rweaver |
01-21-2009 04:54 PM |
Quote:
Originally Posted by brandon@rhiamet.com
(Post 3416469)
I've been reading everything...<SNIP>...Thanks for any help. Brandon
|
This isn't a direct help since it's debian and not fedora, but I do know all the steps are included and that was the problem I ran into when I was attempting to implement this. YMMV but this DOES include everything necessary to get ldap pam and libnss stuff to work if you have the right packages installed.
Code:
Replace /etc/ldap/slapd.conf with the following:
—
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb
sizelimit 500
tool-threads 1
backend bdb
checkpoint 512 30
database bdb
suffix “dc=fakedom,dc=dom”
rootdn “cn=admin,dc=fakedom,dc=dom”
rootpw (run slappasswd and paste output here)
directory “/var/lib/ldap”
lastmod on
access to attrs=userPassword,shadowLastChange
by dn=”cn=admin,dc=fakedom,dc=dom” write
by anonymous auth
by self write
by * none
access to *
by dn=”cn=admin,dc=fakedom,dc=dom” write
by * read
—
Replace /etc/nsswitch.conf with the following:
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference’ and `info’ packages installed, try:
# `info libc “Name Service Switch”‘ for information about this file.
passwd: compat ldap
group: compat
shadow: compat ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
—
Replace /etc/libnss-ldap.conf with the following:
—
base dc=fakedom,dc=dom
uri ldap://127.0.0.1
ldap_version 3
rootbinddn cn=admin,dc=fakedom,dc=dom
—
Replace /etc/pam_ldap.conf with the following:
—
host 127.0.0.1
base dc=fakedom,dc=dom
uri ldap://127.0.0.1
ldap_version 3
rootbinddn cn=admin,dc=fakedom,dc=dom
pam_password exop
—
Replace /etc/ldap/ldap.conf with the following:
—
BASE dc=fakedome, dc=dom
URI ldap://127.0.0.1
—
Create a base.ldif file in /tmp to import into the directory to test against:
—
dn: dc=fakedom,dc=dom
objectClass: top
objectClass: dcObject
objectClass: organization
o: fakedom.dom
dc: fakedom
dn: cn=admin,dc=fakedom,dc=dom
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: (Paste output from slappasswd)
dn: ou=People,dc=fakedom,dc=dom
ou: People
objectClass: organizationalUnit
objectClass: top
dn: uid=testy,ou=People,dc=fakedom,dc=dom
uid: testy
cn: testy
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/testy
gecos: Testy,,,,
userPassword: (Paste output from slappasswd)
—
#/etc/init.d/slapd restart
#ldapadd -x -W -D ‘cn=admin,dc=fakedom,dc=dom’ -f /tmp/base.ldif (enter password when prompted)
# /etc/init.d/slapd restart
# getent passwd | grep testy (should return testy’s entry)
# /etc/init.d/openbsd-inetd start
# telnet localhost and use testy’s login credentials, if it works you’re set... if not reread and try again.
|