LDAPClientNss
LDAP Client NSS Configuration
the nss-ldap
module allows ldap users to appear correctly when doing normal system tasks, like an ls -l
.
Again, the configuration for nss-ldap
is usually in /etc/ldap.conf
, but depending on distro, may appear in /etc/libnss-ldap.conf
.
Config File Contents
- standard ldap connection info...
uri ldaps://ldap.example.com base dc=example,dc=com ldap_version 3 scope one timelimit 30 bind_timelimit 30
- NSS-specific info...
nss_base_passwd ou=People,dc=example,dc=com?one nss_base_shadow ou=People,dc=example,dc=com?one nss_base_group ou=Groups,dc=example,dc=com?one
There are several other nss_base_*
options, but they have been omitted, since we're not using them.
The above lines tell the nss-ldap
module where in the LDAP directory it should look to find information from the normal unix facilities like /etc/passwd
, /etc/shadow
, and /etc/group
To increase performance, you may also wish to run nscd
, the name service caching daemon. This will decrease the number of queries to the ldap server, and increase the responsiveness of the client.
(yes, nss configuration is much simpler than pam)