{{parent page="Security"}}

===[[SecurityLDAPLinux Using LDAP for authentication on Linux]]===

-----

===LDAP and PAM on Fedora===
This is work in progress..
Reference: 
	- http://directory.fedoraproject.org/wiki/Howto:PAM 
	- http://www.howtoforge.com/openldap_fedora7
	- http://www.howtoforge.com/linux_openldap_setup_server_client

Install the necessary packages
%%
yum -y install openldap openldap-clients openldap-devel openldap-servers adminutil migrationtools luma
%%

Create the ldap directory
%%
mkdir /var/lib/ldap/comme.ca
chown ldap:ldap /var/lib/ldap/comme.ca
%%

edit /etc/openldap/ldap.conf
%%
HOST ism.comme.ca
BASE dc=ism,dc=comme,dc=ca
%%

generate ldap root password
%%
slappasswd
%%

edit /etc/openldap/slapd.conf
%%
database bdb
suffix          "dc=ism,dc=comme,dc=ca"
rootdn          "uid=root,dc=ism,dc=comme,dc=ca"
rootpw		<paste the root password generated previously>
%%

add root account to LDAP
create a file comme.ldif
%%
dn: dc=ism,dc=comme,dc=ca
objectclass: dcobject
objectClass: organization
o: comme ca ism
dc: ism
%%

Then run this
%%
/usr/bin/ldapadd -x -D 'uid=root,dc=ism,dc=comme,dc=ca' -W -f comme.ldif
service ldap restart
%%

==Configure nss==

check existing pam config
%%
authconfig --test
%%

Add ldap support to nss
%%
authconfig --enableldap --enableldapauth --disablenis --enablecache \
		  --ldapserver=ism.comme.ca --ldapbasedn=dc=comme,dc=ca --updateall
%%

Disable ldap from nss
%%
authconfig --disableldap --updateall
%%