Table of Contents
Advertisement
35.3 Configuring an LDAP Client with
YaST
YaST includes a module to set up LDAP-based user management. If you did not enable
this feature during the installation, start the module by selecting Network Services >
LDAP Client. YaST automatically enables any PAM and NSS related changes as required
by LDAP and installs the necessary files.
35.3.1 Standard Procedure
Background knowledge of the processes acting in the background of a client machine
helps you understand how the YaST LDAP client module works. If LDAP is activated
for network authentication or the YaST module is called, the packages pam_ldap and
nss_ldap are installed and the two corresponding configuration files are adapted.
pam_ldap is the PAM module responsible for negotiation between login processes
and the LDAP directory as the source of authentication data. The dedicated module
pam_ldap.so is installed and the PAM configuration is adapted (see
"pam_unix2.conf Adapted to LDAP"
Example 35.2 pam_unix2.conf Adapted to LDAP
auth:
use_ldap
account:
use_ldap
password:
use_ldap
session:
none
When manually configuring additional services to use LDAP, include the PAM LDAP
module in the PAM configuration file corresponding to the service in /etc/pam.d.
Configuration files already adapted to individual services can be found in /usr/
share/doc/packages/pam_ldap/pam.d/. Copy appropriate files to /etc/
pam.d.
glibc name resolution through the nsswitch mechanism is adapted to the employ-
ment of LDAP with nss_ldap. A new, adapted file nsswitch.conf is created in
/etc with the installation of this package. Find more about the workings of nsswitch
.conf in
Section 30.6.1, "Configuration Files"
be present in nsswitch.conf for user administration and authentication with LDAP.
See
Example 35.3, "Adaptations in nsswitch.conf"
(page 677)).
(page 633). The following lines must
(page 678).
Example 35.2,
LDAP—A Directory Service
677
Advertisement
Table of Contents
Troubleshooting
