedora Directory Server with user authentication

This Howto is prepared by Kashif Mumtaz Tahir. Kashif.mumtaz@yahoo.com.

Any suggestions or enhancement regarding this howto are highly appreciated.

The Fedora Directory Server (FDS) is an LDAP (Lightweight Directory Access Protocol) server developed
by Red Hat, as part of Red Hat's community-supported Fedora Project. Fedora Directory Server is
identical to the Red Hat Directory Server, just rebranded.

Installation:
Download the FDS from http://directory.fedoraproject.org/wiki/Download for your respective os
version.

For this howto I am using RHEL4 and Fedora Directory Server 1.0.4 version.

FDS console require the JRE. Download and install it from

http://www.java.com/en/download/manual.jsp

Then make in your path.

#cd /etc/alternatives
#rm ./java
#ln -sf /opt/java/jre1.5.0_09/bin/java java

Next, configure Apache to start on boot with the chkconfig command:

# chkconfig -level 345 httpd on

Install the FDS # rpm –ivh fedora-ds

After install run the command

/opt/fedora-ds/setup/setup to complete .

It will ask the series of question like hostname, default port, ldap user etc select appropriate option.
Normally most of the options selected by default so don’t need to change them.
During this process it will select some port randomly for console, note it or select of your own choice.

Now run the console .

# /opt/fedora-ds/startconsole -u admin -a http://alpha.example.com:portnumber
Directory Structure and Management:
Now create the user account as following.
Select Directory Server and click Open
New widow will open, click at directory tab expand example tree and click on people.
.

Creating New User:

Now right click in the right side panel and select option new -> user

And enter the information for that user.

Now select the Posix User option and enter the required information and click ok.
Client Setup:

Login at client machine and run the authentication wizard by

# system-config-authentication
Here select the Ldap tab, mention your Ldap search Base DN and Ldap Server address on user
information Tab and Authentication Tab and select OK.

Confirm the following changes have been done. in

/etc/nsswitch.conf file
passwd: files ldap
shadow: files ldap
group: files ldap

and in /etc/ldap.conf

host alpha.example.com
base dc=example,dc=com

Confirm your client is communicating with server with this command.

# ldapsearch -h alpha.example.com -x -b dc=example,dc=com

Now reboot the client machine and login with the Directory Server user ali.

Here user able to login on client machine with the warning messages that its home directory not found
on the system.

Now you have two options for the user home directory.

1- Home directories on client machine

For This case, scenario is very simple. Login at client with root user, create the home directory at the
path you have specified in the user information at server. like in above case it is /home/ldapuser/ali.

# mkdir –p /home/ldapuser/ali
# chown –R ali /home/ldapuser/ali

the user with our any error message Now login .

2- Home directories on server machine

This scenario is like windows domain, you will create home directories on server , share with NFS and
automatically mounted on client with automount while user login.

First login at Server and create the home directories of users.

Note: Here I am thankful to lambda (http://www.hungry.com/~fn/) for clarifying one issue with
ownership of user’s home directory.
This user does not exist in system files, so you can NOT set the ownership to it like
# chown ali /home/ldapuser/ali .

You can set the ownership to uid which you have specified FDS
Now share user home directory with NFS

[root@alpha ~]# vi /etc/exports

/home/ldapuser *(rw,sync)

start the nfs service

# /etc/init.d/nfs start

Check by
[root@alpha ~]# showmount -e localhost
Export list for localhost:
/home/ldapuser *

Server work is finished .Now login at client machine.

Add following entries at client machines.

# vi /etc/auto.master
/home/ldapuser /etc/auto.ldap --timeout=60

# vi /etc/auto.ldap

* -rw,soft,intr 192.168.20.105:/home/ldapuser/&

NOTE : Here & sign is very import,don’t miss it,when & sign is there then only home directory of that
use will be mount which user is being login.

Restart autofs service .

Now login at client machine and its home directory will be mounted automatically.(Inshalla)

Following link also helpful for FDS .

http://www.linuxjournal.com/article/9517

http://www.linux.com/feature/58731

http://www.opensourcehowto.org/how-to/samba/openldap-lam-samba-as-pdc.html