Linux LDAP Authentication
- Details
- Category: Linux && Unix Services
- Written by Mahdi Bahmani Ciahmard
- Hits: 138
Page 1 of 3
Linux LDAP Authentication
Server
config files
1- /etc/nsswitch.conf
2- /etc/ldap/slapd.conf
3- /usr/share/migrationtools/migrate_common.ph
4- /etc/libnss-ldap.conf
5- /etc/pam_ldap.conf
6- example-base.ldif
7- example-group.ldif
8- example-test.ldif
9- example-user.ldif
۱۰- /etc/ldap/ldap.conf
Make root local database admin = yes
Database require login = no
linux-backup:~#apt-get install slapd ldap-utils libnss-ldap libpam-ldap nscd migrationtools
linux-backup:~#/etc/init.d/slapd stop
linux-backup:~#cd /etc/ldap/
linux-backup:~#cp -p slapd.conf slapd.conf-deb_orig
linux-backup:~#chmod +w slapd.conf
linux-backup:~#chmod +w slapd.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb
sizelimit 500
tool-threads 1
backend bdb
checkpoint 512 30
database bdb
suffix "dc=golco,dc=net"
rootdn "cn=root,dc=golco,dc=net "
rootpw {MD5}f31JeV3PCoJgX7EQPtINKA==
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass eq
lastmod on
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=golco,dc=net" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=golco,dc=net" write
by dn="cn=nss,dc=golco,dc=net" read
by * read
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 0
modulepath /usr/lib/ldap
moduleload back_bdb
sizelimit 500
tool-threads 1
backend bdb
checkpoint 512 30
database bdb
suffix "dc=golco,dc=net"
rootdn "cn=root,dc=golco,dc=net "
rootpw {MD5}f31JeV3PCoJgX7EQPtINKA==
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass eq
lastmod on
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=golco,dc=net" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=golco,dc=net" write
by dn="cn=nss,dc=golco,dc=net" read
by * read
Place a “rootpw password” entry under rootdn
linux-backup:~# slappasswd -h {MD5}
/etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
cd /usr/share/migrationtools
group: compat ldap
shadow: compat ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
cd /usr/share/migrationtools
Edit migrate_common.ph and replace “padl.com” with your domain
linux-backup:~#./migrate_base.pl > /tmp/base.ldif
linux-backup:~#./migrate_passwd.pl /etc/passwd /tmp/passwd.ldif
linux-backup:~#./migrate_group.pl /etc/group /tmp/group.ldif
linux-backup:~#/etc/init.d/slapd restart
tips: You may have to remove the first block of text in base.ldif (ldap should already have it)
linux-backup:~# ldapadd -x -W -D ‘cn=admin,dc=golco,dc=net’ < /tmp/base.ldif
linux-backup:~#ldapadd -x -W -D ‘cn=admin,dc=example,dc=net’ < /tmp/passwd.ldif
linux-backup:~#ldapadd -x -W -D ‘cn=admin,dc=example,dc=net’ < /tmp/group.ldif
linux-backup:~#cp -p /usr/share/doc/libpam-ldap/examples/pam.d/* /etc/pam.d
linux-backup:~#apt-get install libpam-cracklib
linux-backup:~#ln -s /lib/security/pam_unix.so /lib/security/pam_pwdb.so
/etc/pam_ldap.conf
base dc=golco,dc=net
uri ldap://127.0.0.1/
ldap_version 3
rootbinddn cn=admin,dc=golco,dc=net
binddn cn=nss,dc=golco,dc=net
bindpw mehdi
pam_password exop
pam_filter |(host=myhostname)(host=\*)
port 389
uri ldap://127.0.0.1/
ldap_version 3
rootbinddn cn=admin,dc=golco,dc=net
binddn cn=nss,dc=golco,dc=net
bindpw mehdi
pam_password exop
pam_filter |(host=myhostname)(host=\*)
port 389
linux-backup:~# cp /etc/pam_ldap.conf /etc/libnss-ldap.conf
/etc/libnss-ldap.conf
base dc=golco,dc=net
uri ldap://127.0.0.1/
ldap_version 3
rootbinddn cn=admin,dc=golco,dc=net
binddn cn=nss,dc=golco,dc=net
bindpw mehdi
nss_base_passwd ou=People,dc=golco,dc=net
nss_base_group ou=Group,dc=golco,dc=net
port 389
uri ldap://127.0.0.1/
ldap_version 3
rootbinddn cn=admin,dc=golco,dc=net
binddn cn=nss,dc=golco,dc=net
bindpw mehdi
nss_base_passwd ou=People,dc=golco,dc=net
nss_base_group ou=Group,dc=golco,dc=net
port 389
/linux-backup:~#/etc/init.d/slapd restart
linux-backup:~#/etc/init.d/nscd restart
linux-backup:~# ldapsearch -x -W -b 'dc=golco,dc=net' -D 'cn=admin,dc=golco,dc=net' -H 'ldap://127.0.0.1:389/' 'objectclass=*'
Enter LDAP Password
: