|
LDAP linux client with OpenLDAP server |
|
|
|
|
Written by Paul Matthews
|
|
OpenLDAP
is a user information server, Windows Active Directory is based on this
protocol. Setting up when OpenLDAP correctly it can be used as a
central authentication based of a network. meaning that your users can
sign into any machine on the network with the same username/password.
Name: OpenLDAP
HomePage: http://lam.sourceforge.net/
Function: OpenLDAP is an open source implementation of the Lightweight Directory Access Protocol
Video How-To
Writtern How-to
1. Edit the ldap.conf file
nano /etc/ldap.conf ldap.conf:
host senior-server.example.com
# The distinguished name of the search base.
base DC=senior-server,DC=example,DC=com
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=Administrator,cn=Users,DC=senior-server,DC=example,DC=com
# The credentials to bind with.
# Optional: default is no credential.
bindpw yourpassword
# The port.
port 389
|
2. Edit the pam module you want to, in this case we will edit the /etc/pam.d/sshd
nano /etc/pam.d/sshd
sshd:
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session optional /lib/security/$ISA/pam_ldap.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
|
3. Now change the nsswitch.conf
nano /etc/nsswitch.conf
from
nsswitch.conf:
passwd: files
shadow: files
group: files
|
to
nsswitch.conf:
passwd: files ldap
shadow: files ldap
group: files ldap
|
BookMarking:
cell1
|
|
cell3 |
|
cell4
|
|
Trouble Shooting:
Go to the wiki page
Go to the 'Contact Us ' Forum
Go to the how-to's Support Forum
External Links:
http://www.yolinux.com/TUTORIALS/LDAP_Authentication.html http://docs.linux.com/article.pl?sid=04/03/23/1747214&tid=29&tid=14&tid=94 |
|
Last Updated ( Sunday, 03 June 2007 )
|
