HOWTO_Very_Basic_PAM/LDAP

Purpose

In this tutorial, we present a stripped down LDAP/PAM configuration -- no SASL, SAMBA, Kerberos or other additions -- in order to get the essentials across. We will set up a machine to authenticate against itself, whether or not it has network access.

Files

You will need to edit a few files in order to make this work:

• /etc/conf.d/local-slapd
• /etc/init.d/local-slapd
• /etc/ldap.conf
• /etc/ldap.conf.sudo
• /etc/nsswitch.conf
• /etc/openldap/ldap.conf
• /etc/openldap/ldap-key.pem
• /etc/openldap/schema/sudo.schema
• /etc/openldap/slapd.conf
• /etc/pam.d/system-auth
• /etc/ssl/ldap.pem

Notice that all these files are in /etc, where they belong. The addition of the sudo configuration may seem extraneous, but sudo misbehaves with out it.

The additional init.d and conf.d files allow for a network independent instance of slapd.

The above files are all the files that were edited to enable PAM authentication via OpenLDAP with SSL. I maintain the files in their own folder and merge them with a script so that I can track configuration changes for this particular project independent of changes I make for other reasons.

To Be Continued...