Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse-autoinstall (68 mails)

< Previous Next >
[opensuse-autoinstall] ldap questions
  • From: Henrik Schmidt <hbs@xxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 17 Mar 2009 15:03:11 +0100
  • Message-id: <49BFAD9F.5050403@xxxxxxxxxxxxxxxxxxxxxxxxxx>
I use something like this in my 11.1 config file for my ldap clients

<ldap>

<base_config_dn>ou=ldapconfig,dc=ks,dc=mydomain,dc=uni-kiel,dc=de</base_config_dn>
<bind_dn>cn=admin,dc=ks,dc=mydomain,dc=uni-kiel,dc=de</bind_dn>
<create_ldap config:type="boolean">false</create_ldap>
<file_server config:type="boolean">false</file_server>
<ldap_domain>dc=ks,dc=mydomain,dc=uni-kiel,dc=de</ldap_domain>
<ldap_server>XXX.XXX.XXX.XXX</ldap_server>
<ldap_tls config:type="boolean">true</ldap_tls>
<ldap_v2 config:type="boolean">false</ldap_v2>
<login_enabled config:type="boolean">true</login_enabled>
<member_attribute>member</member_attribute>

<nss_base_group>ou=group,dc=ks,dc=mydomain,dc=uni-kiel,dc=de</nss_base_group>

<nss_base_passwd>ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de</nss_base_passwd>

<nss_base_shadow>ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de</nss_base_shadow>
<pam_password>crypt</pam_password>
<start_autofs config:type="boolean">true</start_autofs>
<start_ldap config:type="boolean">true</start_ldap>
</ldap>

/etc/ldap.conf is auto generated :

# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl start_tls
ldap_version 3
pam_filter objectClass=posixAccount
nss_base_passwd ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de
nss_base_shadow ou=people,dc=ks,dc=mydomain,dc=uni-kiel,dc=de
nss_base_group ou=group,dc=ks,dc=mydomain,dc=uni-kiel,dc=de
tls_checkpeer no
#ssl on

Two questions :

1. Why is tls_checkpeer set to "no" or set at all ? I want have it
either enabled or not set at all so that the configuration in
/etc/openldap/ldap.conf is used as default.
2. Is "objectClass" in pam_filter objectClass=posixAccount spelled
correctly ? I think it should be spelled objectclass with a small c.



--
To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-autoinstall+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups