The proxy makes a Kerberos bind to the directory, accepts anonymous binds from clients on the host, and PAMNSS is configured to use the local LDAP proxy.While the the introduction of an LDAP proxy server makes the configuration more complicated it results in a system that is quite flexible.
The mappings of LDAP attributes to Posix elements can be tailored to the requirements of the system. OpenAFS is not required and the homeDirectory values stored in the Stanford LDAP directory can be overridden using the PAMNSS configuration. Accept the defaults for the server and shut it down once the installation is complete. Make sure the the cnconfig based configuration of the LDAP server is not in use by removing it from the system. The simplest way to get the needed schema files is to copy them from AFS. The var directories created by the slapd install are ignored. The final configuration will use daemontools to maintain the ticket cache. Do this by adding the following line to the etcsysconfigldap file. Set the base dn to the most common search that will be performed. In the example below the whole accounts branch of the directory is the default base distinguished name. You should see a list of posixAccounts entries for the selected workgroup. There is no point going on past this point until the following query returns data from the directory. Make sure that the permissions on the include the execute bit, i.e. Answer the installations questions by setting the host to 127.0.0.1, the base dn to cnaccounts,dcstanford,dcedu, and dont configure any services. LDAP is used to retrieve posix account information using using nsswitch. Again, LDAP is not used for password authentication, rather account information is extracted from the passwd, i.e.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |