Difference between revisions of "Nss ldap"

From CBLFS
Jump to navigationJump to search
(Configuring)
(Configuring)
Line 101: Line 101:
 
  EOF
 
  EOF
  
{{Note|The [UNAVAIL=return] condition on the hosts line will prevent a circular condition that would loop indefinitely if the dns server is down.}}
+
{{Note|The <nowiki>[UNAVAIL=return]</nowiki> condition on the hosts line will prevent a circular condition that would loop indefinitely if the dns server is down.}}
 
   
 
   
 
[[Category:Security]]
 
[[Category:Security]]

Revision as of 16:15, 15 November 2008

Download Source: http://www.padl.com/download/nss_ldap-264.tar.gz

Introduction to Nss ldap

The resolution of the entities defined in RFC 2307 is generally performed by a set of UNIX C library calls (such as getpwnam() to return the attributes of a user). The nss_ldap module provides the means for Solaris and Linux workstations to this information (such as users, hosts, and groups) from LDAP directories.

Project Homepage: http://www.padl.com/OSS/nss_ldap.html

Dependencies

Required

Optional

Non-Multilib

Compile the package:

./configure --prefix=/usr --exec-prefix= \
    --sysconfdir=/etc --mandir=/usr/share/man \
    --enable-configurable-krb5-ccname-env \
    --enable-configurable-krb5-ccname-gssapi \
    --enable-configurable-krb5-keytab &&
make

Install the package:

make install

Multilib

32Bit

todo

N32

todo

64Bit

todo

Configuring

When the package was installed the Makefile would have created a example ldap.conf in /etc. This configuration serves as more then a configuration for just nss_ldap. It also configures pam_ldap and Sudo among other packages.

Create a basic configuration for nss_ldap:

cat >/etc/ldap.conf << "EOF"
# Begin /etc/ldap.conf

uri ldap://<fqdn of ldap server>/
base <BASE DN>

ldap_version 3

bind_policy soft
bind_timelimit 30
timelimit 30

# NSS Section

nss_base_passwd         ou=People,<BASE DN>
nss_base_group          ou=Groups,<BASE DN>
nss_base_shadow         ou=People,<BASE DN>

nss_base_hosts          ou=Hosts,<BASE DN>
nss_base_networks       ou=Networks,<BASE DN>

nss_base_protocols      ou=Protocals,<BASE DN>
nss_base_services       ou=Services,<BASE DN>
nss_base_rpc            ou=Rpc,<BASE DN>

nss_reconnect_tries     3

# End /etc/ldap.conf
EOF

Create a new nsswitch.conf that knows to look at nss_ldap for information:

cat > /etc/nsswitch.conf
# Begin /etc/nsswitch.conf

passwd: files ldap
group: files ldap
shadow: files ldap

hosts: files dns [UNAVAIL=return] ldap
networks: files ldap

protocols: files ldap
services: files ldap
ethers: files
rpc: files ldap

# End /etc/nsswitch.conf
EOF
Caution.png

Note

The [UNAVAIL=return] condition on the hosts line will prevent a circular condition that would loop indefinitely if the dns server is down.