Ubuntu HPC LDAP client setup on all compute nodes

From Notes_Wiki

Home > Ubuntu > Ubuntu HPC setup with slurm and linux containers > Ubuntu HPC LDAP client setup on all compute nodes

LDAP Client Setup on Ubuntu 22.04

Note: This configuration must be performed on the following nodes: slurm-master (LXC), slurm-login (LXC), infra node, and both compute nodes.

This section explains how to configure a system as an LDAP client to authenticate users from an external LDAP server (e.g., for Slurm clusters).

1. Install Required Packages

 
sudo apt install sssd-ldap ldap-utils

2. Configure SSSD

Create the SSSD config file: 

sudo nano /etc/sssd/sssd.conf

Paste the following content (adjust domain and URI as per your environment): 

 
[sssd] 
config_file_version = 2 
domains = slurm-ldapsrv.local 

[domain/example.com]
id_provider = ldap 
auth_provider = ldap 
ldap_uri = ldaps://ldap.local 
cache_credentials = True 
ldap_search_base = dc=slurm-ldapsrv,dc=local 
enumerate = true

Set proper permissions and ownership: 

 
sudo chmod 600 /etc/sssd/sssd.conf 
sudo chown root:root /etc/sssd/sssd.conf

3. Start SSSD Service

 
sudo systemctl start sssd.service

4. Enable Home Directory Auto-Creation (Optional)

 
sudo pam-auth-update --enable mkhomedir

5. Copy CA Certificate from LDAP Server

Copy CA certificate from the LDAP server to the local machine: 

 
scp root@192.168.2.10:/etc/ssl/certs/mycacert.pem /usr/local/share/ca-certificates/mycacert.crt

Or (if already available locally): 

 
sudo cp /etc/ssl/certs/mycacert.pem /usr/local/share/ca-certificates/mycacert.crt

Update the certificate store: 

 
sudo update-ca-certificates

6. Restart SSSD Service

 
sudo systemctl restart sssd

7. Verify LDAP Bind (Optional)

 
ldapwhoami -x -ZZ -H ldap://slurm-ldapsrv.local

Expected output: 

anonymous
Additionally, try running getent passwd on all the above nodes where LDAP client configuration was performed (slurm-master, slurm-login, infra, and compute nodes). This lists all LDAP as well as local users and helps verify that LDAP user synchronization is working successfully.

Home > Ubuntu > Ubuntu HPC setup with slurm and linux containers > Ubuntu HPC LDAP client setup on all compute nodes

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Ubuntu_HPC_LDAP_client_setup_on_all_compute_nodes&oldid=8802"