Skip navigation

Category Archives: OpenLDAP

Objectives

This screencast continues on with the ldap server we setup in the previous screencast, but this time we will configure another server (client.test.net) to authenticate its users against our LDAP. This is a concept known as centralised user authentication, where by we can store all our users and their credentials on one server. The screencast is basically a walk through of the changes that need to be made to PAM (pluggable authentication modules) which Linux uses to determine how users should be authenticated when logging in.

I have to apologise for the screw up at the end. I had changed my example users password and forgotten about it until I came to do the screencast, hopefully you’ll get the idea.

Note: If you haven’t come across PAM before it is advisable to have a quick skim though this very good introduction before trying to configure PAM.

Resources

apt-get install libpam-ldap nscd

cd /etc/
emacs nsswitch.conf
change:
  passwd: ldap compat
  group:  ldap compat
  shadow: ldap compat

cd /etc/pam.d/
edit each of the following files...
* common-auth
  (edit)   auth [success=1 default=ignore] pam_unix.so nullok_secure
  (add)    auth required pam_ldap.so use_first_pass
  (add)    auth required pam_permit.so

* common-account
  (edit) account sufficient	pam_unix.so
  (add)  account required	pam_ldap.so

* common-session
  (add) session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

* common-password
  (edit) password sufficient pam_unix.so nullok obscure md5
  (add)  password required   pam_ldap.so

invoke-rc.d nscd restart

References

 Subscribe in a reader

Overview

This screencast shows a walk through of installing openldap and phpldapadmin. After installation I go through and setup a couple of organizational units to store users and groups which I’ll use in a later screencast when I configure ubuntu to authenticate against against an LDAP server for user logins.

This screencast doesn’t really acomplish anything overly exciting but is required before heading into some of the things that LDAP can do, such as centralized user authentication or storing your puppet configured servers and their classes.

Resources

apt-get install slapd
apt-get install ldap-utils
apt-get install phpldapadmin

emacs /etc/ldap/ldap.conf
(set BASE dc=test,dc=net and URI ldap://172.16.1.1)

emacs /etc/php5/apache2/php.ini
(set memory_limit = 32M)

ldapadd -c -x -D "cn=admin,dc=test,dc=net" -W -f ./test.ldif

References

 Subscribe in a reader

%d bloggers like this: