Difference between revisions of "LDAP"

From Stadm
Jump to navigationJump to search
Line 56: Line 56:
 
  debug_level = 8
 
  debug_level = 8
 
*test an ldap user using id command to verify working
 
*test an ldap user using id command to verify working
 +
==ldap commands==
 +
*useful:
 +
*delete by dn, enter every dn you want to delete
 +
ldapdelete -v -c -D "cn=Manager,dc=domain,dc=name,dc=edu" -W

Revision as of 14:29, 17 October 2013

OpenLDAP

Server

cd /etc/opendlap
  • configuration ldap.conf
URI     ldap://servername.domainl.name.edu/
BASE    dc=domain,dc=name,dc=edu
TLS_CACERTDIR   /etc/openldap/certs
TLS_REQCERT     allow
  • CA certs generated and stored in certs folder
vim slapd.conf
  • make sure samba schema is included
include /etc/openldap/schema/samba.schema
  • in slapd.conf, proper access settings!!!!!
  • must copy over schema and configure properly in cn=config
vim /etc/openldap/slapd.d/cn=config/olcDatabase\=\{2\}bdb.ldif
  • change olcSuffix, olcRootDN, olcRootPW
  • add samba schema ldif to appropitae location
cd /etc/openldap/slapd.d/cn=config/cn=schema
  • samba.schema ldif should be named cn={##}samba.ldif //## is line number in ldap.conf

Client

vim /etc/ldap.conf 

TLS_REQCERT allow
TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://servername.domain.name.edu
BASE dc=domain,dc=name,dc=edu

vim pam_ldap.conf 

tls_checkpeer yes
tls_cacertdir /etc/openldap/cacerts
uri ldap://servename.domain.name.edu
base dc=domain,dc=name,dc=edu
host 128.***.***.***
ssl start_tls
pam_password exop
nss_base_passwd ou=People,dc=domain,dc=name,dc=edu
nss_base_shadow ou=People,dc=domain,dc=name,dc=edu
nss_base_group  ou=Groups,dc=domain,dc=name,dc=edu
  • vim /etc/smbldap-tools/smbldap.conf
  • vim /etc/smbldap-tools/smbldap_bind.conf
  • yum install sssd

authconfig --enablesssd --enablesssdauth --enablecachecreds --enableldap --enableldaptls --enableldapauth --ldapserver=ldap://servername.domain.name.edu --ldapbasedn=dc=domain,dc=name,dc=edu --disablenis --disablekrb5 --enableshadow --enablemkhomedir --enablelocauthorize --passalgo=sha512 --updateall

  • add the following to sssd.conf in /etc/sssd/
ldap_tls_reqcert = allow
ldap_schema = rfc2307bis
ldap_user_fullname = displayName
ldap_user_search_base = ou=People,dc=domain,dc=name,dc=edu
ldap_group_search_base = ou=Group,dc=domain,dc=name,dc=edu
ldap_group_member = member
ldap_group_nesting_level = 4
ldap_default_bind_dn = cn=Manager,dc=domain,dc=name,dc=edu
ldap_default_authtok_type = password
ldap_default_authtok = secret
debug_level = 8
  • test an ldap user using id command to verify working

ldap commands

  • useful:
  • delete by dn, enter every dn you want to delete
ldapdelete -v -c -D "cn=Manager,dc=domain,dc=name,dc=edu" -W
Retrieved from "http://wiki-stadm.eri.ucsb.edu/index.php?title=LDAP&oldid=2267"