TechHelpList.com

  • Increase font size
  • Default font size
  • Decrease font size

By A Web Design

Home Tech Tutorials OpenLDAP Installing OpenLDAP

Installing OpenLDAP

OpenLDAP Tutorial :: Install

OpenLDAP, or the Open Source implementation of the Lightweight Directory Access Protocol, is a subset of the X.509 (read: Heavyweight) directory database system. It is a daemon and database that is tailored to heirarchical systems and relationships. Because of these properties, LDAP makes an excellent system to centralize POSIX account logins.

When combined with NFS and Samba, OpenLDAP can help create a seemless, heterogeneous computing environment for Linux, Windows, and Macs.

Rather than have a seperate login at many computers, the accounts and passwords are stored on an LDAP server and clients check with the server just as they would their own /etc files (or SAM database in the Windows world).

The LDAP Server is called slapd, the stand-alone LDAP daemon.

Installing OpenLDAP Server in a Ubuntu environemnt

Install slapd using your favorite techique. Something like:

apt-get install slapd

Install ldap-utils similarly. I enjoy: 

apt-get install ldap-utils

Configure LDAP by using dpkg-reconfigure or by editing /etc/ldap/slapd.conf

So What's the symbology there?

I believe the word you're looking for is symbolism.
[images here?]

On a normal "flat-file" system, applications that need to lookup Gecos information, usernames, UID's, GID's, memberships, and stuff like that will go through the libnss module.

Likewise for "flat-file" systems, applications that do authentication (like sshd) go through thelibpam module.

Those modules know how to go to the standard /etc/ files like /etc/passwd. These modules don't know anything about slapd.

We basically need to install new modules for ldap and configure them to look at both the /etc/ files and slapd.

Configure Clients to use OpenLDAP. (Server is a client too!)

On every machine that will be an LDAP client (prolly the server too), install libnss-ldap. One way would be: 

apt-get install libnss-ldap
Install options, MMV 
ip/uri, search base, version 3, ldap admin distinguished name, admin password

Then install libpam-ldap. For example: 

apt-get install libpam.ldap
Install options, MMV 
local root as DB admin, do NOT require login, ldap admin distinguished name,
   admin password

Edit the /etc/nsswitch.conf file such that ldap is the second choice. Some distros or versions use the word files instead of compat and it seems to work fine.

	passwd:	compat	ldap
        group:	compat	ldap
        shadow:	compat	ldap

Edit the /etc/pam.d/common-account file as such: 

	account sufficient	pam_ldap.so
        account required	pam_unix.so

Edit the /etc/pam.d/common-auth file as such: 

	auth sufficient	pam_ldap.so
        auth required	pam_unix.so nullok_secure

Edit the /etc/pam.d/common-password file as such: 

	password sufficient	pam_ldap.so
        password required	pam_unix.so nullok obscure min=4 max=8 md5

And that's all you need!

No, not really.

What you DO have is a good start. OpenLDAP server (slapd) should be running, and your clients can at least utilize the thing.

 

Add comment


Security code
Refresh

Main Menu



B&W Powered