Difference between revisions of "SAC:Setup LDAP Authentication"

From OSGeo
Jump to navigation Jump to search
 
(17 intermediate revisions by 3 users not shown)
Line 1: Line 1:
= Setting up FC4 to use LDAP for login authentication =
+
Instructions for setting up LDAP login on [[OSL]] hosted VMs.  This should be done as part of the [[SAC:Standard System Setup]] process.
  
The key file is the /etc/ldap.conf file which should contain:
+
[[Category:Infrastructure]]
 
 
  host ldap.telascience.org
 
  base dc=telascience,dc=org
 
 
 
  # Group to enforce membership of
 
  pam_groupdn cn=Shell,ou=Groups,dc=telascience,dc=org
 
 
 
  ssl no
 
  tls_cacertdir /etc/openldap/cacerts
 
  pam_password md5
 
 
 
The key item here is pam_groupdn line so that only users in the group "Shell" can login, and the host for finding the ldap server.  At some point the configuration may need to be updated to support SSL.
 
 
 
Also, to enable ldap authentication the pam configuration needs to be updated.  On FC4 this is done by making the /etc/pam.d/system-auth file look like:
 
 
 
#%PAM-1.0
 
# This file is auto-generated.
 
# User changes will be destroyed the next time authconfig is run.
 
auth        required      /lib/security/$ISA/pam_env.so
 
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
 
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
 
auth        required      /lib/security/$ISA/pam_deny.so
 
 
 
account    required      /lib/security/$ISA/pam_unix.so broken_shadow
 
account    sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
 
account    [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
 
account    required      /lib/security/$ISA/pam_permit.so
 
 
 
password    requisite    /lib/security/$ISA/pam_cracklib.so retry=3
 
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
 
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
 
password    required      /lib/security/$ISA/pam_deny.so
 
 
 
session    required      /lib/security/$ISA/pam_limits.so
 
session    required      /lib/security/$ISA/pam_unix.so
 
session    optional      /lib/security/$ISA/pam_ldap.so
 
 
 
The key item here is the inclusion of pam_ldap.so as an option.
 
 
 
= Setting up SVN server to use LDAP authentication =
 
 
 
= Pointers to good LDAP information =
 

Latest revision as of 22:19, 27 September 2011

Instructions for setting up LDAP login on OSL hosted VMs. This should be done as part of the SAC:Standard System Setup process.

Retrieved from "http://wiki.osgeo.org/w/index.php?title=SAC:Setup_LDAP_Authentication&oldid=57746"