LDAP Config Files
From Clustergroup
Jump to navigationJump to search
- Distro Used : Gentoo
- Taken From : IND-Network.co.uk
/etc/ldap.conf
ssl start_tls ssl on suffix "dc=ind-network,dc=co.uk" #rootbinddn uid=root,ou=People,dc=ind-network,dc=co.uk uri ldaps://auth.ind-network.co.uk/ pam_password exop ldap_version 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid nss_base_passwd ou=People,dc=ind-network,dc=co.uk nss_base_shadow ou=People,dc=ind-network,dc=co.uk nss_base_group ou=Group,dc=ind-network,dc=co.uk nss_base_hosts ou=Hosts,dc=ind-network,dc=co.uk scope one
/etc/openldap/ldap.conf
BASE dc=ind-network,dc=co.uk URI ldaps://auth.ind-network.co.uk:636 TLS_REQCERT allow
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
password-hash {crypt}
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem
TLSCACertificateFile /etc/ssl/ldap.pem
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
############################################################
access to attribute="userPassword"
by dn="uid=root,ou=people,dc=ind-network,dc=co.uk" write
by dn="uid=admin,ou=People,dc=ind-network,dc=co.uk" write
by anonymous auth
by self write
by * none
access to *
by dn="uid=root,ou=People,dc=ind-network,dc=co.uk" write
by * read
############################################################
allow bind_v2
database ldbm
suffix "dc=ind-network,dc=co.uk"
directory /var/lib/openldap-ldbm
index objectClass eq
rootdn "cn=Manager,dc=ind-network,dc=co.uk"
rootpw {MD5}XXXXXXXXXXXXXXXXXXXXXX==
Other Files
/etc/nsswitch.conf
passwd: files ldap shadow: files ldap group: files ldap hosts: files dns networks: files dns services: db files protocols: db files rpc: db files ethers: db files netmasks: files netgroup: files bootparams: files automount: files aliases: files
/etc/pam.d/system-auth
#%PAM-1.0 auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok shadow auth sufficient /lib/security/pam_ldap.so use_first_pass auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_unix.so account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_deny.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok shadow md5 password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0 session optional /lib/security/pam_ldap.so
