http://www.zytrax.com/books/ldap/
http://julp.developpez.com/freebsd/replicat-ldap/
http://articles.mongueurs.net/magazines/linuxmag65.html
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/local/libexec/openldap
moduleload back_bdb
database bdb
suffix "dc=geeknode,dc=org"
rootdn "cn=manager,dc=geeknode,dc=org"
rootpw {SSHA}xxxxxxx
directory /var/db/openldap-data
index objectClass eq
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
access to attr=userPassword
by dn="cn=manager,dc=geeknode,dc=org" write
by dn="cn=proxyuser,dc=geeknode,dc=org" read
by self write
by anonymous auth
by * none
access to attrs=uidNumber,gidNumber
by dn="cn=manager,dc=geeknode,dc=org" write
by dn="cn=proxyuser,dc=geeknode,dc=org" read
by * read
access to *
by dn="cn=manager,dc=geeknode,dc=org" write
by self write
by * read
# pour jabberd beug avec ldap v3 ...
# allow bind_v2
# pour les logs
loglevel 255
logfile /var/log/openldap/geekldap.log
# La base de notre annuaire BASE o=geeknode,dc=org # L'URL pour joindre le server URI ldap://localhost/ ldap_version 3 # Authentification rootbinddn cn=proxyuser,dc=geeknode,dc=org # Pour NSS & PAM pam_password MD5 nss_base_passwd ou=Utilisateurs,dc=geeknode,dc=org nss_base_shadow ou=Utilisateurs,dc=geeknode,dc=org nss_base_group ou=Groupes,dc=geeknode,dc=org
# auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_ldap.so no_warn auth required pam_unix.so no_warn try_first_pass # account account required pam_nologin.so #account required pam_krb5.so account required pam_login_access.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass
# auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass nullok auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass # account #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so account sufficient /usr/local/lib/pam_ldap.so # session #session optional pam_ssh.so session required pam_lastlog.so no_fail # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass password sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass
# passwd(1) does not use the auth, account or session services. # password #password requisite pam_passwdqc.so enforce=users password required pam_unix.so no_warn try_first_pass nullok password sufficient /usr/local/lib/pam_ldap.so use_first_pass
dn: cn=Alex Leg,ou=Utilisateurs,dc=geeknode,dc=org
cn: Alex Leg
sn: bragon
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
uid: bragon
uidNumber: 2000
gidNumber: 2000
gecos: Alex Leg
homeDirectory: /home/bragon
loginShell: /usr/local/bin/zsh
userPassword: {MD5}xxxx
# La racine de l'annuaire
dn: dc=geeknode,dc=org
dc: geeknode
objectclass: top
objectclass: domain
objectclass: domainRelatedObject
description: GeeknodeLdap
associatedDomain: geeknode.org
structuralObjectClass: domain
# Le conteneur pour les utilisateurs
dn: ou=Utilisateurs,dc=geeknode,dc=org
objectclass: top
objectclass: organizationalUnit
ou: Utilisateurs
description: Les utilisateurs
structuralObjectClass: organizationalUnit
# Le conteneur pour les groupes
dn: ou=Groupes,dc=geeknode,dc=org
objectclass: top
objectclass: organizationalUnit
ou: Groupes
description: Les groupes
structuralObjectClass: organizationalUnit
dn: cn=Alex Leg,ou=Utilisateurs,dc=geeknode,dc=org
# Common Name
cn: Alex Leg
# Surnom
sn: bragon
# Les classes parentes
objectclass: top
objectclass: person
objectclass: posixAccount
objectclass: shadowAccount
# Login
uid: bragon
# Identifiant de l'utilisateur
uidnumber: 2000
# Groupe principal de l'utilisateur
gidnumber: 2000
# Nom complet
gecos: Alex Leg
# Shell
loginShell: /usr/local/bin/bash
# Repertoire personnel
homeDirectory: /home/bragon
# Mot de passe
# "slappasswd -h '{MD5}'"
userpassword: {MD5}xxxx
# Groupe LdapUsers
dn: cn=LdapUsers,ou=Groupes,dc=geeknode,dc=org
objectclass: top
objectclass: posixGroup
# Identifiant du groupe
gidNumber: 2000
# Intitule du groupe
cn: LdapUsers
# Membres du groupe
memberUid: bragon
# Notre utilisateur 'proxy' pour verifier les authentifications
dn: cn=proxyuser,dc=geeknode,dc=org
objectClass: top
objectClass: person
cn: proxyuser
# sn est obligatoire
sn: proxyuser
# slappasswd -h '{MD5}'
userPassword: {MD5}xxxxx
# Groupe gnadmin dn: cn=gnadmin,ou=Groupes,dc=geeknode,dc=org objectclass: top objectclass: posixGroup # Identifiant du groupe gidNumber: 2001 # Intitule du groupe cn: gnadmin # Membres du groupe memberUid: bragon
hosts: files dns networks: files protocols: files ethers: files rpc: files netmasks: files bootparams: files services: files passwd: files ldap group: files ldap shadow: files ldap netgroup: files
% getent passwd % finger bragon