LDAP Client NSS Configurationthe nss-ldap module allows ldap users to appear correctly when doing normal system tasks, like an ls -l. Again, the configuration for nss-ldap is usually in /etc/ldap.conf, but depending on distro, may appear in /etc/libnss-ldap.conf. Config File Contents
uri ldaps://ldap.example.com base dc=example,dc=com ldap_version 3 scope one timelimit 30 bind_timelimit 30
nss_base_passwd ou=People,dc=example,dc=com?one nss_base_shadow ou=People,dc=example,dc=com?one nss_base_group ou=Groups,dc=example,dc=com?one There are several other nss_base_* options, but they have been omitted, since we're not using them. The above lines tell the nss-ldap module where in the LDAP directory it should look to find information from the normal unix facilities like /etc/passwd, /etc/shadow, and /etc/group To increase performance, you may also wish to run nscd, the name service caching daemon. This will decrease the number of queries to the ldap server, and increase the responsiveness of the client. (yes, nss configuration is much simpler than pam) |