Difference between revisions of "LDAP"

TODO

Check: https://www.digitalocean.com/community/tutorials/how-to-authenticate-client-computers-using-ldap-on-an-ubuntu-12-04-vps
ADD: TO_WIKI

LDAP: Lightweight Directory Access Protocol

Server setup

sudo apt-get install sldap
sudo apt-get install ldap-utils
sudo apt-get install phpldapadmin
sudo nano /etc/ldap/ldap.conf
# Set BASE and URI
browse http://serverip/phpldapadmin
# if it gives a low memory error:
nano /etc/php5/apache2/php.ini
# set: memory_limit = 32M
# restart apache

https://www.youtube.com/watch?v=DM_UQVVVtoY

Client setup (PAM: Pluggable Authentication Modules

sudo apt-get install libpam-ldap
sudo apt-get install nscd
nano /etc/nsswitch.conf
# add ldap to passwd, group and shadow:
passwd:    ldap compat
group:     ldap compat
shadow:    ldap compat

edit: /etc/pam.d/common-auth

# commment: auth optional
# add:
auth    required    pam_ldap.so use_first_pass
auth    required    pam_permit.so
# modify: auth    requisite    pam_unix.so nullok_secure
# to:
auth    sufficient    pam_unix.so nullok_secure

edit: /etc/pam.d/common-account

# add:
account    required    pam_ldap.so
# modify: account required pam_unix.so
# to:
account    sufficient    pam_unix.so

edit: /etc/pam.d/common-session

# add (if home directory does not exist create it) :
session    required    pam_mkhomedir.so    skel=/etc/skel/ umask=0022

edit: /etc/pam.d/common-password

# add:
password    required    pam_ldap.so
# modify: password    requisite    pam_unix.so nullok obscure md5
# to:
password    sufficient   pam_unix.so nullok obscure md5

#restart daemon:
/etc/init.d/nscd restart

https://www.youtube.com/watch?v=kSCx3tzC0cA

More Info

https://www.youtube.com/watch?v=LVY3WbakcOE&list=PL8B125D10F99838F7

TLS1.2

TODO: Desarrollar Examples olcTLSCipherSuite (cn=config??)
olcTLSCipherSuite: HIGH:+TLSv1.2:-TLSv1.1:-TLSv1.0:+SSLv3:-SSLv2
olcTLSCipherSuite: HIGH:+TLSv1.2:-TLSv1.1:-TLSv1.0:-SSLv3:-SSLv2