Difference between revisions of "LDAP"
From Stadm
Jump to navigationJump to search (→Client) |
|||
| Line 32: | Line 32: | ||
host 128.***.***.*** | host 128.***.***.*** | ||
ssl start_tls | ssl start_tls | ||
| − | |||
pam_password exop | pam_password exop | ||
| − | |||
nss_base_passwd ou=People,dc=domain,dc=name,dc=edu | nss_base_passwd ou=People,dc=domain,dc=name,dc=edu | ||
nss_base_shadow ou=People,dc=domain,dc=name,dc=edu | nss_base_shadow ou=People,dc=domain,dc=name,dc=edu | ||
nss_base_group ou=Groups,dc=domain,dc=name,dc=edu | nss_base_group ou=Groups,dc=domain,dc=name,dc=edu | ||
Revision as of 11:48, 17 October 2013
OpenLDAP
Server
cd /etc/opendlap
- configuration ldap.conf
URI ldap://servername.domainl.name.edu/ BASE dc=domain,dc=name,dc=edu TLS_CACERTDIR /etc/openldap/certs TLS_REQCERT allow
- CA certs generated and stored in certs folder
vim slapd.conf
- make sure samba schema is included
include /etc/openldap/schema/samba.schema
- must copy over schema and configure properly in cn=config
vim /etc/openldap/slapd.d/cn=config/olcDatabase\=\{2\}bdb.ldif
- change olcSuffix, olcRootDN, olcRootPW
- add samba schema ldif to appropitae location
cd /etc/openldap/slapd.d/cn=config/cn=schema
- samba.schema ldif should be named cn={##}samba.ldif //## is line number in ldap.conf
Client
vim /etc/ldap.conf
TLS_REQCERT allow TLS_CACERTDIR /etc/openldap/cacerts URI ldap://servername.domain.name.edu BASE dc=domain,dc=name,dc=edu
vim pam_ldap.conf
tls_checkpeer yes tls_cacertdir /etc/openldap/cacerts uri ldap://servename.domain.name.edu base dc=domain,dc=name,dc=edu host 128.***.***.*** ssl start_tls pam_password exop nss_base_passwd ou=People,dc=domain,dc=name,dc=edu nss_base_shadow ou=People,dc=domain,dc=name,dc=edu nss_base_group ou=Groups,dc=domain,dc=name,dc=edu
