Difference between revisions of "LDAP Client"

From Maze's wiki
Jump to: navigation, search
Line 49: Line 49:
 
session        optional        pam_ldap.so
 
session        optional        pam_ldap.so
 
</pre>
 
</pre>
 +
=Reboot=
 +
Reboot the system in order to activate the new PAM configuration.

Revision as of 08:14, 10 May 2010

apt-get install libnss-ldap
  • LDAP server Uniform Resource Identifier: <ldap://ipaddress>
  • Distinguished name of the search base: <dc=example,dc=com>
  • LDAP version to use: <3>
  • LDAP account for root: <cn=admin,dc=example,dc=com>
  • Make local root Database admin. <Yes>
  • Does the LDAP database require login? <No>
  • LDAP account for root: <cn=admin,dc=example,dc=com>

Change these lines in /etc/nsswitch.conf 

passwd:         compat ldap
group:          compat ldap

PAM >= 1.0.1-6

Use 

pam-auth-update
  • enable LDAP

PAM <= 1.0.1-6

Replace /etc/pam.d/common-account with: 

account         sufficient      pam_unix.so 
account         sufficient      pam_ldap.so 
account         required        pam_deny.so

Replace /etc/pam.d/common-auth with: 

auth    required        pam_env.so 
auth    sufficient      pam_unix.so likeauth nullok 
auth    sufficient      pam_ldap.so use_first_pass 
auth    required        pam_deny.so

Replace /etc/pam.d/common-password with: 

password        sufficient      pam_unix.so nullok md5 shadow use_authtok 
password        sufficient      pam_ldap.so use_first_pass 
password        required        pam_deny.so

Replace /etc/pam.d/common-session with: 

session         required        pam_limits.so
session         required        pam_mkhomedir.so skel=/etc/skel/ umask=0077
session         required        pam_unix.so
session         optional        pam_ldap.so

Reboot

Reboot the system in order to activate the new PAM configuration.

Retrieved from "https://www.zeedijk.net/wiki/index.php?title=LDAP_Client&oldid=67"