Nss, Pam, And Ldap - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual
Hide thumbs
Also See for ENTERPRISE LINUX 5 - DEPLOYMENT:
- Manual (402 pages) ,
- Configuration (86 pages) ,
- Overview (68 pages)
Table of Contents
Advertisement
Chapter 25. Lightweight Directory Access Protocol (LDAP)
Warning
You must stop slapd by issuing the /sbin/service ldap stop command before
using slapadd, slapcat or slapindex. Otherwise, the integrity of the LDAP directory
is at risk.
For more information on using these utilities, refer to their respective man pages.
The openldap-clients package installs tools into /usr/bin/ which are used to add, modify, and
delete entries in an LDAP directory. These tools include the following:
• ldapadd — Adds entries to an LDAP directory by accepting input via a file or standard input;
ldapadd is actually a hard link to ldapmodify -a.
• ldapdelete — Deletes entries from an LDAP directory by accepting user input at a shell prompt or
via a file.
• ldapmodify — Modifies entries in an LDAP directory, accepting input via a file or standard input.
• ldappasswd — Sets the password for an LDAP user.
• ldapsearch — Searches for entries in an LDAP directory using a shell prompt.
• ldapcompare — Opens a connection to an LDAP server, binds, and performs a comparison using
specified parameters.
• ldapwhoami — Opens a connection to an LDAP server, binds, and performs a whoami operation.
• ldapmodrdn — Opens a connection to an LDAP server, binds, and modifies the RDNs of entries.
With the exception of ldapsearch, each of these utilities is more easily used by referencing a file
containing the changes to be made rather than typing a command for each entry to be changed within
an LDAP directory. The format of such a file is outlined in the man page for each utility.
25.3.1. NSS, PAM, and LDAP
In addition to the OpenLDAP packages, Red Hat Enterprise Linux includes a package called
nss_ldap, which enhances LDAP's ability to integrate into both Linux and other UNIX environments.
The nss_ldap package provides the following modules (where <version> refers to the version of
libnss_ldap in use):
• /lib/libnss_ldap-<version>.so
• /lib/security/pam_ldap.so
The nss_ldap package provides the following modules for Itanium or AMD64 architectures:
• /lib64/libnss_ldap-<version>.so
• /lib64/security/pam_ldap.so
The libnss_ldap-<version>.so module allows applications to look up users, groups, hosts, and
other information using an LDAP directory via the Nameservice Switch (NSS) interface of glibc.
406
Advertisement
Table of Contents
Need help?
Do you have a question about the ENTERPRISE LINUX 5 - DEPLOYMENT and is the answer not in the manual?
Questions and answers