# Automated arrangement of ldap verification for RHEL5 web servers

I make use of puppet for handling our manufacturing web servers. Under rhel5 the typical means of making it possible for ldap is to make use of the authconfig device. Which functions efficiently, yet isn't actually qualified with the creature means of doing points. If I were to have creature make the pertinent edits to the verification config documents, which ones should I transform? Off the top of my head the documents I recognize that demand editing and enhancing to enable ldap verification are

/etc/ldap.conf
/etc/nsswitch.conf


But there may additionally be pam config documents which I am not suer concerning

0
2019-05-18 22:20:58
Source Share

If your starting you can set this up as a kickstart alternative See :

0
2019-12-05 02:27:41
Source

My choice is to take care of/ etc/sysconfig/authconfig (which has a checklist of vars) after that make use of authconfig - - updateall, this allows me go down 1 documents that regulates every little thing.

0
2019-12-04 09:23:49
Source

I'm not exactly sure concerning any kind of RedHat details arrangements, yet have a look at this LDAP configuration guide.

Primarily, besides the documents you state, you need to additionally set up PAM thus:

auth       required     pam_env.so
auth       sufficient   pam_unix.so likeauth nullok
auth       sufficient   pam_ldap.so use_first_pass
auth       required     pam_deny.so

account    sufficient   pam_unix.so
account    sufficient   pam_ldap.so
account    required     pam_ldap.so

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3

0
2019-05-21 07:10:03
Source

I commonly modify:

/etc/ldap.conf
/etc/nsswitch.conf
/etc/openldap/ldap.conf (check for certs if necessary)
/etc/pam.d/system-auth


I assume that covers the essential wickedness. May require/ etc/sudoers too.

0
2019-05-19 09:35:53
Source

Our manuscript to set up ldap auth (which conjures up authconfig) changes these documents:

/etc/rc.d/init.d/iptables (rearrange the chkconfig priority)