Difference between revisions of "LDAP"
From Stadm
Jump to navigationJump to search (→Server) |
|||
| Line 17: | Line 17: | ||
cd /etc/openldap/slapd.d/cn=config/cn=schema | cd /etc/openldap/slapd.d/cn=config/cn=schema | ||
*samba.schema ldif should be named cn={##}samba.ldif //## is line number in ldap.conf | *samba.schema ldif should be named cn={##}samba.ldif //## is line number in ldap.conf | ||
| + | |||
| + | ===Client=== | ||
| + | vim /etc/ldap.conf | ||
| + | TLS_REQCERT allow | ||
| + | TLS_CACERTDIR /etc/openldap/cacerts | ||
| + | URI ldap://servername.domain.name.edu | ||
| + | BASE dc=domain,dc=name,dc=edu | ||
| + | |||
| + | vim pam_ldap.conf | ||
| + | tls_checkpeer yes | ||
| + | tls_cacertdir /etc/openldap/cacerts | ||
| + | uri ldap://servename.domain.name.edu | ||
| + | base dc=domain,dc=name,dc=edu | ||
| + | host 128.***.***.*** | ||
| + | ssl start_tls | ||
| + | |||
| + | pam_password exop | ||
| + | |||
| + | nss_base_passwd ou=People,dc=domain,dc=name,dc=edu | ||
| + | nss_base_shadow ou=People,dc=domain,dc=name,dc=edu | ||
| + | nss_base_group ou=Groups,dc=domain,dc=name,dc=edu | ||
Revision as of 11:47, 17 October 2013
OpenLDAP
Server
cd /etc/opendlap
- configuration ldap.conf
URI ldap://servername.domainl.name.edu/ BASE dc=domain,dc=name,dc=edu TLS_CACERTDIR /etc/openldap/certs TLS_REQCERT allow
- CA certs generated and stored in certs folder
vim slapd.conf
- make sure samba schema is included
include /etc/openldap/schema/samba.schema
- must copy over schema and configure properly in cn=config
vim /etc/openldap/slapd.d/cn=config/olcDatabase\=\{2\}bdb.ldif
- change olcSuffix, olcRootDN, olcRootPW
- add samba schema ldif to appropitae location
cd /etc/openldap/slapd.d/cn=config/cn=schema
- samba.schema ldif should be named cn={##}samba.ldif //## is line number in ldap.conf
Client
vim /etc/ldap.conf
TLS_REQCERT allow TLS_CACERTDIR /etc/openldap/cacerts URI ldap://servername.domain.name.edu BASE dc=domain,dc=name,dc=edu
vim pam_ldap.conf
tls_checkpeer yes tls_cacertdir /etc/openldap/cacerts uri ldap://servename.domain.name.edu base dc=domain,dc=name,dc=edu host 128.***.***.*** ssl start_tls
pam_password exop
nss_base_passwd ou=People,dc=domain,dc=name,dc=edu nss_base_shadow ou=People,dc=domain,dc=name,dc=edu nss_base_group ou=Groups,dc=domain,dc=name,dc=edu
