[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Login in with LDAP



Em Wed, Apr 19, 2000 at 08:36:40AM -0500, Jay Marcotte escreveu:
> I am new to LDAP and I have been asked to move your linux machines from login in to NIS to login in to LDAP.
> 
> The problem that I am having is there is little documentation on how to do this.  How do I force my Linux box to log in to the LDAP server.
> 
> I am running the newest version of Openldap for linux.  The server is Debian and the client is RedHat.
> 
> I have installed the Pam_ldap and Nss_ldap RPMs on the RedHat box and I have edited the nsswitch.conf file, and the pam.conf file.
> 
> I have even installed the ldapconf module for linuxconf.  And have verified that I am pointing to the Server. and the Base.
> 
> I have set a password for the user in ldap.
> 
> Do I need anything else running?

Well, you need to populate your database, you can do that with the MigrationTools (check
/usr/share/openldap/migration). You also need to modify your /etc/pam.d/* files
to include pam_ldap.
RedHat's authconfig is about to do most of that. It already configures /etc/nsswitch.conf
and /etc/ldap.conf, but doesn't alter your /etc/pam.d/* files.
I've made a modification to this program to support stunnel to provide SSL connections
to the LDAP server. Without this, all your passwords will go out in clear text. And I
don't even mean hashed, I mean clear text! This should be of concern if you have an untrusted
network, at least.
I think the -devel versions of the openldap server already support some sort of SASL/TLS,
but I haven't played with it yet.


> Can I use NIS and LDAP until all clients are switched over to LDAP?

There is a program from padl software (www.padl.com) which acts as a gateway, but I
think it's commercial.
If you plan to use both together without that program, I think it all ends up in the
order you choose for the ldap and nis services in /etc/nsswitch.conf.

> 
> I read something about using ypbind with ldap is this true or possible?
> 
> Your help will be appreciated!!
> 
> 
> 

-- 
Andreas Hasenack
andreas@conectiva.com.br
BIG Linux user!