Difference between revisions of "Nss ldap"
(→Configuring) |
(→Configuring) |
||
Line 101: | Line 101: | ||
EOF | EOF | ||
− | {{Note|The [UNAVAIL=return] condition on the hosts line will prevent a circular condition that would loop indefinitely if the dns server is down.}} | + | {{Note|The <nowiki>[UNAVAIL=return]</nowiki> condition on the hosts line will prevent a circular condition that would loop indefinitely if the dns server is down.}} |
[[Category:Security]] | [[Category:Security]] |
Revision as of 15:15, 15 November 2008
Download Source: | http://www.padl.com/download/nss_ldap-264.tar.gz |
---|
Contents
Introduction to Nss ldap
The resolution of the entities defined in RFC 2307 is generally performed by a set of UNIX C library calls (such as getpwnam() to return the attributes of a user). The nss_ldap module provides the means for Solaris and Linux workstations to this information (such as users, hosts, and groups) from LDAP directories.
Project Homepage: http://www.padl.com/OSS/nss_ldap.html
Dependencies
Required
Optional
Non-Multilib
Compile the package:
./configure --prefix=/usr --exec-prefix= \ --sysconfdir=/etc --mandir=/usr/share/man \ --enable-configurable-krb5-ccname-env \ --enable-configurable-krb5-ccname-gssapi \ --enable-configurable-krb5-keytab && make
Install the package:
make install
Multilib
32Bit
todo
N32
todo
64Bit
todo
Configuring
When the package was installed the Makefile would have created a example ldap.conf in /etc. This configuration serves as more then a configuration for just nss_ldap. It also configures pam_ldap and Sudo among other packages.
Create a basic configuration for nss_ldap:
cat >/etc/ldap.conf << "EOF" # Begin /etc/ldap.conf uri ldap://<fqdn of ldap server>/ base <BASE DN> ldap_version 3 bind_policy soft bind_timelimit 30 timelimit 30 # NSS Section nss_base_passwd ou=People,<BASE DN> nss_base_group ou=Groups,<BASE DN> nss_base_shadow ou=People,<BASE DN> nss_base_hosts ou=Hosts,<BASE DN> nss_base_networks ou=Networks,<BASE DN> nss_base_protocols ou=Protocals,<BASE DN> nss_base_services ou=Services,<BASE DN> nss_base_rpc ou=Rpc,<BASE DN> nss_reconnect_tries 3 # End /etc/ldap.conf EOF
Create a new nsswitch.conf that knows to look at nss_ldap for information:
cat > /etc/nsswitch.conf # Begin /etc/nsswitch.conf passwd: files ldap group: files ldap shadow: files ldap hosts: files dns [UNAVAIL=return] ldap networks: files ldap protocols: files ldap services: files ldap ethers: files rpc: files ldap # End /etc/nsswitch.conf EOF