Difference between revisions of "SAC:betawebsite"

From OSGeo
Jump to navigation Jump to search
(Created page with "This is setup of Cloud server osgeo.public.cloudvps.com It is a debian 8, 4GB , 160 HDD server. These are the steps I did after it was created in attempt to implement LDAP...")
 
Line 14: Line 14:
 
https://wiki.debian.org/LDAP/PAM
 
https://wiki.debian.org/LDAP/PAM
  
1) edit /etc/ldap/ldap.conf
+
1) edit /etc/ldap/ldap.conf (our instructions give a different cert for TLS_CACERT, I assumed it didn't matter since it seems to be a root certificate
 +
    BASE    dc=osgeo,dc=org
 +
    URI    ldaps://ldap.osgeo.org
  
BASE    dc=osgeo,dc=org
 
URI    ldaps://ldap.osgeo.org
 
  
 +
    #SIZELIMIT      12
 +
    #TIMELIMIT      15
 +
    #DEREF          never
  
#SIZELIMIT      12
+
    # TLS certificates (needed for GnuTLS)
#TIMELIMIT     15
+
    TLS_CACERT     /etc/ssl/certs/ca-certificates.crt
#DEREF          never
 
  
# TLS certificates (needed for GnuTLS)
 
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt
 
  
  
Line 63: Line 63:
  
  
3)  
+
 
 +
3) pam-auth-update
 +
Make sure both Unix and LDAP authentication are checked
 +
4)  
 
   /etc/init.d/nscd restart
 
   /etc/init.d/nscd restart
 
   /etc/init.d/ssh restart
 
   /etc/init.d/ssh restart
Line 70: Line 73:
 
[ ok ] Restarting ssh (via systemctl): ssh.service.
 
[ ok ] Restarting ssh (via systemctl): ssh.service.
  
4)
 
  
3) pam-auth-update
 
Make sure both Unix and LDAP authentication are checked
 
  
  
4) Verify server can do ldap queries with Osgeo by running something like this
+
5) Verify server can do ldap queries with Osgeo by running something like this
  
ldapsearch -x uid=robe
+
    ldapsearch -x uid=robe
  
 
This worked fine and gave answers as expected.
 
This worked fine and gave answers as expected.

Revision as of 07:53, 19 October 2017

This is setup of Cloud server osgeo.public.cloudvps.com

It is a debian 8, 4GB , 160 HDD server.

These are the steps I did after it was created in attempt to implement LDAP

First I installed updates

apt-get update apt-get upgrade

Then to try the ldap

https://wiki.debian.org/LDAP/PAM

1) edit /etc/ldap/ldap.conf (our instructions give a different cert for TLS_CACERT, I assumed it didn't matter since it seems to be a root certificate

   BASE    dc=osgeo,dc=org
   URI     ldaps://ldap.osgeo.org


   #SIZELIMIT      12
   #TIMELIMIT      15
   #DEREF          never
   # TLS certificates (needed for GnuTLS)
   TLS_CACERT      /etc/ssl/certs/ca-certificates.crt


2) apt-get install libpam-ldap nscd

nano /etc/ssh/sshd_config

(it will prompt for services you want to use ldap for ) Selections will be written to /etc/nsswitch.conf

after conf looked like this

   after conf looked like this
   # /etc/nsswitch.conf
   #
   # Example configuration of GNU Name Service Switch functionality.
   # If you have the `glibc-doc-reference' and `info' packages installed, try:
   # `info libc "Name Service Switch"' for information about this file.
   passwd:         compat ldap
   group:          compat ldap
   shadow:         compat
   gshadow:        files
   hosts:          files dns
   networks:       files
   protocols:      db files ldap
   services:       db files ldap
   ethers:         db files
   rpc:            db files
   netgroup:       nis
   aliases:        ldap


3) pam-auth-update Make sure both Unix and LDAP authentication are checked 4)

  /etc/init.d/nscd restart
 /etc/init.d/ssh restart
 
 Should output something like this:

[ ok ] Restarting ssh (via systemctl): ssh.service.



5) Verify server can do ldap queries with Osgeo by running something like this

    ldapsearch -x uid=robe

This worked fine and gave answers as expected.


But I am still unable to log in with my OSGeo Ldap account so I feel I am missing something.