SAC:betawebsite
This is setup of Cloud server osgeo.public.cloudvps.com
It is a debian 8, 4GB , 160 HDD server.
These are the steps I did after it was created in attempt to implement LDAP
First I installed updates
apt-get update apt-get upgrade apt-get install libpam-ldap nscd apt-get install libnss-ldap #not sure if this one is needed
Then to try the ldap
https://wiki.debian.org/LDAP/PAM
1) edit /etc/ldap/ldap.conf (copied from osgeo6)
BASE dc=osgeo, dc=org URI ldaps://ldap.osgeo.org/ #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CHECKPEER yes TLS_REQCERT demand TLS_CACERT /etc/ssl/certs/STAR_osgeo_org.ca-bundle #this file you need to copy from osgeo6 as well pam_groupdn cn=telascience,ou=Shell,dc=osgeo,dc=org #not though telascience is defunct so not sure what that cn nss_base_passwd ou=People,dc=osgeo,dc=org nss_base_shadow ou=People,dc=osgeo,dc=org nss_base_group ou=Group,dc=osgeo,dc=org ldap_version 3 pam_password md5 bind_policy soft
2) Copy contents of /etc/nslcd.conf from osgeo6
nano /etc/ssh/sshd_config
(it will prompt for services you want to use ldap for ) Selections will be written to /etc/nsswitch.conf
after conf looked like this
after conf looked like this
# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file.
passwd: compat ldap group: compat ldap shadow: compat gshadow: files
hosts: files dns networks: files
protocols: db files ldap services: db files ldap ethers: db files rpc: db files
netgroup: nis aliases: ldap
3) pam-auth-update Make sure both Unix and LDAP authentication are checked 4)
/etc/init.d/nscd restart /etc/init.d/nslcd restart /etc/init.d/ssh restart Should output something like this:
[ ok ] Restarting ssh (via systemctl): ssh.service.
5) Verify server can do ldap queries with Osgeo by running something like this
ldapsearch -x uid=robe
6) For some reason nlscd fails with password invalid, unless I create a local account matching the Osgeo user (doesn't matter the password) so did
adduser robe
To be able to log in
This worked fine and gave answers as expected.
But I am still unable to log in with my OSGeo Ldap account so I feel I am missing something.