Integre o PAM com o LDAP no OpenSUSE

De Wiki Hackstore

Instale as dependências

zypper in nss_ldap pam_ldap

Configure o ldap (server)

Instale o server ldap:

zypper in openldap

Configure o arquivo /etc/openldap/slapd.conf

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/yast.schema
include         /etc/openldap/schema/samba3.schema
include         /etc/openldap/schema/nis.schema

pidfile         /var/run/slapd/
argsfile        /var/run/slapd/slapd.args

allow bind_v2

access to dn.base=""
        by * read

access to dn.base="cn=Subschema"
        by * read

access to attrs=userPassword,userPKCS12
        by self write
        by * auth

access to attrs=shadowLastChange
        by self write
        by * read

access to *
        by * read

database        bdb
suffix          "dc=hackstore,dc=com,dc=br"
checkpoint      1024    5
cachesize       10000
rootdn          "cn=Manager,dc=hackstore,dc=com,dc=br"
rootpw          secrethackstore
directory       /var/lib/ldap
index   objectClass     eq

serverID 001
overlay syncprov
syncprov-checkpoint 10 60
syncprov-sessionlog 1000

Configure o ldap (client)

Configure o arquivo /etc/ldap.conf


base "dc=hackstore,dc=com,dc=br"
suffix "dc=hackstore,dc=com,dc=br"
rootbinddn "cn=Manager,dc=hackstore,dc=com,dc=br"


pam_lookup_policy yes
pam_password exop
pam_filter objectclass=posixAccount

bind_policy soft
bind_timelimit 10

nss_schema rfc2307bis
nss_initgroups_ignoreusers root,ldap
nss_map_attribute uniqueMember member
nss_base_passwd ou=Users,dc=hackstore,dc=com,dc=br
nss_base_shadow ou=Users,dc=hackstore,dc=com,dc=br
nss_base_group ou=Groups,dc=hackstore,dc=com,dc=br

Configure o PAM (/etc/nsswitch.conf)

Comente as linhas abaixo:

# passwd: files nis
# shadow: files nis

E adicione as novas linhas:

passwd: compat files [UNAVAIL=return] ldap
group: compat files [UNAVAIL=return] ldap
shadow:         files ldap