BSD LDAP configuration
1. Install Packages
2. BSD 5.x System Settings
3. System Authenticaton
4. BSD PAM modules
5. Automounting Home Directories.
6. Changing your password.
1. Install Packages
-----------------------------
packages to install
a. openldap-client-x.xx Open source LDAP client implementation .
b. nss_ldap-x.xxx RFC 2307 NSS module
cd /usr/ports/net/nss_ldap
c. pam_ldap-x.x.x A pam module for authenticating with LDAP
cd /usr/ports/security/pam_ldap/
make install clean ( if you build this port first, the following ports will also be installed
- gettext-0.16.1_3 GNU gettext package
- gmake-3.81_2 GNU version of 'make' utility
- libiconv-1.11_1 A character set conversion library
- libtool-1.5.24 Generic shared library support script
- openldap-client-2.3.40 Open source LDAP client implementation
- pam_ldap-1.8.4 A pam module for authenticating with LDAP
2. BSD 5.x System Settings
--------------------------------------------------
BSD system uses /etc/ldap.conf
pam_ldap uses /usr/local/etc/ldap.conf
nss_ldap usees /usr/local/etc/nss_ldap.conf
+Create a symlink for /etc/ldap.conf pointing to /usr/local/etc/ldap.conf
ln -s /usr/local/etc/ldap.conf /etc/ldap.conf
6.x Systems Settings
----------------------------------
1. cd /usr/locatl/etc
- create config file
cp nss_ldap.conf.sample nss_ldap.conf
- created ldap config file
cp ldap.conf.dist
Configuration parametets (Minimal) /usr/local/etc/nss_ldap.con and /usr/local/etc/ldap.conf
1. host
2. Distinguished name base
Openldap cleint uses /usr/local/etc/openldap/ldap.conf as it's configuration file
change the BASE and URI value to reflect your domain. commands that use this conf file are
ldapsearch
3. System Authentication
--------------------------------------
edit /etc/nsswitch.conf to look the settings below. - (File can be downloaded from current directory)
passwd: files ldap
group: files ldap
shells: files ldap
authenticate first from local system settings and then from LDAP directory
4. BSD PAM modules
---------------------------------
PAM modules are located in /etc/pam.d directory
add the following line before each "auth required section" in the files mentioned below.
------ auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass ---------
Files
-sshd
username password sent to Ldap directory.
-system file
allows users to su to another login name as well as becoming root(users must exist in the wheel group)
-login
allows your ldap account to login from the console
Adding the line above will enable LDAP authentication for that application
5. Automounting Directory
---------------------------------------
1. As root create /.amd_mnt
2. start mountd manually mountd -r
3. Turn on rpcbind
4.. start amd manually enter the following command - amd -a /.amd_mnt -l syslog /host /etc/amd.map /net/ /etc/amd.map
5. To have these feautures start up automatically enter the follwoing settings in /etc/rc.conf
rpcbind_enable="YES"
mountd_flags="-r"
amd_enable="YES"
Informing about integrators, hardware and Open Source applications that can be used as alternatives to commercial properiertary software. Open source solutions are comprised of different software applications bundled together to create a unique and most times better solution than commercial software.