LDAP Config Files

From Clustergroup
Revision as of 16:27, 1 April 2005 by DP110 (talk | contribs) (and another category change)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

/etc/ldap.conf

ssl start_tls
ssl on
suffix          "dc=ind-network,dc=co.uk"
#rootbinddn uid=root,ou=People,dc=ind-network,dc=co.uk
uri ldaps://auth.ind-network.co.uk/
pam_password exop
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberuid
nss_base_passwd ou=People,dc=ind-network,dc=co.uk
nss_base_shadow ou=People,dc=ind-network,dc=co.uk
nss_base_group  ou=Group,dc=ind-network,dc=co.uk
nss_base_hosts  ou=Hosts,dc=ind-network,dc=co.uk
scope one

/etc/openldap/ldap.conf

BASE         dc=ind-network,dc=co.uk
URI          ldaps://auth.ind-network.co.uk:636
TLS_REQCERT  allow

/etc/openldap/slapd.conf

include		/etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
password-hash {crypt}
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem
pidfile	/var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
############################################################
access to attribute="userPassword"
  by dn="uid=root,ou=people,dc=ind-network,dc=co.uk" write
  by dn="uid=admin,ou=People,dc=ind-network,dc=co.uk" write
  by anonymous auth
  by self write
  by * none
access to *
  by dn="uid=root,ou=People,dc=ind-network,dc=co.uk" write
  by * read
############################################################
allow   bind_v2
database	ldbm
suffix		"dc=ind-network,dc=co.uk"
directory       /var/lib/openldap-ldbm
index           objectClass     eq
rootdn		"cn=Manager,dc=ind-network,dc=co.uk"
rootpw {MD5}XXXXXXXXXXXXXXXXXXXXXX==

Other Files

/etc/nsswitch.conf

passwd:      files ldap
shadow:      files ldap
group:       files ldap
hosts:	      files dns
networks:    files dns
services:    db files
protocols:   db files
rpc:         db files
ethers:      db files
netmasks:    files
netgroup:    files
bootparams:  files
automount:   files
aliases:     files

/etc/pam.d/system-auth

#%PAM-1.0
auth    required    /lib/security/pam_env.so
auth    sufficient  /lib/security/pam_unix.so likeauth nullok shadow
auth    sufficient  /lib/security/pam_ldap.so use_first_pass
auth    required    /lib/security/pam_deny.so
account sufficient  /lib/security/pam_unix.so
account sufficient  /lib/security/pam_ldap.so
account required    /lib/security/pam_deny.so
password    required /lib/security/pam_cracklib.so retry=3
password    sufficient /lib/security/pam_unix.so nullok use_authtok shadow md5
password    sufficient /lib/security/pam_ldap.so use_authtok
password    required /lib/security/pam_deny.so
session required    /lib/security/pam_limits.so
session required    /lib/security/pam_unix.so
session required     /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0
session optional    /lib/security/pam_ldap.so