SAC:betawebsite

From OSGeo
Revision as of 13:05, 19 October 2017 by Robe (talk | contribs)
Jump to navigation Jump to search

This is setup of Cloud server osgeo.public.cloudvps.com

It is a debian 8, 4GB , 160 HDD server.

These are the steps I did after it was created in attempt to implement LDAP

First I installed updates 

 apt-get update
 apt-get upgrade
 apt-get install libpam-ldap nscd
 apt-get install libnss-ldap #not sure if this one is needed 
 apt-get install sudo

Then to try the ldap

https://wiki.debian.org/LDAP/PAM

1) edit /etc/ldap/ldap.conf (copied from osgeo6) 

   BASE    dc=osgeo, dc=org
   URI     ldaps://ldap.osgeo.org/
   #SIZELIMIT      12
   #TIMELIMIT      15
   #DEREF          never
   TLS_CHECKPEER yes
   TLS_REQCERT demand
   TLS_CACERT /etc/ssl/certs/STAR_osgeo_org.ca-bundle  #this file you need to copy from osgeo6 as well
   pam_groupdn cn=telascience,ou=Shell,dc=osgeo,dc=org  #not though telascience is defunct so not sure what that cn
   nss_base_passwd ou=People,dc=osgeo,dc=org
   nss_base_shadow ou=People,dc=osgeo,dc=org
   nss_base_group  ou=Group,dc=osgeo,dc=org
   ldap_version 3
   pam_password md5
   bind_policy soft


2) Copy contents of /etc/nslcd.conf from osgeo6 


  nano /etc/ssh/sshd_config

(it will prompt for services you want to use ldap for ) Selections will be written to /etc/nsswitch.conf

after conf looked like this 

   after conf looked like this

   # /etc/nsswitch.conf
   #
   # Example configuration of GNU Name Service Switch functionality.
   # If you have the `glibc-doc-reference' and `info' packages installed, try:
   # `info libc "Name Service Switch"' for information about this file.

   passwd:         compat ldap
   group:          compat ldap
   shadow:         compat
   gshadow:        files

   hosts:          files dns
   networks:       files

   protocols:      db files ldap
   services:       db files ldap
   ethers:         db files
   rpc:            db files

   netgroup:       nis
   aliases:        ldap


3) pam-auth-update Make sure both Unix and LDAP authentication are checked 4) 

  /etc/init.d/nscd restart
 /etc/init.d/nslcd restart
 /etc/init.d/ssh restart
 
 Should output something like this:

[ ok ] Restarting ssh (via systemctl): ssh.service.


5) Verify server can do ldap queries with Osgeo by running something like this 

    ldapsearch -x uid=robe

6) For some reason nlscd fails with password invalid, unless I create a local account matching the Osgeo user (doesn't matter the password) so did 

  adduser robe

To be able to log in

This worked fine and gave answers as expected.


But I am still unable to log in with my OSGeo Ldap account so I feel I am missing something.

Retrieved from "http://wiki.osgeo.org/w/index.php?title=SAC:betawebsite&oldid=110370"