EX200 Exam QuestionsBrowse all questions from this exam
Go to Exam

EX200 Exam - Question 102

SIMULATION -

The system ldap.example.com provides an LDAP authentication service.

Your system should bind to this service as follows:

The base DN for the authentication service is dc=domain11, dc=example, dc=com LDAP is used to provide both account information and authentication information. The connection should be encrypted using the certificate at http://host.domain11.example.com/pub/domain11.crt

When properly configured, ldapuserX should be able to log into your system, but will not have a home directory until you have completed the autofs requirement.

Username: ldapuser11 -

Password: password -

Show Answer
Correct Answer:

To set up LDAP authentication with the given parameters, you need to configure your system to connect to the LDAP server and ensure the connection is secure using the provided certificate. Follow these steps to correctly configure your system for LDAP authentication and allow ldapuser11 to log in without a home directory until autofs is configured, just as described in the question statement. Start by installing necessary packages, creating appropriate configuration files, and ensuring the correct parameters are used in those files. Here’s the process in detail, assuming the use of SSSD and that you have administrative privileges on the system: 1. Install necessary packages: ```bash # yum install sssd authconfig ``` 2. Configure LDAP authentication using `authconfig` or manually adjust the configuration files. 3. Update `/etc/sssd/sssd.conf` configuration file to include the LDAP settings: ```ini [sssd] services = nss,pam config_file_version = 2 domains = default [domain/default] id_provider = ldap auth_provider = ldap ldap_uri = ldaps://ldap.example.com ldap_search_base = dc=domain11,dc=example,dc=com ldap_tls_reqcert = never ldap_tls_cacert = /etc/openldap/certs/domain11.crt ``` Make sure the sssd.conf file has the correct permissions: ```bash # chmod 600 /etc/sssd/sssd.conf ``` 4. Download and install the certificate: ```bash # wget -O /etc/openldap/certs/domain11.crt http://host.domain11.example.com/pub/domain11.crt ``` 5. Enable and start the SSSD service: ```bash # systemctl enable sssd # systemctl start sssd ``` 6. To allow ldapuser11 to log in, ensure LDAP users are recognized by running: ```bash # getent passwd ldapuser11 ``` The autofs configuration for home directories would follow these steps, but this won't impact the ability of ldapuser11 to log in. The correct authentication details and certificate application should suffice for initial login access as described. By following these steps, ldapuser11 will be able to log into the system with the provided credentials before setting up autofs for home directories.

Discussion

1 comment
Sign in to comment
sugisho
Jul 29, 2021

is this valid in RHEL 8?

urWaifu
Jun 13, 2022

LDAP is not part of RHEL8