Hi all,
I have a serious problem with openldap. I cannot ssh to server with user "testuser" that I define in ldif file.
These are the steps I do:
1. Install openldap24-server
2.
3.
4.
5.
6.
7.
I have a serious problem with openldap. I cannot ssh to server with user "testuser" that I define in ldif file.
These are the steps I do:
1. Install openldap24-server
2.
Code:
#ee /usr/local/etc/slapd.conf
.
.
.
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
security ssf=128
TLSCertificateFile /root/certificate/cert.pem
TLSCACertificateFile /root/certificate/cert.pem
TLSCertificateKeyFile /root/certificate/private.key
.
.
.
3.
Code:
ee /usr/loccal/etc/openldap/ldap.conf
BASE dc=example,dc=com
URI ldap://t5.example.com
SIZELIMIT 12
TIMELIMIT 15
DEREF never
ssl start_tls
TLS_REQUEST never
tls_cacert /root/certidicate/cert.pem
4.
Code:
ee /usr/local/etc/ldap.conf
# LDAP client config
host t5.example.com
#host 192.168.*.*
#uri ldap://t5.example.com/
uri ldap://192.168.*.*/
base dc=example,dc=com
port 389
SIZELIMIT 12
TIMELIMIT 15
DEREF never
TLS_CACERT /root/certificate/cert.pem
ssl start_tls
tls_checkpeer no
suffix dc=example,dc=com
binddn uid=ldapclient$,ou=People,dc=example,dc=com
bindpw secret
scope sub
timelimit 5
bind_timelimit 5
nss_reconnect_tries 2
pam_login_attributes uid
pam_member_attributes cn
pam_password MD5
nss_base_passwd ou=People,dc=example,dc=com
nss_base_shadow ou=People,dc=example,dc=com
Code:
#ee /etc/pam.d/sshd and
ee /etc/pam.d/system
auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass
Code:
/
ee /etc/nsswitch.conf
#group: compat
group: files ldap
group_compat: nis
hosts: files dns
networks: files
#passwd: compat
passwd: files ldap
Code:
ee example.ldif
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
o: example
dc: example
dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Groups,dc=example,dc=com
ou: Groups
objectClass: top
objectClass: organizationalUnit
dn: ou=Roles,dc=example,dc=com
ou: Roles
objectClass: top
objectClass: organizationalUnit
dn: cn=customers,ou=Groups,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: customers
gidNumber: 5001
dn: uid=testuser,ou=People,dc=example,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: testuser
cn: Test User
sn: TestUser
givenName: Test
displayName: Testuser
uidNumber: 5001
gidNumber: 5001
gecos: Testuser
homeDirectory: /home/testuser
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
mail: testuser@example.com
postalCode: 2132DL
l: Hoofddorp
o: Voorbeeld
mobile: 0616xxx
homePhone: 3123xxxxx
title: System Tester
postalAddress:
initials: TU
loginShell: /bin/sh
shadowExpire: -1