特殊:Badtitle/NS100:SunLDAPClientAuthentication:修订间差异
小无编辑摘要 |
小无编辑摘要 |
||
| 第3行: | 第3行: | ||
== Foreword == | == Foreword == | ||
After Sun had made [http://www.sun.com/smi/Press/sunflash/2005-11/sunflash.20051130.1.html the big announcement] that they were open-sourcing and making free their Sun Java Enterprise System suite, there now exists another viable alternative to OpenLDAP. | After Sun had made [http://www.sun.com/smi/Press/sunflash/2005-11/sunflash.20051130.1.html the big announcement] that they were open-sourcing and making free their Sun Java Enterprise System suite, there now exists another viable alternative to OpenLDAP. | ||
The following guide is intended only for readers wishing to authenticate Ubuntu clients off an existing Sun Java Enterprise System Directory Server. | The following guide is intended only for readers wishing to authenticate Ubuntu clients off an existing Sun Java Enterprise System Directory Server. | ||
Users wishing to authenticate off an OpenLDAP server should use the [[UbuntuHelp:LDAPClientAuthentication]] page instead. | Users wishing to authenticate off an OpenLDAP server should use the [[UbuntuHelp:LDAPClientAuthentication]] page instead. | ||
== Name Switch Server Setup == | == Name Switch Server Setup == | ||
The first step is to setup '''nss-ldap''', the LDAP-specific name switch server package. During installation, accept all the defaults: | The first step is to setup '''nss-ldap''', the LDAP-specific name switch server package. During installation, accept all the defaults: | ||
<pre><nowiki> | <pre><nowiki> | ||
ncampbell@naaman:~$ sudo apt-get install libnss-ldap | ncampbell@naaman:~$ sudo apt-get install libnss-ldap | ||
</nowiki></pre> | </nowiki></pre> | ||
In order to authenticate using LDAP, /etc/nsswitch.conf will need to be edited: | In order to authenticate using LDAP, /etc/nsswitch.conf will need to be edited: | ||
<pre><nowiki> | <pre><nowiki> | ||
ncampbell@naaman:~$ sudo vi /etc/nsswitch.conf | ncampbell@naaman:~$ sudo vi /etc/nsswitch.conf | ||
# perform the following vi commands | # perform the following vi commands | ||
:1,$s/compat/files ldap/g | :1,$s/compat/files ldap/g | ||
:x! | :x! | ||
</nowiki></pre> | </nowiki></pre> | ||
The /etc/libnss-ldap.conf file is where all the settings are configured. For brevity, the example libnss-ldap.conf is attached and not listed in this document - https://help.ubuntu.com/community/SunLDAPClientAuthentication?action=AttachFile&do=get&target=libnss-ldap.conf | The /etc/libnss-ldap.conf file is where all the settings are configured. For brevity, the example libnss-ldap.conf is attached and not listed in this document - https://help.ubuntu.com/community/SunLDAPClientAuthentication?action=AttachFile&do=get&target=libnss-ldap.conf | ||
To test the setup of nss-ldap, perform the following command to see a listing of LDAP shadow entries: | To test the setup of nss-ldap, perform the following command to see a listing of LDAP shadow entries: | ||
<pre><nowiki> | <pre><nowiki> | ||
ncampbell@naaman:~$ getent shadow | ncampbell@naaman:~$ getent shadow | ||
</nowiki></pre> | </nowiki></pre> | ||
== Pluggable Authentication Modules Setup == | == Pluggable Authentication Modules Setup == | ||
The next step requires '''pam-ldap''', the LDAP-specific PAM package. Answer <No> to the 2 questions asked during installation: | The next step requires '''pam-ldap''', the LDAP-specific PAM package. Answer <No> to the 2 questions asked during installation: | ||
<pre><nowiki> | <pre><nowiki> | ||
ncampbell@naaman:~$ sudo apt-get install libpam-ldap | ncampbell@naaman:~$ sudo apt-get install libpam-ldap | ||
</nowiki></pre> | </nowiki></pre> | ||
The configuration file provided with the libpam-ldap package is unneccesary and can be replaced by libnss-ldap.conf: | The configuration file provided with the libpam-ldap package is unneccesary and can be replaced by libnss-ldap.conf: | ||
<pre><nowiki> | <pre><nowiki> | ||
ncampbell@naaman:~$ sudo rm /etc/pam_ldap.conf | ncampbell@naaman:~$ sudo rm /etc/pam_ldap.conf | ||
ncampbell@naaman:~$ sudo ln -s /etc/libnss-ldap.conf /etc/pam_ldap.conf | ncampbell@naaman:~$ sudo ln -s /etc/libnss-ldap.conf /etc/pam_ldap.conf | ||
</nowiki></pre> | </nowiki></pre> | ||
To complete the configuration of the pam-ldap package, the following files in the /etc/pam.d directory need to be changed: | To complete the configuration of the pam-ldap package, the following files in the /etc/pam.d directory need to be changed: | ||
<pre><nowiki> | <pre><nowiki> | ||
ncampbell@naaman:~$ cd /etc/pam.d | ncampbell@naaman:~$ cd /etc/pam.d | ||
ncampbell@naaman:/etc/pam.d$ sudo vi common-account | ncampbell@naaman:/etc/pam.d$ sudo vi common-account | ||
account sufficient pam_ldap.so | account sufficient pam_ldap.so | ||
account required pam_unix.so | account required pam_unix.so | ||
ncampbell@naaman:/etc/pam.d$ sudo vi common-auth | ncampbell@naaman:/etc/pam.d$ sudo vi common-auth | ||
auth sufficient pam_ldap.so | auth sufficient pam_ldap.so | ||
auth required pam_unix.so nullok_secure use_first_pass | auth required pam_unix.so nullok_secure use_first_pass | ||
ncampbell@naaman:/etc/pam.d$ sudo vi common-password | ncampbell@naaman:/etc/pam.d$ sudo vi common-password | ||
password sufficient pam_ldap.so nullok | password sufficient pam_ldap.so nullok | ||
password required pam_unix.so nullok obscure min=4 max=8 md5 | password required pam_unix.so nullok obscure min=4 max=8 md5 | ||
ncampbell@naaman:/etc/pam.d$ sudo vi common-session | ncampbell@naaman:/etc/pam.d$ sudo vi common-session | ||
session sufficient pam_ldap.so | session sufficient pam_ldap.so | ||
session required pam_unix.so | session required pam_unix.so | ||
ncampbell@naaman:/etc/pam.d$ cd ~ | ncampbell@naaman:/etc/pam.d$ cd ~ | ||
</nowiki></pre> | </nowiki></pre> | ||
To test the setup of the pam-ldap package, attempt to logon as an LDAP user. | To test the setup of the pam-ldap package, attempt to logon as an LDAP user. | ||
== Name Caching Service Daemon Setup == | == Name Caching Service Daemon Setup == | ||
The final step in the LDAP client setup is to install '''nscd''', the name service caching daemon, to prevent excess LDAP traffic: | The final step in the LDAP client setup is to install '''nscd''', the name service caching daemon, to prevent excess LDAP traffic: | ||
<pre><nowiki> | <pre><nowiki> | ||
ncampbell@naaman:~$ sudo apt-get install nscd | ncampbell@naaman:~$ sudo apt-get install nscd | ||
| 第85行: | 第57行: | ||
ncampbell@naaman:~$ sudo /etc/init.d/nscd start | ncampbell@naaman:~$ sudo /etc/init.d/nscd start | ||
</nowiki></pre> | </nowiki></pre> | ||
== References == | == References == | ||
* [http://www.metaconsultancy.com/whitepapers/ldap-linux.htm LDAP Authentication for Linux] | |||
* [http://craige.mcwhirter.com.au/2005/ubuntu-ldap-client.html Making a Debian or Ubuntu Machine an LDAP Authentication Client] - more suited to an OpenLDAP environment | |||
* [http://web.singnet.com.sg/~garyttt/Installing%20and%20configuring%20iPlanet%20Directory%20Server%20for%20Solaris9.htm Installing and configuring iPlanet Directory Server for Solaris9] - namely Step 4: Configure RedHat Linux LDAP Client (OpenLDAP+PADL libraries) - also a good source of information on setting up a Sun Directory Server | |||
---- | ---- | ||
[[category:CategoryDocumentation]] | [[category:CategoryDocumentation]] | ||
[[category:UbuntuHelp]] | [[category:UbuntuHelp]] | ||
2007年11月30日 (五) 21:36的版本
 |
文章出处: |
{{#if: | {{{2}}} | https://help.ubuntu.com/community/SunLDAPClientAuthentication }} |
|
点击翻译: |
English {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/af | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Afrikaans| [[::SunLDAPClientAuthentication/af|Afrikaans]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ar | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|العربية| [[::SunLDAPClientAuthentication/ar|العربية]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/az | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|azərbaycanca| [[::SunLDAPClientAuthentication/az|azərbaycanca]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/bcc | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|جهلسری بلوچی| [[::SunLDAPClientAuthentication/bcc|جهلسری بلوچی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/bg | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|български| [[::SunLDAPClientAuthentication/bg|български]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/br | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|brezhoneg| [[::SunLDAPClientAuthentication/br|brezhoneg]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ca | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|català| [[::SunLDAPClientAuthentication/ca|català]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/cs | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|čeština| [[::SunLDAPClientAuthentication/cs|čeština]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/de | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Deutsch| [[::SunLDAPClientAuthentication/de|Deutsch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/el | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Ελληνικά| [[::SunLDAPClientAuthentication/el|Ελληνικά]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/es | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|español| [[::SunLDAPClientAuthentication/es|español]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/fa | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|فارسی| [[::SunLDAPClientAuthentication/fa|فارسی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/fi | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|suomi| [[::SunLDAPClientAuthentication/fi|suomi]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/fr | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|français| [[::SunLDAPClientAuthentication/fr|français]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/gu | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|ગુજરાતી| [[::SunLDAPClientAuthentication/gu|ગુજરાતી]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/he | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|עברית| [[::SunLDAPClientAuthentication/he|עברית]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/hu | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|magyar| [[::SunLDAPClientAuthentication/hu|magyar]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/id | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Bahasa Indonesia| [[::SunLDAPClientAuthentication/id|Bahasa Indonesia]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/it | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|italiano| [[::SunLDAPClientAuthentication/it|italiano]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ja | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|日本語| [[::SunLDAPClientAuthentication/ja|日本語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ko | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|한국어| [[::SunLDAPClientAuthentication/ko|한국어]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ksh | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Ripoarisch| [[::SunLDAPClientAuthentication/ksh|Ripoarisch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/mr | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|मराठी| [[::SunLDAPClientAuthentication/mr|मराठी]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ms | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Bahasa Melayu| [[::SunLDAPClientAuthentication/ms|Bahasa Melayu]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/nl | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Nederlands| [[::SunLDAPClientAuthentication/nl|Nederlands]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/no | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|norsk| [[::SunLDAPClientAuthentication/no|norsk]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/oc | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|occitan| [[::SunLDAPClientAuthentication/oc|occitan]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/pl | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|polski| [[::SunLDAPClientAuthentication/pl|polski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/pt | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|português| [[::SunLDAPClientAuthentication/pt|português]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ro | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|română| [[::SunLDAPClientAuthentication/ro|română]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ru | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|русский| [[::SunLDAPClientAuthentication/ru|русский]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/si | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|සිංහල| [[::SunLDAPClientAuthentication/si|සිංහල]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/sq | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|shqip| [[::SunLDAPClientAuthentication/sq|shqip]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/sr | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|српски / srpski| [[::SunLDAPClientAuthentication/sr|српски / srpski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/sv | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|svenska| [[::SunLDAPClientAuthentication/sv|svenska]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/th | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|ไทย| [[::SunLDAPClientAuthentication/th|ไทย]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/tr | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Türkçe| [[::SunLDAPClientAuthentication/tr|Türkçe]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/vi | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Tiếng Việt| [[::SunLDAPClientAuthentication/vi|Tiếng Việt]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/yue | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|粵語| [[::SunLDAPClientAuthentication/yue|粵語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/zh | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|中文| [[::SunLDAPClientAuthentication/zh|中文]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/zh-hans | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|中文(简体)| [[::SunLDAPClientAuthentication/zh-hans|中文(简体)]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/zh-hant | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|中文(繁體)| [[::SunLDAPClientAuthentication/zh-hant|中文(繁體)]]}}|}} |
{{#ifeq:UbuntuHelp:SunLDAPClientAuthentication|:SunLDAPClientAuthentication|请不要直接编辑翻译本页,本页将定期与来源同步。}} |
{{#ifexist: :SunLDAPClientAuthentication/zh | | {{#ifexist: SunLDAPClientAuthentication/zh | | {{#ifeq: {{#titleparts:SunLDAPClientAuthentication|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:SunLDAPClientAuthentication|1|-1|}} | zh | | }}
Foreword
After Sun had made the big announcement that they were open-sourcing and making free their Sun Java Enterprise System suite, there now exists another viable alternative to OpenLDAP. The following guide is intended only for readers wishing to authenticate Ubuntu clients off an existing Sun Java Enterprise System Directory Server. Users wishing to authenticate off an OpenLDAP server should use the UbuntuHelp:LDAPClientAuthentication page instead.
Name Switch Server Setup
The first step is to setup nss-ldap, the LDAP-specific name switch server package. During installation, accept all the defaults:
ncampbell@naaman:~$ sudo apt-get install libnss-ldap
In order to authenticate using LDAP, /etc/nsswitch.conf will need to be edited:
ncampbell@naaman:~$ sudo vi /etc/nsswitch.conf # perform the following vi commands :1,$s/compat/files ldap/g :x!
The /etc/libnss-ldap.conf file is where all the settings are configured. For brevity, the example libnss-ldap.conf is attached and not listed in this document - https://help.ubuntu.com/community/SunLDAPClientAuthentication?action=AttachFile&do=get&target=libnss-ldap.conf To test the setup of nss-ldap, perform the following command to see a listing of LDAP shadow entries:
ncampbell@naaman:~$ getent shadow
Pluggable Authentication Modules Setup
The next step requires pam-ldap, the LDAP-specific PAM package. Answer <No> to the 2 questions asked during installation:
ncampbell@naaman:~$ sudo apt-get install libpam-ldap
The configuration file provided with the libpam-ldap package is unneccesary and can be replaced by libnss-ldap.conf:
ncampbell@naaman:~$ sudo rm /etc/pam_ldap.conf ncampbell@naaman:~$ sudo ln -s /etc/libnss-ldap.conf /etc/pam_ldap.conf
To complete the configuration of the pam-ldap package, the following files in the /etc/pam.d directory need to be changed:
ncampbell@naaman:~$ cd /etc/pam.d ncampbell@naaman:/etc/pam.d$ sudo vi common-account account sufficient pam_ldap.so account required pam_unix.so ncampbell@naaman:/etc/pam.d$ sudo vi common-auth auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass ncampbell@naaman:/etc/pam.d$ sudo vi common-password password sufficient pam_ldap.so nullok password required pam_unix.so nullok obscure min=4 max=8 md5 ncampbell@naaman:/etc/pam.d$ sudo vi common-session session sufficient pam_ldap.so session required pam_unix.so ncampbell@naaman:/etc/pam.d$ cd ~
To test the setup of the pam-ldap package, attempt to logon as an LDAP user.
Name Caching Service Daemon Setup
The final step in the LDAP client setup is to install nscd, the name service caching daemon, to prevent excess LDAP traffic:
ncampbell@naaman:~$ sudo apt-get install nscd ncampbell@naaman:~$ sudo mkdir -p /var/db/nscd /var/run/nscd ncampbell@naaman:~$ sudo /etc/init.d/nscd start
References
- LDAP Authentication for Linux
- Making a Debian or Ubuntu Machine an LDAP Authentication Client - more suited to an OpenLDAP environment
- Installing and configuring iPlanet Directory Server for Solaris9 - namely Step 4: Configure RedHat Linux LDAP Client (OpenLDAP+PADL libraries) - also a good source of information on setting up a Sun Directory Server
