Authenticating Linux against OSX LDAP directory
[ link: osx-ldap-authentication | tags: osx linux ubuntu ldap | updated: Mon, 30 Jun 2008 09:21:13 ]
I was recently asked by a colleague, and now also a client, to look over the LDAP configuration on his Ubuntu boxen. He was having
issues with the root account. The problem turned out being that the Ubuntu box was trying to get the root authentication from LDAP.
It successfully found an LDAP account on the OSX LDAP server, but was unable to login since that account is disabled. The solution
was to filter out the root account from the LDAP reply using the pam_filter directive in /etc/ldap.conf. Jay was also kind enough
to document his setup for others that are trying to accomplish a
similar task.
side note: Jay briefly showed me his OSX/Linux integration... looks pretty cool. Particularly the LDAP directory and automount of OSX exported volumes for users. OSX seems to make certain things really easy.
ldap account management
[ link: filter-ldap-accounts-by-host | tags: ldap linux debian | updated: Mon, 12 Jun 2006 22:52:00 ]
Ok, so in last eppisode we looked at how my Debian/testing upgrade of slapd killed my
slapd install because I was using two incompatible schemas.
Now, I will show you how to limit what accounts are accessible to pam_ldap module on each host.
stupid ldap
[ link: ldap-upgrade-to-2.3.23-brakage | tags: ldap linux debian | updated: Mon, 12 Jun 2006 20:43:06 ]
For some very stupid reason I decided to upgrade my fileserver, which happens to run my ldap database as well.
Setting up slapd (2.3.23-1) ...
Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.2.26-5... done.
Moving old database directories to /var/backups:
Backup path /var/backups/dc=jukie-2.2.26-5.ldapdb exists. Giving up...
dpkg: error processing slapd (--configure):
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
slapd
E: Sub-process /usr/bin/dpkg returned an error code (1)
Frig!
ldap on debian
[ link: 20050925130002 | tags: linux debian ldap | updated: Sun, 25 Sep 2005 13:00:02 ]
I've started writing a debian authentication from ldap tutorial. Here is the unfinished text:
I've seen a much more ass kicking one on Planet Debian recently from Edd Dumbill. Here is a link:
LDAP authentication (part 1)
[ link: 20050108095026 | tags: linux debian ldap | updated: Sat, 08 Jan 2005 09:50:26 ]
. Wasted some time this week converting my server to LDAP directories and renumbering UIDs/GIDs to the "Debian numbering ranges" from the RedHat ranges that I have lived with for 7 years -- I have a lot of data to migrate over to the new IDs... data is intact. LDAP is so ugly after you used SQL, and is a bitch to setup, but after a few hours I managed to get it working with PAM and NSS. I will have to document my steps because I had to read ~10 documents on the web to finally get things working -- the Debian packages do not do all the work for you in this case. I still don't have my desktops setup the way I want, but the vservers can feed from LDAP for user IDs (for ssh logins and lookup when you do things like ls -l or id). And there is always the issue of what is to be done with the mobile machine... I think I will just use ssh-fs (via fuse) and not worry about having a common . Stay tuned for further details :)