How to go about LDAP authentication setup?

Document ID : KB000029183
Last Modified Date : 14/02/2018
Show Technical Document Details

Authenticating users via ldap through PAM (Pluggable Authentication Modules).
PAM is specified in agentparm.txt where the following entries have to be coded and the agent recycled: 

  • oscomponent.auth.pam.svc : 
    specifies the service, the default being login. This entry should exist in /etc/pam.conf or /etc/pam.d/ file.
  • oscomponent.auth.pam.lib :
    specifies the full path to the PAM library file.

After the changes agentparm.txt are done and the agent recycled one can manually test the authentication:

1. First get the encrypted password for your user using the password utility in the agent directory :
password <clear_userid_password> 

2. Then use the following to check if the user can be authenticated (assuming that oscomponent.auth.pam.svc=login; change the service name accordingly if not):
chkusr user_name <encrypted_password> login

NOTE: When running a 32 bit agent the sssd 32bit client library package needs to be installed (even though 64 bits sssd libraries are already installed).