Re: central authentication with LDAP
On Mon, Jan 28, 2002 at 03:55:08PM +0800, Patrick Hsieh wrote:
> Now I'd like to make my Debian GNU/Linux login and authenticate from the
> LDAP server, where should I begin?
I have played around with ldap and pam since mid of December, and
found that there are some issues with debians packages.
The original pam modules are well documented, the "newer" ones are
not. I had to go back to the sources.
openldap installer (potato unstable/testing) for libnss-ldap,
libpam-ldap configures /etc/ldap/ldap.conf, but the openldap utilities
look in /etc/openldap/ldap.conf (just make a symlink).
slapd configuration shows you how to secure your database, but in
principle does not do it.
There are a lot of schemas delivered, so you should not need to make
them yourselves, look at /etc/ldap/schema/*, and just include the ones
you need in /etc/ldap/slapd.conf
On padl's site I downloaded the "Migration tools", then crouched one
or two of them and now I am able to say on my central autentication host:
adduser <username> <- and configure the unix-user
Which imports the user entry en /etc/passwd, /etc/shadow into the
slapd database, including very nice features like setting surname,
GivenName, Telefone numbers, RoomNumber,...
It's not baken out, but I would be very glad to share and discuss with
other people interested in the same thing.
In fact I mailed a collect-mail to some of the maintainers because I
think that pam/ldap/nss actuall are dangerous for the non-guru
installer, but I only got response from one.