[Fedora-directory-users] Debian client to FDS howto

Steven Jones Steven.Jones at vuw.ac.nz
Thu Sep 13 20:45:01 UTC 2007 

I have written the below, if it is helpful/correct by all means place it
on FDS wiki.


Debian client setup

Important notes

There would seem to be at least 2 places (if not three) containing
information for ldap. In order to make Debian 4 work I have deleted 2
and sym linked. It is possible on patching Debian that these files maybe
restored and LDAP authentication will no longer work. 

There may well be an official method to setup Debian but I have not been
able to locate one via Google.

Ldap client setup (command line method)

Move to the ldap directory and backup the ldap.conf file.

cd /etc/ldap/ ; cp ldap.conf orig-ldap.conf

add/edit /etc/ldap/ldap.conf,

===========
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04
19:57:01 kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
host xxxx.195.87.249
base dc=xxxx,dc=ac,dc=nz
ssl no
TLS_CACERTDIR /etc/openldap/cacerts
pam_password exop
#pam_password md5
HOST xxx.195.87.249
BASE dc=xxxx,dc=ac,dc=nz
===========

cd /etc/ and back up pam_ldap.conf

cp /etc/pam_ldap.conf /etc/orig-pam_ldap.conf

and delete this file and link it to /etc/ldap/ldap.conf

ln -s /etc/ldap/ldap.conf /etc/pam_ldap.conf

cd /usr/share/libpam-ldap/ ;  mv ldap.conf orig-ldap.conf

ln -s /etc/ldap/ldap.conf /usr/share/libpam-ldap/ldap.conf


At this point the ldapsearch tool and pam should be querying the LDAP
server and this will show up in the access log.

ssh

We will start with using ssh vi LDAP,

cd /etc/ssh and more sshd_config and make sure, "UsePAM yes" is present,
if not add it (should be there by default).

cd /etc/pam.d/ to set up the ssh file for pam. Add in these lines at the
beginning of the file,

#allow ldap
auth       sufficient   pam_ldap.so
account    sufficient   pam_ldap.so
session    sufficient   pam_ldap.so
password   sufficient   pam_ldap.so

restart ssh with /etc/init.d/ssh restart

ssh logins should now work OK.

regards

Steven

More information about the Fedora-directory-users mailing list