| 1 |
Hi, |
| 2 |
I have installed openldap on my gentoo-linux . My purpose is to use LDAP server for login authentication using PAM. slapd is running fine. ldapsearch command is also running fine. But the problem is, it takes too much time to authenticate the user. My local system is server as well as the client. Please help me. I followed step by step |
| 3 |
http://www.gentoo.org/doc/en/ldap-howto.xml#doc_chap2 |
| 4 |
|
| 5 |
My /etc/openldap/slapd.conf :- |
| 6 |
|
| 7 |
include /etc/openldap/schema/core.schema |
| 8 |
include /etc/openldap/schema/cosine.schema |
| 9 |
include /etc/openldap/schema/inetorgperson.schema |
| 10 |
include /etc/openldap/schema/nis.schema |
| 11 |
|
| 12 |
pidfile /var/run/openldap/slapd.pid |
| 13 |
argsfile /var/run/openldap/slapd.args |
| 14 |
|
| 15 |
database ldbm |
| 16 |
suffix "dc=kavach,dc=blr" |
| 17 |
checkpoint 32 30 |
| 18 |
rootdn "cn=Manager,dc=kavach,dc=blr" |
| 19 |
rootpw {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ== |
| 20 |
directory /var/lib/openldap-data |
| 21 |
|
| 22 |
index uid,cn,gidNumber,uidNumber,memberUid eq |
| 23 |
index uniqueMember pres |
| 24 |
index objectClass pres,eq |
| 25 |
|
| 26 |
access to * |
| 27 |
by dn="uid=root,ou=people,dc=kavach,dc=blr" write |
| 28 |
by users read |
| 29 |
by anonymous auth |
| 30 |
|
| 31 |
access to attrs=userPassword,gecos,description,loginShell |
| 32 |
by self write |
| 33 |
|
| 34 |
My /etc/openldap/ldap.conf |
| 35 |
|
| 36 |
HOST 127.0.0.1 198.168.99.183 bijayant.kavach.blr |
| 37 |
BASE dc=kavach,dc=blr |
| 38 |
URI ldap://127.0.0.1:389/ |
| 39 |
TIMELIMIT 15 |
| 40 |
SIZELIMIT 12 |
| 41 |
DEREF never |
| 42 |
|
| 43 |
nss_reconnect_tries 0 |
| 44 |
nss_reconnect_sleeptime 1 |
| 45 |
nss_reconnect_maxconntries 4 |
| 46 |
|
| 47 |
My /etc/nsswitch.conf file :-- |
| 48 |
|
| 49 |
passwd: files ldap |
| 50 |
shadow: files ldap |
| 51 |
group: files ldap |
| 52 |
hosts: files dns |
| 53 |
|
| 54 |
My /etc/pam.d/system-auth :-- |
| 55 |
|
| 56 |
auth required /lib/security/pam_env.so |
| 57 |
auth sufficient /lib/security/pam_unix.so likeauth nullok |
| 58 |
auth sufficient /lib/security/pam_ldap.so use_first_pass |
| 59 |
auth required /lib/security/pam_deny.so |
| 60 |
|
| 61 |
account required /lib/security/pam_unix.so |
| 62 |
account sufficient /lib/security/pam_ldap.so |
| 63 |
|
| 64 |
password required /lib/security/pam_cracklib.so retry=3 minlen=4 dcredit=0 ucredit=0 |
| 65 |
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow |
| 66 |
password sufficient /lib/security/pam_ldap.so use_authtok |
| 67 |
password required /lib/security/pam_deny.so |
| 68 |
|
| 69 |
session required /lib/security/pam_limits.so |
| 70 |
session required /lib/security/pam_unix.so |
| 71 |
session optional /lib/security/pam_ldap.so |
| 72 |
|
| 73 |
My /etc/ldap.conf :-- |
| 74 |
|
| 75 |
host 127.0.0.1 |
| 76 |
base dc=kavach,dc=blr |
| 77 |
rootbinddn cn=Manager,dc=kavach,dc=blr |
| 78 |
port 389 |
| 79 |
bind_policy hard |
| 80 |
|
| 81 |
uri ldap://127.0.0.1:389/ |
| 82 |
pam_password crypt |
| 83 |
ldap_version 3 |
| 84 |
pam_filter objectclass=posixAccount |
| 85 |
pam_login_attribute uid |
| 86 |
pam_member_attribute gid |
| 87 |
nss_base_passwd ou=People,dc=kavach,dc=blr?one |
| 88 |
nss_base_shadow ou=People,dc=kavach,dc=blr?one |
| 89 |
nss_base_group ou=Group,dc=kavach,dc=blr?one |
| 90 |
nss_base_hosts ou=Hosts,dc=kavach,dc=blr?one |
| 91 |
scope one |
| 92 |
|
| 93 |
nss_initgroups_ignoreusers root,ldap |
| 94 |
nss_reconnect_tries 3 |
| 95 |
nss_reconnect_sleeptime 1 |
| 96 |
nss_reconnect_maxconntries 4 |
| 97 |
|
| 98 |
|
| 99 |
Since my local system is also acting as a LDAP server, thats why every users who are in LDAP directory, they are in my system also. |
| 100 |
|
| 101 |
|
| 102 |
|
| 103 |
Send instant messages to your online friends http://uk.messenger.yahoo.com |
| 104 |
Send instant messages to your online friends http://uk.messenger.yahoo.com |
Archives