This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
ldap_openldap [2014/11/24 02:19] ben |
ldap_openldap [2014/11/24 02:20] (current) ben |
||
---|---|---|---|
Line 4: | Line 4: | ||
OpenLDAP provides a place to store central user accounts and other configuration information which multiple machines can read. The advantages are that all machines on the network have a consistent view of user accounts, UIDs, passwords etc, and they are very easy to maintain. | OpenLDAP provides a place to store central user accounts and other configuration information which multiple machines can read. The advantages are that all machines on the network have a consistent view of user accounts, UIDs, passwords etc, and they are very easy to maintain. | ||
- | LDAP can also store configuration for <tt>sudo</tt>, as well as Samba configuration and postfix mail routing. | + | LDAP can also store configuration for '' |
This guide walks through setting up the LDAP services used at sihnon.net, which includes one master LDAP server (ldap.sihnon.net) and one slave (ldap-slave.sihnon.net). | This guide walks through setting up the LDAP services used at sihnon.net, which includes one master LDAP server (ldap.sihnon.net) and one slave (ldap-slave.sihnon.net). | ||
Line 54: | Line 54: | ||
{{File|/ | {{File|/ | ||
- | Put the password for the account specified by rootdn in <tt>/ | + | Put the password for the account specified by rootdn in '' |
{{File|/ | {{File|/ | ||
Line 77: | Line 77: | ||
===== Cached Credentials ===== | ===== Cached Credentials ===== | ||
- | The setup described above requires a permanent connection to an LDAP server, else noone will be able to log in. On a local network, you can get around this with redundant LDAP servers, but for a laptop which leaves the network the problem is critical. Fortunately, | + | The setup described above requires a permanent connection to an LDAP server, else noone will be able to log in. On a local network, you can get around this with redundant LDAP servers, but for a laptop which leaves the network the problem is critical. Fortunately, |
{{Root|< | {{Root|< | ||
Line 130: | Line 130: | ||
==== I have no name! ==== | ==== I have no name! ==== | ||
Check the following | Check the following | ||
- | * Make sure that <tt>/ | + | * Make sure that '' |
- | * Make sure that <tt>/ | + | * Make sure that '' |
* Make sure that the CA certificate file is world readable. | * Make sure that the CA certificate file is world readable. | ||
==== Getent passwd returns no LDAP accounts ==== | ==== Getent passwd returns no LDAP accounts ==== | ||
- | If root can run <tt>getent passwd</ | + | If root can run '' |
* Check that the SSL CA certificates are world-readable | * Check that the SSL CA certificates are world-readable | ||
- | * Try raising the debug level for <tt>slapd</ | + | * Try raising the debug level for '' |
==== Sudo refuses to search LDAP ==== | ==== Sudo refuses to search LDAP ==== | ||
- | Sudo 1.7.0 now uses <tt>nsswitch.conf</ | + | Sudo 1.7.0 now uses '' |
===== See also ===== | ===== See also ===== |