Using LDAP for authentication on Linux
LDAP and PAM on Fedora
This is work in progress..Reference:
- http://directory.fedoraproject.org/wiki/Howto:PAM
- http://www.howtoforge.com/openldap_fedora7
- http://www.howtoforge.com/linux_openldap_setup_server_client
Install the necessary packages
yum -y install openldap openldap-clients openldap-devel openldap-servers adminutil migrationtools luma
Create the ldap directory
mkdir /var/lib/ldap/comme.ca chown ldap:ldap /var/lib/ldap/comme.ca
edit /etc/openldap/ldap.conf
HOST ism.comme.ca BASE dc=ism,dc=comme,dc=ca
generate ldap root password
slappasswd
edit /etc/openldap/slapd.conf
database bdb suffix "dc=ism,dc=comme,dc=ca" rootdn "uid=root,dc=ism,dc=comme,dc=ca" rootpw <paste the root password generated previously>
add root account to LDAP
create a file comme.ldif
dn: dc=ism,dc=comme,dc=ca objectclass: dcobject objectClass: organization o: comme ca ism dc: ism
Then run this
/usr/bin/ldapadd -x -D 'uid=root,dc=ism,dc=comme,dc=ca' -W -f comme.ldif service ldap restart
Configure nss
check existing pam config
authconfig --test
Add ldap support to nss
authconfig --enableldap --enableldapauth --disablenis --enablecache \ --ldapserver=ism.comme.ca --ldapbasedn=dc=comme,dc=ca --updateall
Disable ldap from nss
authconfig --disableldap --updateall
