Note: forwarded message attached.
Send instant messages to your online friends http://uk.messenger.yahoo.com
--- Begin Message --- Hi,
I have installed openldap on my gentoo-linux . My purpose is to use LDAP server for login authentication using PAM. slapd is running fine. ldapsearch command is also running fine. But the problem is, it takes too much time to authenticate the user. My local system is server as well as the client. Please help me. I followed step by step
http://www.gentoo.org/doc/en/ldap-howto.xml#doc_chap2
My /etc/openldap/slapd.conf :-
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database ldbm
suffix "dc=kavach,dc=blr"
checkpoint 32 30
rootdn "cn=Manager,dc=kavach,dc=blr"
rootpw {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==
directory /var/lib/openldap-data
index uid,cn,gidNumber,uidNumber,memberUid eq
index uniqueMember pres
index objectClass pres,eq
access to *
by dn="uid=root,ou=people,dc=kavach,dc=blr" write
by users read
by anonymous auth
access to attrs=userPassword,gecos,description,loginShell
by self write
My /etc/openldap/ldap.conf
HOST 127.0.0.1 198.168.99.183 bijayant.kavach.blr
BASE dc=kavach,dc=blr
URI ldap://127.0.0.1:389/
TIMELIMIT 15
SIZELIMIT 12
DEREF never
nss_reconnect_tries 0
nss_reconnect_sleeptime 1
nss_reconnect_maxconntries 4
My /etc/nsswitch.conf file :--
passwd: files ldap
shadow: files ldap
group: files ldap
hosts: files dns
My /etc/pam.d/system-auth :--
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3 minlen=4 dcredit=0 ucredit=0
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ldap.so
My /etc/ldap.conf :--
host 127.0.0.1
base dc=kavach,dc=blr
rootbinddn cn=Manager,dc=kavach,dc=blr
port 389
bind_policy hard
uri ldap://127.0.0.1:389/
pam_password crypt
ldap_version 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute gid
nss_base_passwd ou=People,dc=kavach,dc=blr?one
nss_base_shadow ou=People,dc=kavach,dc=blr?one
nss_base_group ou=Group,dc=kavach,dc=blr?one
nss_base_hosts ou=Hosts,dc=kavach,dc=blr?one
scope one
nss_initgroups_ignoreusers root,ldap
nss_reconnect_tries 3
nss_reconnect_sleeptime 1
nss_reconnect_maxconntries 4
Since my local system is also acting as a LDAP server, thats why every users who are in LDAP directory, they are in my system also.
Send instant messages to your online friends http://uk.messenger.yahoo.com
Send instant messages to your online friends http://uk.messenger.yahoo.com
--- End Message ---
