LdapNotes
LDAP Notes
LDAP has been on my list of "things to play with" for a long time, and now that I've finally gotten around to it, I've documented it here for others to follow. Enjoy!
Overview
- base dn: dc=nerdcircus,dc=org
- minimal anonymous access, no information leaks. (see LDAPServerACLs)
- All traffic SSL encrypted
- All communication done over ldaps://, or with StartTLS (so it's all encrypted)
- LDAP Replica established for redundancy (replication also SSL encrypted)
- Clients configured to use both master and replica ldap servers (for redundancy)
- LDAP user ids begin at 1000
- LDAP group ids begin at 1000
- PAM/NSS
- pam/nss binds anonymous
- Configuring PAM to allow LDAP users to log in
- Configuring PAM to restrict to a group of LDAP users
- Configuring PAM-enabled services, like
ssh
The Process
- LDAPServerConfig : what's in my slapd.conf, and why its there.
- LDAPServerACLs : Access control gets it's own page.
- LDAPClientConfig : how to set up clients to talk to the ldap server.
Unless otherwise noted, all content is copyright Marc Dougherty and is subject to a Creative Commons license.