Setup

edit/check certificate chain edit /etc/openldap/ldap.conf

edit ssh config to allow password login

configure PAM to allow LDAP Once PAM is enabled it uses /etc/ldap.conf (copy of /etc/openldap/ldap.conf done)

LDAP+PAM working , user logs in

nssswitch and passwd changed to add all other LDAP users

symbolic links to /homeauto

LDAP is slow nscd started, login much faster now

added broken_shadow to pam_unix

To do

LDAP group Automatically create home dir

follow-up

David will send notes

David will send manifest files to have LDAP configuration working with puppet

Restrict PAM to allow LDAP password but not local password

Reference

unixstorage/LDAP+Access+Control+for+UNIX

-- MarcoMambelli - 11 Jul 2012
Topic revision: r1 - 11 Jul 2012, MarcoMambelli
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback