Openldap enabled TLS protocol
Need to change the following four configuration files:
vi /etc/openldap/ldap.conf
# add at the last line
# LDAP server's URI
URI ldap://ldap.csdn.net/
# specify Suffix
BASE dc=csdn,dc=net
TLS_CACERTDIR /etc/openldap/certs
vi /etc/nslcd.conf
# line 131: specify URI, Suffix
uri ldap://192.168.7.179
base dc=csdn,dc=net
#ssl start_tls
tls_cacertdir /etc/openldap/certs
vi /etc/pam_ldap.conf
# line 17: make it comment
# host 127.0.0.1
# line 20: specify Suffix
base dc=csdn,dc=net
# add at the last line
uri ldap://192.168.7.179
#ssl start_tls
tls_cacertdir /etc/openldap/certs
pam_password md5
#vi /etc/pam.d/system-auth
auth sufficient pam_ldap.so use_first_pass
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
password sufficient pam_ldap.so use_authtok
session optional pam_ldap.so
# add if you need ( create home directory automatically if it's none )
session optional pam_mkhomedir.so skel=/etc/skel umask=077
#vi /etc/nsswitch.conf
passwd: files ldap # line 33: add
shadow: files ldap # add
group: files ldap # add
netgroup: ldap # line 57: change
automount: files ldap # line 61: change
warning:
This place must use ldap,If is sss this setting is not successful
#vi /etc/sysconfig/authconfig
USELDAP= yes # line 18: change
set to run on startup:
#chkconfig nslcd on
#shutdown -r now