LDAP Notes
LDAP has been on my list of "things to play with" for a long time, and now that I've finally gotten around to it, I've documented it here for others to follow. Enjoy!
Overview
- base dn: dc=nerdcircus,dc=org
- minimal anonymous access, no information leaks. (see LDAPServerACLs)
- All traffic SSL encrypted
- All communication done over ldaps://, or with StartTLS (so it's all encrypted)
- LDAP Replica established for redundancy (replication also SSL encrypted)
- Clients configured to use both master and replica ldap servers (for redundancy)
- LDAP user ids begin at 1000
- LDAP group ids begin at 1000
- PAM/NSS
-
- pam/nss binds anonymous
- Configuring PAM to allow LDAP users to log in
- Configuring PAM to restrict to a group of LDAP users
- Configuring PAM-enabled services, like ssh
The Process