Fedora 13
Sponsored Link

Configure LDAP Client2010/05/30

  Configuration for LDAP client
[root@www ~]#
yum -y install openldap-clients nss_ldap


[root@www ~]#
vi /etc/openldap/ldap.conf


# add at the bottom

# LDAP server's URI

URI ldap://10.0.0.30
# specify domain name

BASE dc=srv,dc=world
TLS_CACERTDIR /etc/openldap/cacerts


[root@www ~]#
vi /etc/ldap.conf


# line 17: make it comment

#
host 127.0.0.1

# line 20: specify suffix

base dc=
srv
,dc=
world


# add at the bottom

uri ldap://10.0.0.30
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5


[root@www ~]#
vi /etc/pam.d/system-auth


# add like below

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth
required
pam_env.so

auth
sufficient
pam_fprintd.so

auth
sufficient
pam_unix.so nullok try_first_pass

auth
requisite
pam_succeed_if.so uid >= 500 quiet

auth
sufficient
pam_ldap.so use_first_pass

auth
required
pam_deny.so


account
required
pam_unix.so

account
sufficient
pam_localuser.so

account
sufficient
pam_succeed_if.so uid < 500 quiet

account
[default=bad success=ok user_unknown=ignore] pam_ldap.so

account
required
pam_permit.so


password
requisite
pam_cracklib.so try_first_pass retry=3 type=

password
sufficient
pam_unix.so sha512 shadow nullok try_first_pass use_authtok

password
sufficient
pam_ldap.so use_authtok

password
required
pam_deny.so


session
optional
pam_keyinit.so revoke

session
required
pam_limits.so

session
[success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session
required
pam_unix.so

session
optional
pam_ldap.so


[root@www ~]#
vi /etc/nsswitch.conf


passwd:
files
ldap
# line 33: add

shadow:
files
ldap
# add

group:
files
ldap
# add


netgroup:
nisplus
ldap
# line 57: add


automount:
files
ldap
# line 61: change


[root@www ~]#
shutdown -r now


www.srv.world login:
fedora
# user on LDAP

Password:
Last login: Sun May 30 09:23:02 on ttyS0
[fedora@www ~]$
# logined
Matched Content