http://www.zytrax.com/books/ldap/
http://julp.developpez.com/freebsd/replicat-ldap/
http://articles.mongueurs.net/magazines/linuxmag65.html
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args modulepath /usr/local/libexec/openldap moduleload back_bdb database bdb suffix "dc=geeknode,dc=org" rootdn "cn=manager,dc=geeknode,dc=org" rootpw {SSHA}xxxxxxx directory /var/db/openldap-data index objectClass eq index cn,sn,uid,displayName pres,sub,eq index uidNumber,gidNumber eq access to attr=userPassword by dn="cn=manager,dc=geeknode,dc=org" write by dn="cn=proxyuser,dc=geeknode,dc=org" read by self write by anonymous auth by * none access to attrs=uidNumber,gidNumber by dn="cn=manager,dc=geeknode,dc=org" write by dn="cn=proxyuser,dc=geeknode,dc=org" read by * read access to * by dn="cn=manager,dc=geeknode,dc=org" write by self write by * read # pour jabberd beug avec ldap v3 ... # allow bind_v2 # pour les logs loglevel 255 logfile /var/log/openldap/geekldap.log
# La base de notre annuaire BASE o=geeknode,dc=org # L'URL pour joindre le server URI ldap://localhost/ ldap_version 3 # Authentification rootbinddn cn=proxyuser,dc=geeknode,dc=org # Pour NSS & PAM pam_password MD5 nss_base_passwd ou=Utilisateurs,dc=geeknode,dc=org nss_base_shadow ou=Utilisateurs,dc=geeknode,dc=org nss_base_group ou=Groupes,dc=geeknode,dc=org
# auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth sufficient /usr/local/lib/pam_ldap.so no_warn auth required pam_unix.so no_warn try_first_pass # account account required pam_nologin.so #account required pam_krb5.so account required pam_login_access.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass
# auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass nullok auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass # account #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so account sufficient /usr/local/lib/pam_ldap.so # session #session optional pam_ssh.so session required pam_lastlog.so no_fail # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass password sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass
# passwd(1) does not use the auth, account or session services. # password #password requisite pam_passwdqc.so enforce=users password required pam_unix.so no_warn try_first_pass nullok password sufficient /usr/local/lib/pam_ldap.so use_first_pass
dn: cn=Alex Leg,ou=Utilisateurs,dc=geeknode,dc=org cn: Alex Leg sn: bragon objectClass: top objectClass: person objectClass: posixAccount objectClass: shadowAccount uid: bragon uidNumber: 2000 gidNumber: 2000 gecos: Alex Leg homeDirectory: /home/bragon loginShell: /usr/local/bin/zsh userPassword: {MD5}xxxx
# La racine de l'annuaire dn: dc=geeknode,dc=org dc: geeknode objectclass: top objectclass: domain objectclass: domainRelatedObject description: GeeknodeLdap associatedDomain: geeknode.org structuralObjectClass: domain # Le conteneur pour les utilisateurs dn: ou=Utilisateurs,dc=geeknode,dc=org objectclass: top objectclass: organizationalUnit ou: Utilisateurs description: Les utilisateurs structuralObjectClass: organizationalUnit # Le conteneur pour les groupes dn: ou=Groupes,dc=geeknode,dc=org objectclass: top objectclass: organizationalUnit ou: Groupes description: Les groupes structuralObjectClass: organizationalUnit dn: cn=Alex Leg,ou=Utilisateurs,dc=geeknode,dc=org # Common Name cn: Alex Leg # Surnom sn: bragon # Les classes parentes objectclass: top objectclass: person objectclass: posixAccount objectclass: shadowAccount # Login uid: bragon # Identifiant de l'utilisateur uidnumber: 2000 # Groupe principal de l'utilisateur gidnumber: 2000 # Nom complet gecos: Alex Leg # Shell loginShell: /usr/local/bin/bash # Repertoire personnel homeDirectory: /home/bragon # Mot de passe # "slappasswd -h '{MD5}'" userpassword: {MD5}xxxx # Groupe LdapUsers dn: cn=LdapUsers,ou=Groupes,dc=geeknode,dc=org objectclass: top objectclass: posixGroup # Identifiant du groupe gidNumber: 2000 # Intitule du groupe cn: LdapUsers # Membres du groupe memberUid: bragon # Notre utilisateur 'proxy' pour verifier les authentifications dn: cn=proxyuser,dc=geeknode,dc=org objectClass: top objectClass: person cn: proxyuser # sn est obligatoire sn: proxyuser # slappasswd -h '{MD5}' userPassword: {MD5}xxxxx
# Groupe gnadmin dn: cn=gnadmin,ou=Groupes,dc=geeknode,dc=org objectclass: top objectclass: posixGroup # Identifiant du groupe gidNumber: 2001 # Intitule du groupe cn: gnadmin # Membres du groupe memberUid: bragon
hosts: files dns networks: files protocols: files ethers: files rpc: files netmasks: files bootparams: files services: files passwd: files ldap group: files ldap shadow: files ldap netgroup: files
% getent passwd % finger bragon