Openldap TLS

Openldap enabled TLS protocol


Need to change the following four configuration files:


vi /etc/openldap/ldap.conf

# add at the last line

# LDAP server's URI

URI ldap://ldap.csdn.net/


# specify Suffix

BASE dc=csdn,dc=net

TLS_CACERTDIR /etc/openldap/certs


vi /etc/nslcd.conf


# line 131: specify URI, Suffix

uri ldap://192.168.7.179

base dc=csdn,dc=net

#ssl start_tls

tls_cacertdir /etc/openldap/certs



vi /etc/pam_ldap.conf

# line 17: make it comment

# host 127.0.0.1

# line 20: specify Suffix

base dc=csdn,dc=net

# add at the last line

uri ldap://192.168.7.179

#ssl start_tls

tls_cacertdir /etc/openldap/certs

pam_password md5


#vi /etc/pam.d/system-auth

auth sufficient pam_ldap.so use_first_pass

account [default=bad success=ok user_unknown=ignore] pam_ldap.so

password sufficient pam_ldap.so use_authtok

session optional pam_ldap.so

# add if you need ( create home directory automatically if it's none )

session optional pam_mkhomedir.so skel=/etc/skel umask=077


#vi /etc/nsswitch.conf

passwd: files ldap # line 33: add

shadow: files ldap # add

group: files ldap # add

netgroup: ldap # line 57: change

automount: files ldap # line 61: change


warning:

This place must use ldap,If is sss this setting is not successful


#vi /etc/sysconfig/authconfig

USELDAP= yes # line 18: change


set to run on startup:

#chkconfig nslcd on

#shutdown -r now


你可能感兴趣的:(安装,tls,openLdap,openLdap)