How to setup OpenSUSE LDAP/TLS client for authentication ?

English Network/Internet
1

Hi,

In our local school, I have twenty desktop clients running OpenSUSE Leap 15.1 KDE. Authentication is managed centrally on a CentOS 7 server running a bone-headed NIS/NFS, which is not ideal in terms of security.

I’ve spent the last week experimenting with 389 Directory Server, which is essentially an LDAP server that JustWorks™. TLS is also setup.

Now I’d like to configure my OpenSUSE clients so they authenticate against this server. I spent many hours experimenting more or less haphazardly with YaST, I had some scarce successes and many failures.

Are some folks here actually using LDAP/TLS for user authentication? I’d be glad to have some pointers to reliable documentation on the subject.

2

The documentation for setting up openSUSE LDAP Clients is here: <https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.ldap.html#sec.security.ldap.yast.client&gt;.
But, you may well need the related Client Authentication setup information here: <https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.auth.html#sec.security.auth.yast.client&gt;.

Generic openSUSE LDAP documentation is here: <https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.ldap.html&gt;.

To supplement your Directory Server documentation, you may care to peruse the openSUSE documentation related to Kerberos: <https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.kerberos.html&gt;.

3

Thanks. I managed to wrap my head around this, experimented quite a lot, and now it works like a charm.

Wrote a little blog article about it.

https://www.microlinux.fr/opensuse-leap-15-1-389-ds/

4

Very nice!
Your walk through the steps to set up your openSUSE 15.1 machines as LDAP clients is clear and easy to understand…

I’m also quite impressed with how Google Translate converted your French language article, it looks flawless to me.
This has always been a concern in the past, that Google Translate should not be trusted for technical works.

TSU