Difference between revisions of "Nss ldap"
(→Configuring) |
(→Configuration Files) |
||
Line 85: | Line 85: | ||
Create a new nsswitch.conf that knows to look at nss_ldap for information: | Create a new nsswitch.conf that knows to look at nss_ldap for information: | ||
− | cat > /etc/nsswitch.conf | + | cat > /etc/nsswitch.conf << "EOF" |
# Begin /etc/nsswitch.conf | # Begin /etc/nsswitch.conf | ||
Revision as of 00:50, 13 December 2008
Download Source: | http://www.padl.com/download/nss_ldap-264.tar.gz |
---|
Contents
Introduction to Nss ldap
The resolution of the entities defined in RFC 2307 is generally performed by a set of UNIX C library calls (such as getpwnam() to return the attributes of a user). The nss_ldap module provides the means for Solaris and Linux workstations to this information (such as users, hosts, and groups) from LDAP directories.
Project Homepage: http://www.padl.com/OSS/nss_ldap.html
Dependencies
Required
Optional
Non-Multilib
Compile the package:
./configure --prefix=/usr --exec-prefix= \ --sysconfdir=/etc --mandir=/usr/share/man \ --enable-configurable-krb5-ccname-env \ --enable-configurable-krb5-ccname-gssapi \ --enable-configurable-krb5-keytab && make
Install the package:
make install
Multilib
32Bit
todo
N32
todo
64Bit
todo
Configuring
Configuration Files
When the package was installed the Makefile would have created a example ldap.conf in /etc. This configuration serves as more then a configuration for just nss_ldap. It also configures pam_ldap and Sudo among other packages.
Create a basic configuration for nss_ldap:
cat >/etc/ldap.conf << "EOF" # Begin /etc/ldap.conf uri ldap://<fqdn of ldap server>/ base <BASE DN> ldap_version 3 bind_policy soft bind_timelimit 30 timelimit 30 # NSS Section nss_base_passwd ou=People,<BASE DN> nss_base_group ou=Groups,<BASE DN> nss_base_shadow ou=People,<BASE DN> nss_base_hosts ou=Hosts,<BASE DN> nss_base_networks ou=Networks,<BASE DN> nss_base_protocols ou=Protocals,<BASE DN> nss_base_services ou=Services,<BASE DN> nss_base_rpc ou=Rpc,<BASE DN> nss_reconnect_tries 3 # End /etc/ldap.conf EOF
Create a new nsswitch.conf that knows to look at nss_ldap for information:
cat > /etc/nsswitch.conf << "EOF" # Begin /etc/nsswitch.conf passwd: files ldap group: files ldap shadow: files ldap hosts: files dns [UNAVAIL=return] ldap networks: files ldap protocols: files ldap services: files ldap ethers: files rpc: files ldap # End /etc/nsswitch.conf EOF
LDAP Directory Entries
The structure of this directory just serves as an example, You're not bound to follow it to the letter. The following ldif will create some basic OUs that nss_ldap will look for in the directory:
for ou in Aliases Groups Hosts Mounts \ Netgroup Networks People Protocols \ Rpc Services; do echo echo "dn: ou=$ou,<BASE DN>" echo "objectClass: top" echo "objectClass: organizationalUnit" echo "ou: $ou" echo done > temp.ldif
Verify the ldif in a text editor then import the ldif with the following command:
ldapadd -f temp.ldif -x -D "cn=Manager,<BASE DN>" -W