Setting up LDAP/SSL during kickstart

Thu Sep 6 14:49:35 UTC 2007

Hi,

Thanks for reviewing.

I'm on RHEL4 and was having all sorts of weird issues with using 
auth/authconfig.

Does TLS == SSL for LDAP?

Cheers,
Harry

mups.cp wrote:
> The kickstart auth option allow set must tyhe options you are settings
> into %post.
> http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Installation_Guide-en-US/s1-kickstart2-options.html
> has all you need. Look for auth/authconfig
> 
> 
>> %post
>> # Setup LDAP
>> #
>> # equiv to running setup tool
>> authconfig --kickstart --enableshadow --enablemd5 --enableldap
>> --enableldapauth --ldapserver ldap.yourdomain.com --ldapbasedn
>> dc=yourdomain,dc=com
> 
> Use this out %post. Look the link above.
> 
> 
>> #
>> # Turn SSL on in the config files
>> perl -p -i -e 's/^ssl no/ssl on/g' /etc/ldap.conf
>> echo "tls_cacertfile /etc/openldap/cacerts/cacert.asc" >> /etc/ldap.conf
>> echo "URI ldaps://ldap.yourdomain.com" >> /etc/openldap/ldap.conf
> 
> Again, no necessary if using the above --enableldaptls.
> 
>> #
>> # Create a directory to hold our Cert Auth certificate
>> mkdir -p /etc/openldap/cacerts
>> # Download the CA certificate
>> wget -O /etc/openldap/cacerts/cacert.asc http://INSTALL_SERVER/cacert.asc
>> #
> OK
> 
>> # Have PAM autocreate home directories upon login
>> echo "session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
>> umask=0077" >> /etc/pam.d/system-auth
> 
> This is useful only if users connect through ssh.
> Through samba use root preexec to create home dir automaticly.
> For Linux clients use autofs.
> 
>> #
>> # Ensure that local authorization is enough to get on the system
>> # (i.e. root can login)
>> perl -p -i -e 's/^USELOCAUTHORIZE=no/USELOCAUTHORIZE=yes/'
>> /etc/sysconfig/authconfig
> 
> My system works without change this.
> 
> _______________________________________________
> Kickstart-list mailing list
> Kickstart-list at redhat.com
> https://www.redhat.com/mailman/listinfo/kickstart-list