June 4, 2014

Add LDAP user authentication to YellowDog Linux

/etc/ldap.conf
*************************************
host ldap-server-ip-address
base ou=Users,dc=advistatech,dc=com
ssl no
pam_password md5
*************************************

/etc/openldap/ldap.conf
*************************************
HOST ldap-server-ip-address
BASE ou=Users,dc=advistatech,dc=com
*************************************

/etc/pam.d/system-auth
*************************************
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so

account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so

password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
*************************************

nsswitch.conf
**********************
passwd: files ldap
shadow: files ldap
group: files ldap
**********************

You can use "getent passwd" to  list all the users in the ldap server.

To make sshd work, restart the sshd service.

No comments:

Post a Comment