Difference between revisions of "SAC:betawebsite"
(Created page with "This is setup of Cloud server osgeo.public.cloudvps.com It is a debian 8, 4GB , 160 HDD server. These are the steps I did after it was created in attempt to implement LDAP...") |
|||
| Line 14: | Line 14: | ||
https://wiki.debian.org/LDAP/PAM | https://wiki.debian.org/LDAP/PAM | ||
| − | 1) edit /etc/ldap/ldap.conf | + | 1) edit /etc/ldap/ldap.conf (our instructions give a different cert for TLS_CACERT, I assumed it didn't matter since it seems to be a root certificate |
| + | BASE dc=osgeo,dc=org | ||
| + | URI ldaps://ldap.osgeo.org | ||
| − | |||
| − | |||
| + | #SIZELIMIT 12 | ||
| + | #TIMELIMIT 15 | ||
| + | #DEREF never | ||
| − | # | + | # TLS certificates (needed for GnuTLS) |
| − | + | TLS_CACERT /etc/ssl/certs/ca-certificates.crt | |
| − | |||
| − | |||
| − | |||
| Line 63: | Line 63: | ||
| − | 3) | + | |
| + | 3) pam-auth-update | ||
| + | Make sure both Unix and LDAP authentication are checked | ||
| + | 4) | ||
/etc/init.d/nscd restart | /etc/init.d/nscd restart | ||
/etc/init.d/ssh restart | /etc/init.d/ssh restart | ||
| Line 70: | Line 73: | ||
[ ok ] Restarting ssh (via systemctl): ssh.service. | [ ok ] Restarting ssh (via systemctl): ssh.service. | ||
| − | |||
| − | |||
| − | |||
| − | + | 5) Verify server can do ldap queries with Osgeo by running something like this | |
| − | ldapsearch -x uid=robe | + | ldapsearch -x uid=robe |
This worked fine and gave answers as expected. | This worked fine and gave answers as expected. | ||
Revision as of 07:53, 19 October 2017
This is setup of Cloud server osgeo.public.cloudvps.com
It is a debian 8, 4GB , 160 HDD server.
These are the steps I did after it was created in attempt to implement LDAP
First I installed updates
apt-get update apt-get upgrade
Then to try the ldap
https://wiki.debian.org/LDAP/PAM
1) edit /etc/ldap/ldap.conf (our instructions give a different cert for TLS_CACERT, I assumed it didn't matter since it seems to be a root certificate
BASE dc=osgeo,dc=org URI ldaps://ldap.osgeo.org
#SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
# TLS certificates (needed for GnuTLS) TLS_CACERT /etc/ssl/certs/ca-certificates.crt
2) apt-get install libpam-ldap nscd
nano /etc/ssh/sshd_config
(it will prompt for services you want to use ldap for ) Selections will be written to /etc/nsswitch.conf
after conf looked like this
after conf looked like this
# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file.
passwd: compat ldap group: compat ldap shadow: compat gshadow: files
hosts: files dns networks: files
protocols: db files ldap services: db files ldap ethers: db files rpc: db files
netgroup: nis aliases: ldap
3) pam-auth-update Make sure both Unix and LDAP authentication are checked 4)
/etc/init.d/nscd restart /etc/init.d/ssh restart Should output something like this:
[ ok ] Restarting ssh (via systemctl): ssh.service.
5) Verify server can do ldap queries with Osgeo by running something like this
ldapsearch -x uid=robe
This worked fine and gave answers as expected.
But I am still unable to log in with my OSGeo Ldap account so I feel I am missing something.