swapger.blogg.se - Ldapsearch redhat

The /var directories created by the slapd install are ignored. Make a directory to hold the pid and Kerberos ticket cache.The simplest way to get the needed schema files is to copy them from AFS.Ĭp /afs/ir/service/directory/schema/* /etc/openldap/schema The slapd configuration needs some schema files that are not included with the Red Hat package.# Allow everything that can be retrieved to be read Include /etc/openldap/schema/eduperson.schema Include /etc/openldap/schema/suworkgroup.schema Include /etc/openldap/schema/suorg.schema Include /etc/openldap/schema/suapplication.schema Include /etc/openldap/schema/superson.schema Include /etc/openldap/schema/suacct.schema Include /etc/openldap/schema/stanford-oids.schema Include /etc/openldap/schema/krb5-kdc.schema Include /etc/openldap/schema/dyngroup.schema Include /etc/openldap/schema/inetorgperson.schema # and uses Kerberos to bind to the central LDAP service. Create a files based configuration by creating the file /etc/openldap/nf.

Make sure the the cn=config based configuration of the LDAP server is not in use by removing it from the system. Since the LDAP proxy configuration is so simple there is no need to use the cn=config dynamic configuration of OpenLDAP.

Yum install openldap-servers openldap-clients cyrus-sasl-gssapi Accept the defaults for the server and shut it down once the installation is complete. OpenAFS is not required and the homeDirectory values stored in the Stanford LDAP directory can be overridden using the PAM/NSS configuration. This is required if the home directories are on AFS. Wallet get -f /etc/krb5.keytab keytab host/

Download the keytab for the system using wallet.

See the Wallet documentation for detailed information. Wallet is used to download Kerberos keytabs.

Start by installing Kerberos and some utilities.

The mappings of LDAP attributes to Posix elements can be tailored to the requirements of the system. While the the introduction of an LDAP proxy server makes the configuration more complicated it results in a system that is quite flexible. The proxy makes a Kerberos bind to the directory, accepts anonymous binds from clients on the host, and PAM/NSS is configured to use the local LDAP proxy. The work around for this problem is to install a local LDAP server that is used as a proxy to the central Stanford LDAP service. The PAM/NSS LDAP packages available on Red Hat systems have the fundamental restriction that they do not support Kerberos binds to the directory.