LDAP Notes

LDAP has been on my list of "things to play with" for a long time, and now that I've finally gotten around to it, I've documented it here for others to follow. Enjoy!

Overview

base dn: dc=nerdcircus,dc=org
minimal anonymous access, no information leaks. (see LDAPServerACLs)
All traffic SSL encrypted
All communication done over ldaps://, or with StartTLS (so it's all encrypted)
LDAP Replica established for redundancy (replication also SSL encrypted)
Clients configured to use both master and replica ldap servers (for redundancy)
LDAP user ids begin at 1000
LDAP group ids begin at 1000
PAM/NSS
- pam/nss binds anonymous
- Configuring PAM to allow LDAP users to log in
- Configuring PAM to restrict to a group of LDAP users
- Configuring PAM-enabled services, like ssh

The Process

LDAPServerConfig : what's in my slapd.conf, and why its there.
LDAPServerACLs : Access control gets it's own page.
LDAPClientConfig : how to set up clients to talk to the ldap server.
- LDAPClientPam
- LDAPClientNss

Unless otherwise noted, all content is copyright Marc Dougherty and is subject to a Creative Commons license.

LdapNotes

LDAP Notes

Overview

The Process