To use your existing Lightweight Directory Access Protocol (LDAP) directory with AE Services, you need to configure your LDAP implementation for compatibility with AE Services User Management. After installing AE Services server, if you face any discrepancy with LDAP, configure the LDAP server.
Before you begin
Ensure that you have installed AE Services server software.
Note:
AE Services server software installs the cs-cusldap and cs-userservice packages. To verify whether the packages are installed, run rpm -q ‘cs-userservice|cs-cusldap’ command.
Back up the files on your system.
Ensure that your LDAP implementation is an OPEN LDAP of version 2.1.22-28.
If your security policy doesn't allow multiple users with ID equals to zero, modify the user ID for sroot to an unused ID using the command usermod -u new_UID sroot.
Procedure
Restore /etc/ldap.conf file from the backup.
Merge /etc/sssd/sssd.conf file with your modified sssd.conf file.
Restart sssd service using the command service sssd restart.
Restart sshd service using the command service sshd restart.
Add admin user to the following groups: securityadmin, usrsvc_admin and susers.
Run the following command to access sudo commands and web interface for an LDAP user:
usermod -a -G securityadmin,usrsvc_admin,susers admin_username
If required, add root shell permission for cust and sroot user types to /etc/sudoers.
