Rocks Cluster 5.3 Ldap Authentication

We recently rebuilt a local cluster using Rocks and required ldap authentication to be enabled. The following is a basic outline on how to accomplish that.

On the frontend node enable LDAP authentication. If you have a specific home directory setting in your user accounts make sure that directory is linked backed to the nfs folder. In our case we use /UBC-O as the home folder. Simply replace /UBC-O with your ldap user home directory path


# ln -s /export/home /UBC-O
# authconfig --enableldap --enableldapauth --enablemkhomedir --enablelocauthorize --ldapserver=ldap.mydomain.com --ldapbasedn=o=mydomain.com --updateall

Next you may need to modify /etc/ldap.conf with additional settings such as nss_base_group or pam_filter. Edit the /etc/ldap.conf file to have the settings you desire and then reboot the frontend to test (we have not configured the compute nodes yet, this is just to test the frontend authentication).

If the test is successful we will now want to configure the compute nodes with the same settings.


# cd /export/rocks/install/site-profiles/5.3/nodes
# cp skeleton.xml extend-compute.xml

Add the following between the and tags

ln -s /home /UBC-O
authconfig --enableldap --enableldapauth --enablelocauthorize --ldapserver=ldap.mydomain.com --ldapbasedn=o=mydomain.com --updateall

Add the following lines to /var/411/Files.mk


FILES += /etc/ldap.conf
FILES += /etc/openldap/ldap.conf

Enable NFS Automounting of the home directory in the compute nodes by adding the following line to /etc/auto.home


* sarahs-cluster.local:/export/home/&

Rebuild the distro image and reinstall the compute nodes by running the following


# make -C /var/411 force
# cd /export/rocks/install
# rocks create distro
# ssh-agent $SHELL
# ssh-add
# rocks run host compute '/boot/kickstart/cluster-kickstart-pxe'

Leave a Reply