SAC:betawebsite

This is setup of Cloud server osgeo.public.cloudvps.com

It is a debian 8, 4GB, 160 HDD server.

These are the steps I did after it was created in attempt to implement LDAP

First I installed updates

apt-get update apt-get upgrade apt-get install libpam-ldap nscd apt-get install libnss-ldap #not sure if this one is needed apt-get install sudo

Then to try the ldap

https://wiki.debian.org/LDAP/PAM

1) edit /etc/ldap/ldap.conf (copied from osgeo6)    BASE    dc=osgeo, dc=org    URI     ldaps://ldap.osgeo.org/    #SIZELIMIT      12    #TIMELIMIT      15    #DEREF          never    TLS_CHECKPEER yes    TLS_REQCERT demand    TLS_CACERT /etc/ssl/certs/STAR_osgeo_org.ca-bundle  #this file you need to copy from osgeo6 as well    pam_groupdn cn=telascience,ou=Shell,dc=osgeo,dc=org  #not though telascience is defunct so not sure what that cn    nss_base_passwd ou=People,dc=osgeo,dc=org    nss_base_shadow ou=People,dc=osgeo,dc=org    nss_base_group  ou=Group,dc=osgeo,dc=org    ldap_version 3    pam_password md5    bind_policy soft

2) Copy contents of /etc/nslcd.conf from osgeo6

nano /etc/ssh/sshd_config

(it will prompt for services you want to use ldap for ) Selections will be written to /etc/nsswitch.conf

after conf looked like this

after conf looked like this

# /etc/nsswitch.conf #   # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file.

passwd:        compat ldap group:         compat ldap shadow:        compat gshadow:       files

hosts:         files dns networks:      files

protocols:     db files ldap services:      db files ldap ethers:        db files rpc:           db files

netgroup:      nis aliases:       ldap

3) pam-auth-update Make sure both Unix and LDAP authentication are checked 4) /etc/init.d/nscd restart /etc/init.d/nslcd restart /etc/init.d/ssh restart Should output something like this: [ ok ] Restarting ssh (via systemctl): ssh.service.

5) Verify server can do ldap queries with Osgeo by running something like this

ldapsearch -x uid=robe

6) For some reason nlscd fails with password invalid, unless I create a local account matching the Osgeo user (doesn't matter the password) so did

useradd robe adduser robe sudo

To be able to log in

This worked fine and gave answers as expected.

I can now log in with OSGeo account.

Also added strk, wildintellect, osgeotest2 (for getinteractive), martin for sudo.

wildintellect confirmed he can log in with his OSGeo ldap account.