User Tools

Site Tools



This page is a reference for Hacklab's server admins.

Quick Server Details

  • Base: dc=edinburghhacklab,dc=com
  • Servers:, or + +
  • Port: 389/STARTTLS or 636/TLS

Client Configuration

Quick reference for Debian LDAP client setup:

  • apt-get install sssd libpam-mkhomedir
  • edit /etc/ldap/ldap.conf
BASE    dc=edinburghhacklab,dc=com
URI     ldaps://
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt
TLS_REQCERT     demand
  • edit /etc/sssd/sssd.conf
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam
domains = hacklab

filter_groups = root
filter_users = root
reconnection_retries = 3

reconnection_retries = 3

id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldaps://,ldaps://,ldaps://
ldap_search_base = dc=edinburghhacklab,dc=com
ldap_id_use_start_tls = true
cache_credentials = true
ldap_tls_reqcert = demand
ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
  • edit /etc/pam.d/common-session
# here are the per-package modules (the "Primary" block)
session [default=1]           
# here's the fallback if no module succeeds
session requisite             
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required              
# and here are more per-package modules (the "Additional" block)
session required 
session optional                               
session optional skel=/etc/skel umask=0022
# end of pam-auth-update config
  • edit /etc/nsswitch.conf
passwd:         compat sss
group:          compat sss
shadow:         compat sss

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis sss
ldap.txt · Last modified: 2017-06-23 16:01 by tim

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki