Hi Eric,
Checkout http://www.padl.com for the tools and modules.
You'll need nss_ldap to resolve passwd entries (username,
password, uid, gid, gecos, homedir, shell, etc.) from the LDAP
directory. The basic LDAP entries would be something like:
dn: uid=mike.maravillo, o=ramcargroup.com
objectclass: posixAccount
uid: mike.maravillo
userpassword: {crypt}secret
uidnumber: 1000
gidnumber: 1000
cn: Michael J. Maravillo
homedirectory: /home/ramcargroup/mike.maravillo
loginshell: /bin/bash
Specify the following in /etc/nsswitch.conf such that if users
are not found in "files" (/etc/passwd or /etc/shadow), the ldap
name service switch module would be tried:
passwd: files ldap
shadow: files ldap
BTW, nss_ldap isn't just limited to passwd and shadow. Others
found in /etc/nssswitch.conf can also be switched to LDAP. I
haven't used NIS but I guess the same goes. There's a Migration
Tools suite at PADL which would help you just in case you want to
migrate the other services (which I haven't dared using).
Also, you'll need the pam_ldap module so you can authenticate
users via the LDAP directory. For services that need PAM-LDAP
authentication, modify the appropriate /etc/pam.d/* entries. For
IMAP and POP (UW version compiled with "make lnp") for example,
/etc/pam.d/imap and /etc/pam.d/pop should contain:
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_pwdb.so shadow nullok
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_pwdb.so
The pam_ldap distribution has more examples for other services.
Both nss_ldap and pam_ldap use the same configuration file which
is /etc/ldap.conf. Setting this one up should be easy.
Hope this helps.
Mike
On Sun, Apr 09, 2000 at 02:40:45AM +0800, eric pareja wrote:
>
> we use NIS on our login hosts at UP Manila, though i'd seriously like to
> migrate that over to OpenLDAP or Kerberos for authentication and other
> stuff. haven't had the time to do so yet.
>
> eric
>
> p.s. is there anyone who's gotten OpenLDAP working like a charm and would
> like to share here?
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
