User Tools

Site Tools


ldap

LDAP Authentication

Using LDAP for authentication against the CGIAR Active Directory for SSH, local and GUI logins to a Linux computer.

Overview

  • Requirements:

Properly configured user accounts in the active directory (UserPrincipalName property in the form username@cgiarad.org)

  • Implementation

Authentication on a Linux PC’s is managed by PAM modules (Pluggable Authentication Modules). A special PAM module should be used, configured to test username an password credentials against an Active Directory domain controller. An PAM module of that sort has been implemented by CIP for authenticating users to the HPC.

Compiling the sources of the custom LDAP module:

gcc -fPIC -c pam_cgiar_ldap.c

Linking the sources

ld -x –shared -o pam_cgiar_ldap.so pam_cgiar_ldap.o –lldap

The library pam_cgiar_ldap.so must be copied where the other PAM modules are saved, that is:

/lib/security

on the HPC

/lib64/security

PAM configuration files for each PAM enabled application we want to work with should be configured.

Remember than when using the pam_cgiar_ldap.so module in the PAM file it cannot be on top of the auth stack.

For example to use LDAP authentication for SSH logins we shall include into the file /etc/pam.d/sshd a call to our custom PAM module.

See document: CGIAR-HPC-COP.doc

ldap.txt · Last modified: 2010/05/22 17:19 (external edit)