HowtoForge - Linux Howtos and Tut. This howto will show you howto store your users in LDAP and authenticate some of the services against it.
I will not show howto install particular packages, as it is distribution/system dependant. I will focus on "pure" configuration of all componenets needed to have LDAP authentication/storage of users. The howto assumes somehow, that you are migrating from a regular passwd/shadow authentication, but it is also suitable for people who do it from scratch.
Requirements Introducion The thing we want to achieve is to have our users stored in LDAP, authenticated against LDAP ( direct or pam ) and have some tool to manage this in a human understandable way. This way we can use all software, which has ldap support or fallback to PAM ldap module, which will act as a PAM->LDAP gateway. More information on LDAP idea can be found on Wikipedia: LDAP wikipedia Configuring OpenLDAP OpenLDAP consists of slapd and slurpd daemon. Slappasswd -h {md5} The config looks like this: access to dn.base="" by * read. Chapter 25. Lightweight Directory Access Protocol (LDAP) The Lightweight Directory Access Protocol (LDAP) is a set of open protocols used to access centrally stored information over a network.
It is based on the X.500 standard for directory sharing, but is less complex and resource-intensive. For this reason, LDAP is sometimes referred to as "X.500 Lite. " The X.500 standard is a directory that contains hierarchical and categorized information, which could include information such as names, addresses, and phone numbers. Like X.500, LDAP organizes information in a hierarchal manner using directories. These directories can store a variety of information and can even be used in a manner similar to the Network Information Service (NIS), enabling anyone to access their account from any machine on the LDAP enabled network. In many cases, LDAP is used as a virtual phone directory, allowing users to easily access contact information for other users. Ch31 : Centralized Logins Using LDAP and RADIUS - Many centralized database programs have been developed to allow users to log in on multiple computers using a single password.
NIS was one of the first, but it doesn't encrypt the password transaction. It also uses the portmapper daemon, which uses an unpredictable range of TCP ports that are difficult for firewalls to track. LDAP (Lightweight Directory Access Protocol) provides an alternative based on the X.500 standard. The X.500 standard defines how globally referenced directories of people should be structured. X.500 directories are organized under a common root directory in a tree hierarchy with different levels for each category of information, such as country, state, city, organization, organizational unit, and person. It was later recognized that LDAP had features that could make it a desirable replacement for NIS in some scenarios. This chapter will first show you how to install and use LDAP on Fedora Linux systems, then go on to explain how LDAP interacts with RADIUS. Faq-O-Matic: How do I export my directory in LDIF format?
Untitled. Step-by-step OpenLDAP Installation and Configuration. This tutorial describes how to install and configure an OpenLDAP server and also an OpenLDAP client.
Step by Step Installation and Configuration OpenLDAP Server. CentOS] LDAP server, too many open files. Jacob Bresciani wrote: > I've setup an LDAP server with a slave server on Centos 5.3 X86_64, > replication works, most of the time client logins work fine but I'm > starting to get a error I can't seem to eliminate, it's starting to > cause login failures for users and I think it's causing other > application failures when they try to auth against ldap.
![CentOS] LDAP server, too many open files](http://cdn.pearltrees.com/s/pic/th/centos-ldap-server-many-files-73654184)
> > on the client side /var/log/messages shows [...] > > on the server side I see > Oct 22 08:53:23 ldap1slapd[23963]: warning: cannot open /etc/ > hosts.allow: Too many open files > Oct 22 08:53:23 ldap1slapd[23963]: warning: cannot open /etc/ You probably are running into the default limit for open files. Look at /etc/security/limits.conf and add a line reading * - nofile 64000 Then restart the ldap server via the init script. -- Benjamin Franz _______________________________________________ CentOS mailing list CentOS@centos.org.