Wednesday, September 17, 2008


sudo apt-get install slapd ldap-utils phpldapadmin libnss-ldap libpam-ldap

dpkg-reconfigure slapd

vim /etc/ldap/slapd.conf
include -------------------> all required scema files(build them if u can)

And now for client configuration.

vim /etc/ldap/ldap.conf

To do rest in GUI mode.


Create the database(account book), you can do it in GUI also.

vim ****.ldif

to create authenticated user under admin group

dn: uid=***,cn=admin,dc=example,dc=net
uid: ****
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
userPassword: ******

to create authenticated user under other groups

dn: uid=***,ou=****,dc=example,dc=net
uid: ****
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
userPassword: ******

to create objectclass like organizationalUnit


dn: ou=admin,dc=example,dc=net objectclass: organizationalunit ou: admin

to create normal addressbook entries under any group

dn: cn=***,ou=***,dc=example,dc=net
objectClass: organizationalRole
cn: ***
roleOccupant: cn=***,dc=example,dc=net

Now to add entries either add them from GUI or by comand line

ldapadd -x -f *.ldif -vD "cn=***,dc=example,dc=net" -w ***

And to test the directory try searching

ldapsearch -x -b 'dc=example,dc=net' '(objectclass=*)'

To give permmisions to authenticated users

vim /etc/ldap/slapd.conf\
access to *
by dn="cn=admin,dc=example,dc=net" write
by dn="uid=***,cn=admin,dc=example,dc=net" write
by * read

* line no. 2 of permissions was to give the user full permissions.
read --------> to see

write--------> to edit add delete


PAM is an intermediator which provides the application the required information about the user.
and helps him clearing authentication without changing it in applications configuration files.
What it does is , it checks for the authentication(user name and password) into the system files then into the programs data.
And lets the user login if it gets the required information from any of the source.




sudo apt-get install ldap-auth-client
sudo apt-get install ldap-utils libpam-ldap libnss-ldap nscd

edit /etc/ldap/ldap.conf
to look like this-->

base dc=example,dc=net
pam_filter objectclass=prosixaccount
pam_login_attribute uid
pam_member_attribute memberuid
pam_password crypt
ssl on
sslpath /etc/ssl/certs

Now edit pam.conf
to look like this-->

login   auth sufficient /usr/lib/security/
login auth required /usr/lib/security/ try_first_pass
login auth required /usr/lib/security/

telnet auth sufficient /usr/lib/security/
telnet auth required /usr/lib/security/ try_first_pass

rlogin auth sufficient /usr/lib/security/
rlogin auth sufficient /usr/lib/security/
rlogin auth required /usr/lib/security/ try_first_pass

dtlogin auth sufficient /usr/lib/security/
dtlogin auth required /usr/lib/security/ try_first_pass

rsh auth required /usr/lib/security/

other auth sufficient /usr/lib/security/
other auth required /usr/lib/security/ try_first_pass

login account required /usr/lib/security/
login account required /usr/lib/security/

dtlogin account required /usr/lib/security/
dtlogin account required /usr/lib/security/

other account required /usr/lib/security/
other account required /usr/lib/security/

other session required /usr/lib/security/

other password required /usr/lib/security/

Now edit /etc/nsswitch.cong
to look like this-->

passwd:         files   ldap
group: files ldap
shadow: files ldap

Now edit /etc/nscd.conf
to look like this-->

 enable-cache            passwd          yes
positive-time-to-live passwd 600
negative-time-to-live passwd 20
suggested-size passwd 211
check-files passwd yes
persistent passwd yes
shared passwd yes
max-db-size passwd 33554432
auto-propagate passwd yes

enable-cache group yes
positive-time-to-live group 3600
negative-time-to-live group 60
suggested-size group 211
check-files group yes
persistent group yes
shared group yes
max-db-size group 33554432
auto-propagate group yes

enable-cache hosts no
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
suggested-size hosts 211
check-files hosts yes
persistent hosts yes
shared hosts yes
max-db-size hosts 33554432

enable-cache services yes
positive-time-to-live services 28800
negative-time-to-live services 20
suggested-size services 211
check-files services yes
persistent services yes
shared services yes

Restart the server

service slapd restart

restart nscd

servive nscd restart

the configuration is done just check if u can modify the data from the same client and other clients.

No comments:

Post a Comment