Formatting code for SecurityLDAP
{{parent page="Security"}}
===[[SecurityLDAPLinux Using LDAP for authentication on Linux]]===
-----
===LDAP and PAM on Fedora===
This is work in progress..
Reference:
- http://directory.fedoraproject.org/wiki/Howto:PAM
- http://www.howtoforge.com/openldap_fedora7
- http://www.howtoforge.com/linux_openldap_setup_server_client
Install the necessary packages
%%
yum -y install openldap openldap-clients openldap-devel openldap-servers adminutil migrationtools luma
%%
Create the ldap directory
%%
mkdir /var/lib/ldap/comme.ca
chown ldap:ldap /var/lib/ldap/comme.ca
%%
edit /etc/openldap/ldap.conf
%%
HOST ism.comme.ca
BASE dc=ism,dc=comme,dc=ca
%%
generate ldap root password
%%
slappasswd
%%
edit /etc/openldap/slapd.conf
%%
database bdb
suffix "dc=ism,dc=comme,dc=ca"
rootdn "uid=root,dc=ism,dc=comme,dc=ca"
rootpw <paste the root password generated previously>
%%
add root account to LDAP
create a file comme.ldif
%%
dn: dc=ism,dc=comme,dc=ca
objectclass: dcobject
objectClass: organization
o: comme ca ism
dc: ism
%%
Then run this
%%
/usr/bin/ldapadd -x -D 'uid=root,dc=ism,dc=comme,dc=ca' -W -f comme.ldif
service ldap restart
%%
==Configure nss==
check existing pam config
%%
authconfig --test
%%
Add ldap support to nss
%%
authconfig --enableldap --enableldapauth --disablenis --enablecache \
--ldapserver=ism.comme.ca --ldapbasedn=dc=comme,dc=ca --updateall
%%
Disable ldap from nss
%%
authconfig --disableldap --updateall
%%
===[[SecurityLDAPLinux Using LDAP for authentication on Linux]]===
-----
===LDAP and PAM on Fedora===
This is work in progress..
Reference:
- http://directory.fedoraproject.org/wiki/Howto:PAM
- http://www.howtoforge.com/openldap_fedora7
- http://www.howtoforge.com/linux_openldap_setup_server_client
Install the necessary packages
%%
yum -y install openldap openldap-clients openldap-devel openldap-servers adminutil migrationtools luma
%%
Create the ldap directory
%%
mkdir /var/lib/ldap/comme.ca
chown ldap:ldap /var/lib/ldap/comme.ca
%%
edit /etc/openldap/ldap.conf
%%
HOST ism.comme.ca
BASE dc=ism,dc=comme,dc=ca
%%
generate ldap root password
%%
slappasswd
%%
edit /etc/openldap/slapd.conf
%%
database bdb
suffix "dc=ism,dc=comme,dc=ca"
rootdn "uid=root,dc=ism,dc=comme,dc=ca"
rootpw <paste the root password generated previously>
%%
add root account to LDAP
create a file comme.ldif
%%
dn: dc=ism,dc=comme,dc=ca
objectclass: dcobject
objectClass: organization
o: comme ca ism
dc: ism
%%
Then run this
%%
/usr/bin/ldapadd -x -D 'uid=root,dc=ism,dc=comme,dc=ca' -W -f comme.ldif
service ldap restart
%%
==Configure nss==
check existing pam config
%%
authconfig --test
%%
Add ldap support to nss
%%
authconfig --enableldap --enableldapauth --disablenis --enablecache \
--ldapserver=ism.comme.ca --ldapbasedn=dc=comme,dc=ca --updateall
%%
Disable ldap from nss
%%
authconfig --disableldap --updateall
%%
