Skip to main content

Thread: Fully functional LDAPS client deployment on Ubuntu Server 9.1

-

i spent many hours , use of plethora of somewhat-contradictory tutorials , webpages achieve functional ldap-integrated login using ldap on ssl (ldaps://) on ubuntu server 9.1. i've gotten right, i'd share benefit of future hapless ldap-setter-uppers me looking ldaps functional.

not going cover setting openldap, tutorials can found many other places, , have found them in agreement , functional. tutorial assumes have functional ldap server configured ssl , listening on port 636.

*log soon-to-be ldap client. need install nss-ldap
sudo apt-get install libnss-ldap

after usual prompts how additional disk space used, enter pseudo-gui setup screen.
please enter uri of ldap server use
ldaps://<your server name or ip>/
please enter distinguished name of ldap search base.
dc=yourserver,dc=example,dc=com
ldap version use
should 3
make local root database admin:
have configured no. need know own information privileged ldap user if wish use yes. necessary if use linux user commands modify ldap entries.
ldap database require login?
no.
explanation of various crypt options
local crypt use when changing passwords:
select exop

if make mistakes during process, or need change anything, possible make changes via various .conf files, can use sudo dpkg-reconfigure ldap-auth-config screen prompts again.

(i have automated process using debconf-utils seed files. can expound on if people interested. purpose, have scripted process configure ldaps authentication on hundreds of servers.)

need configure 3 configuration files now: /etc/nsswitch.conf, /etc/ldap.conf, /etc/ldap/ldap.conf

sudo vi /etc/nsswitch.conf (or of course preferred text editor)
want change following lines:

passwd: compat
group: compat
shadow: compat

to
passwd: files ldap
group: files ldap
shadow: files ldap

save these changes. (i found compat ldap rather files ldap successful.)

check /etc/ldap.conf preferred text editor, , ensure contains following lines:

base dc=yourserver,dc=example,dc=com
uri ldaps://<your server name or ip>/

, ensure there no line not commented out starts "host"
these settings should have been set correctly prompts @ time of installing libnss-ldap

need copy certificate openldap server client. make sure copy certificate referenced in openldap configuration (slapd.conf) "tlscacertificatefile yourcert.pem". copied /etc/ldap/certs, can put anywhere long know on client machine.

now, use favorite text editor open /etc/ldap/ldap.conf , edit have following lines:

base dc=yourserver,dc=example,dc=com
uri ldaps://<your server name or ip>/
tls_cacert /etc/ldap/certs/yourcert.pem
tls_reqcert never

other tutorials have found suggest allowing rls_reqcert, broke ldaps setup , led lot of headaches looking problem.

save, , should have functional ldaps installation. type

getent passwd

, should see listing of ldap users.

if make ldap user sudoer client, can use
adduser ldapusername admin



Forum The Ubuntu Forum Community Other Discussion and Support Tutorials Outdated Tutorials & Tips Fully functional LDAPS client deployment on Ubuntu Server 9.1


Ubuntu

Comments

Post a Comment

Popular posts from this blog

Joomla site hacked, cant see front and - Joomla! Forum - community, help and support

-
hi all; here thing: i went see site because haven't visited week or 2 , surprised when saw white page some provocation written on tab , acronym of attacker on page. i log on ftp server see if files there , found vital data remind safe. i tried put site off line got same hackers index.html file displaying when press "preview" button in joomla admin. deleted index.html file , tried check offline site option again. time got offline page. but problem resumes when put site online... white page, nothing else written. site date, , joomla updated v. 1.5.10 few days back. virtuemart commponent installed, newest v. 1.1.3 do need install fresh joomla copy , overwrite files previous including data base, or can avoid job fixing index.html on front end. i didn't make backup copy of site, i'll if not working save date in case potential hacker delete server... any suggestions? check template index.html file (edit html in template manager active template) usual source of hacking...
Read more

Christian Home School Programs - Joomla! Forum - community, help and support

-
Image
hello guys, (my first custom template) i got son in accelerated christian home school program. they did not have web site designing , hosting cover fees in trade. website: christian home school programs i've not got content published... the graphics imagination i've installed jumi i have directphp installed mostly custom css layout , i've used css purity seo, christian home shool - 200 million+ organics i have optimized code behind visual design crawlers. any thoughts / recommendations? i'm new custom templating in joomla ears open gurus of joomla richard hey, well done on first custom template. i don't background... @ all. think should going more professional look, maybe isnt repeating on both x , y axis, , isnt shade of blue. as far content goes, there isnt much... site performance good. good luck tim Board index Joomla! Official Sites & Infrastructure Sites & Infrastructure - Feedback/Information ...
Read more

Trouble with PF_OutFlag_I_USE_AUDIO and PF_CHECKOUT_LAYER_AUDIO

-
i trying render graphical representation of layer's audio waveform. have seen this similar thread , problem checking out audio, cannot far.   in globalsetup function set out_flags thus..   out_data-> out_flags = pf_outflag_i_use_audio;   but in pf_cmd_frame_setup function, , pf_cmd_render function ( pf_cmd_smart_pre_render pf_cmd_smart_render)   the pf_indata src_snd structure empty , in_data->start_sampl == 0, in_data->dur_sampl == 0, in_data->total_sampl == 0     i missing something, appreciate guidance,   thanks   steve (london, uk - adobe plugin developers nearby?) More discussions in After Effects SDK adobe
Read more