LDAP
Revision as of 07:51, 23 June 2016 by Rafahsolis (talk | contribs)
TODO
Check: https://www.digitalocean.com/community/tutorials/how-to-authenticate-client-computers-using-ldap-on-an-ubuntu-12-04-vps
ADD: TO_WIKI
LDAP: Lightweight Directory Access Protocol
Server setup
sudo apt-get install sldap sudo apt-get install ldap-utils sudo apt-get install phpldapadmin sudo nano /etc/ldap/ldap.conf # Set BASE and URI browse http://serverip/phpldapadmin # if it gives a low memory error: nano /etc/php5/apache2/php.ini # set: memory_limit = 32M # restart apache
https://www.youtube.com/watch?v=DM_UQVVVtoY
Client setup (PAM: Pluggable Authentication Modules
sudo apt-get install libpam-ldap sudo apt-get install nscd nano /etc/nsswitch.conf # add ldap to passwd, group and shadow: passwd: ldap compat group: ldap compat shadow: ldap compat
edit: /etc/pam.d/common-auth
# commment: auth optional # add: auth required pam_ldap.so use_first_pass auth required pam_permit.so # modify: auth requisite pam_unix.so nullok_secure # to: auth sufficient pam_unix.so nullok_secure
edit: /etc/pam.d/common-account
# add: account required pam_ldap.so # modify: account required pam_unix.so # to: account sufficient pam_unix.so
edit: /etc/pam.d/common-session
# add (if home directory does not exist create it) : session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
edit: /etc/pam.d/common-password
# add: password required pam_ldap.so # modify: password requisite pam_unix.so nullok obscure md5 # to: password sufficient pam_unix.so nullok obscure md5
#restart daemon: /etc/init.d/nscd restart
https://www.youtube.com/watch?v=kSCx3tzC0cA
More Info
https://www.youtube.com/watch?v=LVY3WbakcOE&list=PL8B125D10F99838F7
TLS1.2
TODO: Desarrollar
Examples olcTLSCipherSuite (cn=config??)
olcTLSCipherSuite: HIGH:+TLSv1.2:-TLSv1.1:-TLSv1.0:+SSLv3:-SSLv2
olcTLSCipherSuite: HIGH:+TLSv1.2:-TLSv1.1:-TLSv1.0:-SSLv3:-SSLv2
Troubleshooting
ldapsearch -x -LLL uid=xe50582