LDAPconf

NSS/PAM LDAP
Last updated 21.9.1999

System LDAP client

Install the ldap PAM/NSS packages

  • Install nss ldap with rpm -ivh ldap_nss
  • Install pam ldap with rpm -ivh ldap_pam

Edit /etc/ldap.conf to set the server and search base

  • host ldap.demo.nett.org
    base cn=manager,dc=demo,dc=nett,dc=org
    

Activate nss/pam - system directory services

    • Warning: Before you begin, ensure you have one console/terminal with root access available on your system. Don't use this terminal for testing, if anything breaks (ie your root password is no longer accepted by the system) you may copy back the original config files to fix it, using the "original root" terminal. Also note PAM and NSS are two different concepts, you don't have to enable both to test it.
    • Backup /etc/pam.d/
    • Backup /etc/nsswitch.conf
    • May be a good idea to backup the whole /etc (and maybe also the whole server...)
    • Enable PAM
      • Copy /usr/doc/pam_ldap-x/pam.d/ /etc/pam.d/
    • Enable NSS
      • Copy /usr/doc/nss_ldap-x/nsswitch.ldap to /etc/nsswitch.conf

Test ns/pam

    • Log in from another terminal, and check the server log. slapd should receive queries for the user you log into.
    • netstat will also generate connections when resolving addresses and services from slapd.