Sudoers in LDAP
In addition to the standard sudoers file, sudo may be configured via LDAP. This can be especially useful for synchronizing sudoers in a large, distributed environment. You need to have LDAP server and client...
Category: LDAP
Linux LDAP autofs client configuration
There is a plenty of Linux distributions, so there is not my point to describe how to configure autofs in every one of them. This description is based on RedHat/CentOS, but it can be...
Solaris LDAP autofs client configuration
Last time I wrote about autofs configuration on LDAP server, now it is time to configure autofs client in Solaris. I assume that in DUAConfigProfile, objectClasses and attributes are already defined. You can check...
Autofs in LDAP configuration – for Linux and Solaris
If you have LDAP server as user repository it is also good to have NFS server to store their home directories. To avoid autofs map configuration on every host, you can use LDAP service...
Linux LDAP client configuration
The simplest way to configure LDAP client in Linux is to use some kind of tool delivered with system. SuSE has yast (yast2), RedHat family has authconfig (authconfig-tui). This should install required packages like:...
Solaris LDAP client configuration
Oracle Solaris has native LDAP support built in OS, so there is no need to install third-party software to configure Solaris to use LDAP as users/groups and other repository. You can use different ways...
LDAP server for Solaris and Linux clients
Few months ago I received a task to set up LDAP authentication for Solaris 10, Solaris 11 and Linux machines in Customer’s infrastructure. As LDAP server was chosen OpenLDAP 2.4.x in Master-Slave configuration with...
OpenDJ – online schema modification
I wrote before about schema conversion to LDIF format and how to add schemas offline by uploading them to config/schema directory in OpenDJ. Now I will describe how to extend schema online, without restart...
LDAP meta directory
Sometimes you need to combine two or more LDAP directories with same suffixes to one directory or you just need to have a proxy. My first attempts to combine two OpenLDAP directories was to make replication from two different sources. This solution however has some disadvantages. First of all: to have syncprov replication your environment must be uniform, this means all source servers and proxy needs to be OpenLDAP. Second: I observed that this is not so stable, because of mentioned earlier issues with OpenLDAP replication.
Unique attributes in OpenDJ
Sometimes you need to set some attributes as unique, for example: if LDAP contains system users, then uid attribute shouldn’t repeat in whole system. OpenDJ is equipped with proper plugin, but it’s not enabled...
