FW: ppolicy in openldap

m.roth2006 at rcn.com m.roth2006 at rcn.com
Tue Jan 13 17:03:49 UTC 2009


---- Original message ----
>Date: Tue, 13 Jan 2009 10:04:24 -0600
>From: "Allgood, John" <jallgood at ohl.com>  
>Thanks for the response.

>I found some rpms for the newer version of ldap from here
>http://staff.telkomsa.net/packages/rhel5/openldap and I just installed
>them. Looks like a lot of changes in this version. We are trying to
>implement and single signon system for our services and thought ldap
>would be a good choice. You mentioned using PAM with ldap can you
>provide me with a little more on that.

Right. *sigh* Wish I'd sent a copy of my instructions that I documented to myself before I left my last contract.

<Digs into memory>
First, you need to edit nsswitch for passwd and shadow, at least, to point to ldap then files.

Then you need to edit (or create) an /etc/pam_ldap.conf
There also needs to be an ldap.conf, to point to the openldap server. This may, or may not, be in /etc/openldap.

Finally, you need to edit /etc/pam.d/system-auth, and insert 
for auth, and account (I think, and password, and *maybe* session, before the line for pam_unix.so, one for pam_ldap.so

I think that's what you need. I don't guarantee I haven't missed something....


More information about the redhat-list mailing list