[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: An LDAP authentication howto for Debian?

At 4/29/01 02:53 PM, you wrote:

>I recently configured LDAP for my company and I 100% agree with the
>original poster. Documentation is thick but with a lot of holes, few
>explanations (so you can do things in a different way), and quite
>difficult to find.


In my case, I'm quite familiar with the way PAM, LDAP, etc. work individually.
It was getting them all to play well with each other that was the problem.  I made
a half-hearted attempt at it a week or so ago, but wasn't really into the idea then.
After posting, I set about installing libpam-ldap and libnss-ldap and happened to
find the LDAP Implementation howto on LDP.  That gave me a nudge in the general
direction, however, it still took in excess of five hours to get it all to work.  So far I've
just managed to get logins, etc. to work and haven't migrated any user accounts to
LDAP.  Also, I've only got it working on the one machine.  I haven't tried to set it up
for the other machines yet.

In the meantime, I was quite impressed that...

[jeremy@HURRICANE:pts/2:~]$ finger ldaptest
Login: ldaptest                         Name: LDAP Test User
Directory: /home/ldaptest               Shell: /bin/bash
Last login Sun Apr 29 03:11 (EST) on pts/5 from localhost
No mail.
No Plan.

...this worked, considering...

[jeremy@HURRICANE:pts/2:~]$ grep ^ldaptest /etc/passwd


I haven't messed with anything besides login (e.g. `telnet localhost`)
and logging in as user "ldaptest".  I'll give that a go on my next day off
(or the next time I'm sitting around bored at work).  :)

As has been stated, documention on Debian-specific LDAP+PAM+NSS
is severely lacking (or my google skills are).  I see great possibilities for
centralized authentication using LDAP, however.  Sure beats creating
user accounts on several machines and trying to synch uid and gid's (NFS,


Jeremy L. Gaddis     <jlgaddis@blueriver.net>

Go away or I will replace you with a very small shell script.

Reply to: