The name service switch
The name service switch
We already stored user and group data in the ldap directory. These data have to be visible to your unix system. Remember that you can see the owner and group names of files with "ls -l". The goal is that the system automatically queries the ldap directory. If you remember, the nsswitch.conf is usually the configuration file where the various databases for such "name services" are configured. Usually the databases are "files" or "nis" or "dns". We add ldap now. We need the nss_ldap package. Check with rpm:
rpm -ql nss_ldap
Install it if it is not there. Edit the nsswitch.conf and change the lines to:
passwd: files ldap
group: files ldap
Next edit the /etc/ldap.conf:
host ldapserver.redflo.de base dc=redflo,dc=de ldap_version 3
more details in "man nss_ldap".
To test the nss_ldap we use the command:
getent passwd
It should print out all local accounts (/etc/passwd, database "files") and the all ldap accounts. If you have problems try to switch on logging on your ldap server.
I encountered another problem: If you use the name service caching daemon (nscd) then it can be possible that it does not answer correctly to our ldap queries: The
getent passwd
works, but if you try
getent passwd joe
and if joe is only in the ldap database then it may be possible that nscd does not answer this question. In this case restart or switch off nscd - this is under investigation at the moment.
Created by admin. Last Modification: Wednesday 28 of December, 2005 23:45:41 UTC by admin.
Category: UNIX
-
wiki page:
- How to use Microsoft Active Directory with postfix
- inserting the first object in your ldap directory
- Installing the mailsystem packages
- Integrating LDAP in your unix system
- Introduction
- Kerberizing kadmin
- Kerberizing sshd
- Kerberos setup
- LDAP
- LDAP schema files
- logging
- Motivation
- nss_ldap security
- OpenLDAP config files
- Other documentation
- performing a first ldap query
- PerfParse
- populating the directory
- Postfix and cyrus imapd and kerberos and LDAP
- Setting up a kerberos client machine
- Setting up your Kerberos servers
- SIngle sign on (SSO) first try
- SSO and Central Administration with Kerberos and LDAP
- Start the kerberos servers
- The configuration files
- The name service switch
- Tweak pam
- Understanding Kerberos
- Understanding Kerberos pt. 2
- Webserver Stress Test Tools
- What is LDAP?
- What the heck is pam?
- What we need
- What we want
- Audience
- Authenticating
- Bash script with timeout function
- Check Processes
- Check your installation
- Choosing a Realm
- configure your mail client
- Configuring and understanding pam
- configuring cyrus imapd
- configuring postfix
- Connect to kadmind and have a look into the database
- Creating the kerberos database
- Edit the Kerberos Admin Server ACL config
- Edit the kerberos client config file
- Edit the kerberos server config file
- Excursus to principals
- exploring schemas
- Fight Image Spam
- Fight Spam best practice
- adding a group
- Adding principals and authenticating
- Another principal
- nss with Solaris 10
- SerialConsole
![[toggle]](javascript:icntoggle('mod-ApplicationMenul2','module.png'); "[toggle]"){kind=small}
Sidebar
Wiki
Image Galleries
Powered by TikiWiki CMS/Groupware |
Theme: Strasa
[ Execution time: 0.72 secs ] [ Memory usage: 6.96MB ] [ 61 database queries used in 0.0 secs ] [ Server load: 0.02 ]