LDAP

Revision as of 21:23, 31 August 2010

This page desperately needs to be filled out or brought up to date. If you're familiar with the operations of this part of the site, please help!

FIXME: There's almost no server info here

FIXME: What about client startup when servers are flaky?

Hosts should be to use LDAP for users and some other stuff.

Things are moving to NIS... very, very slowly...

setup LDAP client on new machine

run /home/wikipedia/bin/setup-ldap
copy zwinger:/etc/ldap.conf to the new machine

LDAP server is on srv1 (master) and srv2 (slave). failover should be automatic. to add new users, add them on srv1, then run ldapsync. srv2 will update automatically.

Overload

If the local caching daemon nscd dies on clients, the server can get badly overloaded and logins can fail.

If necessary restart it sitewide. :P

Server logging

slapd's logging stuff goes to a channel on syslog that's not logged by default. On a new server, you may have to manually edit syslog.conf and add something for local4.*

Then set an appropriate loglevel in /etc/openldap/slapd.conf

LDAP take 2

Installing/Configuring the server manually

Install required packages

apt-get install openjdk-6-jre openjdk-6-jdk ldap-utils

Initial installation

Create a Basic Directory Information Tree (DIT)

Add a proxy agent

Add the sudoers schema

Enable replication

Install/configure phpldapadmin =

Installing/Configuring the client manually

Install required packages

apt-get install ldap-utils sudo-ldap libpam-ldap libnss-ldap nss-updatedb libnss-db autofs5 autofs5-ldap nscd

Install the server certificate's CA

Install to /etc/ssl/certs/ldapca.crt

Configure openldap's ldap.conf

Configure libnss's ldap.conf

Configure nss

Configure pam

Configure autofs

Configure sudo

@@ Line 24: / Line 24: @@
 Then set an appropriate loglevel in /etc/openldap/slapd.conf
+== LDAP take 2 ==
+=== Installing/Configuring the server manually ===
+==== Install required packages ====
+<source lang=bash>
+apt-get install openjdk-6-jre openjdk-6-jdk ldap-utils
+</source>
+==== Initial installation ====
+==== Create a Basic Directory Information Tree (DIT) ====
+==== Add a proxy agent ====
+==== Add the sudoers schema ====
+==== Enable replication ====
+==== Install/configure phpldapadmin =====
+=== Installing/Configuring the client manually ===
+==== Install required packages ====
+<source lang=bash>
+apt-get install ldap-utils sudo-ldap libpam-ldap libnss-ldap nss-updatedb libnss-db autofs5 autofs5-ldap nscd
+</source>
+==== Install the server certificate's CA ====
+# Install to /etc/ssl/certs/ldapca.crt
+==== Configure openldap's ldap.conf ====
+==== Configure libnss's ldap.conf ====
+==== Configure nss ====
+==== Configure pam ====
+==== Configure autofs ====
+==== Configure sudo ====
 [[Category:Software]]

LDAP

Revision as of 21:23, 31 August 2010

Contents

setup LDAP client on new machine

Overload

Server logging

LDAP take 2

Installing/Configuring the server manually

Install required packages

Initial installation

Create a Basic Directory Information Tree (DIT)

Add a proxy agent

Add the sudoers schema

Enable replication

Install/configure phpldapadmin =

Installing/Configuring the client manually

Install required packages

Install the server certificate's CA

Configure openldap's ldap.conf

Configure libnss's ldap.conf

Configure nss

Configure pam

Configure autofs

Configure sudo

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Ops documentation

Wiki

Toolbox