Version 1 (modified by trac, 12 years ago) (diff)


There are two LDAP servers, cuboid and bursa, with CNAMES and Login should work if either is up. You may need to restart nscd (the Name Service Caching Daemon).

Simple LDAP check, run ldapsearch -vvv -xLLL '(uid=joshuadf)'

If no one can log in to the LDAP server itself, you need to boot in Single User mode.

Run /etc/init.d/ldap start and check for error messages. If the database is corrupted from a crash, restore the whole /var/lib/ldap/ directory from a recent backup.

Client Setup

The LDAP client setup is done at installation time with the following commands, see KickStart for more details:

authconfig --enableshadow --enablemd5 \
--enableldap --ldapserver=ldaps:// \
--ldapbasedn="dc=sig,dc=biostr,dc=washington,dc=edu" --enableldapauth \
--enableldaptls --enablecache --disablenis --kickstart
mv /etc/ldap.conf /etc/ldap.conf.orig
cat > /etc/ldap.conf << EOF
uri             ldaps://  ldaps:// 
ssl             on
tls_cacertfile  /usr/share/rhn/UW-CA-CERT
tls_checkpeer   yes
ldap_version    3
scope           one
rootbinddn      cn=admin,dc=sig,dc=biostr,dc=washington,dc=edu
base            dc=sig,dc=biostr,dc=washington,dc=edu
nss_base_passwd ou=People,dc=sig,dc=biostr,dc=washington,dc=edu
nss_base_shadow ou=People,dc=sig,dc=biostr,dc=washington,dc=edu
nss_base_group  ou=Group,dc=sig,dc=biostr,dc=washington,dc=edu
pam_password    exop
mv /etc/openldap/ldap.conf /etc/openldap/ldap.conf.orig
cat > /etc/openldap/ldap.conf << EOF
URI  ldaps:// ldaps://
BASE dc=sig,dc=biostr,dc=washington,dc=edu
TLS_CACERT /usr/share/rhn/UW-CA-CERT
TLS hard
/etc/init.d/nscd restart
/etc/init.d/autofs restart
/etc/init.d/portmap restart

By the way, here are some common LDAP abbreviation codes:

Key	Attribute
CN	Common Name
DC      Domain Component
DN      Distinguish Name
L	Locality Name
ST	State or Province Name
O	Organization Name
OU	Organizational Unit Name
C	Country Name
STREET	Street Address