ConfigureSystemForLDAP

From CSLabsWiki

Jump to: navigation, search

Contents

Summary

This guide will help you configure your system to use the LDAP system for login, and for managed sudo access. So, let's get started!

What you need

You will need to have a network connected machine in the server room or the COSI/ITL labs (sorry evil baddies from outside of there, YOU can't authenticate against my server :})

Now install the required programs: 

sudo apt-get install libnss-ldap libpam-ldap nscd

Debconf will ask you all sorts of personal questions, don't worry, it's not stalking you, it just needs the following information:

  • LDAP Server DN: dc=auth,dc=sclab,dc=clarkson,dc=edu
  • LDAP URI: ldap://auth.sclab.clarkson.edu
  • LDAP Account for root: cn=admin,dc=auth,dc=sclab,dc=clarkson,dc=edu
  • Password: (get this from Jacob)
  • Make local root database admin: yes
  • Database require logging in: No
  • Root login account: cn=admin,dc=auth,dc=sclab,dc=clarkson,dc=edu
  • Password: (get this from Jacob)

Now bug Jacob

Because he needs to do some l33t LDAP-foo to add you to LDAP server

Configuration files to edit

Please edit the following files:

/etc/pam_ldap.conf: (Make sure it has atleast the following) 

host auth.sclab.clarkson.edu
base dc=auth,dc=sclab,dc=clarkson,dc=edu
rootbinddn cn=admin,dc=auth,dc=sclab,dc=clarkson,dc=edu
pam_filter |(host=<insert hostname here>)(host=\*)

/etc/libnss-ldap.conf: (Make sure it has atleast the following) 

host auth.sclab.clarkson.edu
base dc=auth,dc=sclab,dc=clarkson,dc=edu
rootbinddn cn=admin,dc=auth,dc=sclab,dc=clarkson,dc=edu
pam_filter |(host=<insert hostname here>)(host=\*)

/etc/pam.d/common-account: 

account sufficient pam_ldap.so
account required pam_unix.so
#if you want user homedir to be created on first login
#session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent

/etc/pam.d/common-auth: 

auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass

/etc/pam.d/common-password: 

password sufficient pam_ldap.so
password   required   pam_unix.so nullok obscure min=4 max=8 md5

/etc/pam.d/common-session: 

session sufficient pam_ldap.so
session required pam_unix.so

/etc/nsswitch.conf:

  • Replace the lines that look like: 

passwd: compat
group: compat
shadow: compat
  • With lines that look like: 

passwd: files ldap
group: files ldap
shadow: files ldap

Almost done!

Now, if you'd like sudo to be managed by LDAP, install sudo-ldap like: 

sudo apt-get install sudo-ldap

Now the final touches! Edit /etc/ldap/ldap.conf so it looks like: 

BASE    dc=auth, dc=sclab, dc=clarkson, dc=edu
URI     ldap://auth.sclab.clarkson.edu

SUDOERS_BASE ou=sudoers,dc=auth,dc=sclab,dc=clarkson,dc=edu


And that's it!, make Jacob look it over to make sure everything looks right, if it does, give your machine a reboot and viola! You now have a server managed by LDAP.

References/See Also

LDAP Server Setup

ConfigureLDAPUsers

See List of VMs for which machines are using LDAP

Retrieved from "http://docs.cslabs.clarkson.edu/wiki/ConfigureSystemForLDAP"
Personal tools