[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Setting up LDAP/SSL during kickstart
- From: Harry Hoffman <hhoffman ip-solutions net>
- To: Discussion list about Kickstart <kickstart-list redhat com>
- Subject: Setting up LDAP/SSL during kickstart
- Date: Wed, 05 Sep 2007 17:08:06 -0400
Hi Everyone,
so, I'd originally asked about setting up ldapssl with kickstart. I
didn't get any answers so I figured I'd post what I did just in case
other ppl are having trouble:
This all happens in the %post section
%post
# Setup LDAP
#
# equiv to running setup tool
authconfig --kickstart --enableshadow --enablemd5 --enableldap
--enableldapauth --ldapserver ldap.yourdomain.com --ldapbasedn
dc=yourdomain,dc=com
#
# Turn SSL on in the config files
perl -p -i -e 's/^ssl no/ssl on/g' /etc/ldap.conf
echo "tls_cacertfile /etc/openldap/cacerts/cacert.asc" >> /etc/ldap.conf
echo "URI ldaps://ldap.yourdomain.com" >> /etc/openldap/ldap.conf
#
# Create a directory to hold our Cert Auth certificate
mkdir -p /etc/openldap/cacerts
# Download the CA certificate
wget -O /etc/openldap/cacerts/cacert.asc http://INSTALL_SERVER/cacert.asc
#
# Have PAM autocreate home directories upon login
echo "session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0077" >> /etc/pam.d/system-auth
#
# Ensure that local authorization is enough to get on the system
# (i.e. root can login)
perl -p -i -e 's/^USELOCAUTHORIZE=no/USELOCAUTHORIZE=yes/'
/etc/sysconfig/authconfig
That's all it took for me.
Cheers,
Harry
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]