Dashboard > Linux > LDAP SSL and SUSE
Linux Log In   View a printable version of the current page.
LDAP SSL and SUSE
Browse Space    
Added by Alex Polvi, last edited by Alex Polvi on Nov 30, 2004  (view change)
Labels: 
(None)

The systems that this was tested on ran SUSE 9.2, but it should work on all 9.* SUSE releases.

YaST

This tool did not like ldaps://ldapserver/ sort of URLs. It is possible that the problem was on my end, but in the end I found it easier to edit the configs all by hand. However, you will need to install the following packages:

Install:

pam_ldap
nss_ldap

/etc/openldap/ldap.conf

You will have to tune this for your particular install. The config will be independent of distribution so you can copy it from another system. Here is what ours looks like:

BASE          dc=example, dc=com
URI           ldaps://ldap1.example.com/ ldaps://ldap2.example.com/

TLS_CACERT    /etc/openldap/ssl/example-ldap-cacert.pem
TLS_REQCERT   demand

Simple ldapsearch's should work now

/etc/ldap.conf

This file ended up being the exact same as /etc/openldap/ldap.conf.

/etc/nsswitch.conf

The following lines should read:

passwd: compat  ldap
group:  compat ldap

getent should return ldap users and groups now

/etc/security/pam_unix2.conf

Should read:

auth:           use_ldap
account:        use_ldap
password:       use_ldap
session:        none

Users should be able to use ldap credentials now

Finishing up

One machine worked after I made these changes, but another required a reboot.

Good luck!
Site powered by a free Open Source Project / Non-profit License (more) of Confluence - the Enterprise wiki.
Learn more or evaluate Confluence for your organisation.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.2.7 Build:#524 Jul 28, 2006) - Bug/feature request - Contact Administrators