Dashboard > Penrose 1.2 > ... > Naming Service for Linux > NSS LDAP
Penrose 1.2
NSS LDAP
Added by Endi S. Dewata, last edited by Endi S. Dewata on Jun 06, 2007  (view change)
Labels: 
(None)


Introduction

Penrose can be used as the name service for Linux machines using NSS LDAP (nss_ldap). See Naming Service for Linux.

Installing NSS LDAP

Some system comes with NSS LDAP installed already. If your system doesn't have it already, you need to download and install the binaries.

Red Hat:

yum install nss_ldap

Debian:

apt-get install libnss-ldap

Alternatively, you can build from the source code:

./configure
make
make install

Configuring NSS LDAP

The NSS LDAP can be configured in /etc/nsswitch.conf.

For users and groups information (including authentication), you need to add "ldap" to the following databases:

passwd:     files ldap
group:      files ldap

Note that for authentication, NSS LDAP will retrieve password from Penrose and then perform the authentication locally. This behaviour is sometimes undesirable because of security concerns. You can avoid this problem by adding PAM LDAP. Instead of retrieving the password, PAM LDAP will execute a bind operation against Penrose. See PAM LDAP.

There are other databases too that you can configure as needed:

hosts:      files dns ldap

ethers:     files ldap
netmasks:   files ldap
networks:   files ldap
protocols:  files ldap
rpc:        files ldap
services:   files ldap

netgroup:   files ldap

References
Site running on a free Atlassian Confluence Open Source Project License granted to Safehaus. Evaluate Confluence today.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.5.4 Build:#809 Jun 12, 2007) - Bug/feature request - Contact Administrators