Difference between revisions of "Nss ldap"
(→Configuring) |
|||
| Line 80: | Line 80: | ||
# End /etc/ldap.conf | # End /etc/ldap.conf | ||
EOF | EOF | ||
| + | |||
| + | Create a new nsswitch.conf that knows to look at nss_ldap for information: | ||
| + | |||
| + | cat > /etc/nsswitch.conf | ||
| + | # Begin /etc/nsswitch.conf | ||
| + | |||
| + | passwd: files ldap | ||
| + | group: files ldap | ||
| + | shadow: files ldap | ||
| + | |||
| + | hosts: files dns [UNAVAIL=return] ldap | ||
| + | networks: files ldap | ||
| + | |||
| + | protocols: files ldap | ||
| + | services: files ldap | ||
| + | ethers: files | ||
| + | rpc: files ldap | ||
| + | |||
| + | # End /etc/nsswitch.conf | ||
| + | EOF | ||
| + | |||
| + | {{Note|The [UNAVAIL=return] condition on the hosts line will prevent a circular condition that would loop indefinitely if the dns server is down.}} | ||
[[Category:Security]] | [[Category:Security]] | ||
Revision as of 15:15, 15 November 2008
| Download Source: | http://www.padl.com/download/nss_ldap-264.tar.gz |
|---|
Contents
Introduction to Nss ldap
The resolution of the entities defined in RFC 2307 is generally performed by a set of UNIX C library calls (such as getpwnam() to return the attributes of a user). The nss_ldap module provides the means for Solaris and Linux workstations to this information (such as users, hosts, and groups) from LDAP directories.
Project Homepage: http://www.padl.com/OSS/nss_ldap.html
Dependencies
Required
Optional
Non-Multilib
Compile the package:
./configure --prefix=/usr --exec-prefix= \
--sysconfdir=/etc --mandir=/usr/share/man \
--enable-configurable-krb5-ccname-env \
--enable-configurable-krb5-ccname-gssapi \
--enable-configurable-krb5-keytab &&
make
Install the package:
make install
Multilib
32Bit
todo
N32
todo
64Bit
todo
Configuring
When the package was installed the Makefile would have created a example ldap.conf in /etc. This configuration serves as more then a configuration for just nss_ldap. It also configures pam_ldap and Sudo among other packages.
Create a basic configuration for nss_ldap:
cat >/etc/ldap.conf << "EOF" # Begin /etc/ldap.conf uri ldap://<fqdn of ldap server>/ base <BASE DN> ldap_version 3 bind_policy soft bind_timelimit 30 timelimit 30 # NSS Section nss_base_passwd ou=People,<BASE DN> nss_base_group ou=Groups,<BASE DN> nss_base_shadow ou=People,<BASE DN> nss_base_hosts ou=Hosts,<BASE DN> nss_base_networks ou=Networks,<BASE DN> nss_base_protocols ou=Protocals,<BASE DN> nss_base_services ou=Services,<BASE DN> nss_base_rpc ou=Rpc,<BASE DN> nss_reconnect_tries 3 # End /etc/ldap.conf EOF
Create a new nsswitch.conf that knows to look at nss_ldap for information:
cat > /etc/nsswitch.conf # Begin /etc/nsswitch.conf passwd: files ldap group: files ldap shadow: files ldap hosts: files dns [UNAVAIL=return] ldap networks: files ldap protocols: files ldap services: files ldap ethers: files rpc: files ldap # End /etc/nsswitch.conf EOF
