System Authentication - Installation

Install from PADL <http://www.padl.com/>
  • pam_ldap <http://www.padl.com/pam_ldap.html>
  • nss_ldap <http://www.padl.com/nss_ldap.html>

/etc/ldap.conf


BASE        dc=foo,dc=com
HOST        ldap.server.com
pam_crypt   local

/etc/nsswitch.conf

Add ldap to the passwd, shadow and group entries in /etc/nsswitch.conf. Be aware of the effects of putting it first or last.

/etc/pam.d

Need similar for every app you want to use ldap

/etc/pam.d/ssh

From RedHat 6.2

#%PAM-1.0
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_pwdb.so shadow nullok try_first_pass
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so
password   sufficient   /lib/security/pam_ldap.so
password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
session    sufficient   /lib/security/pam_ldap.so
session    required     /lib/security/pam_pwdb.so