Assignment 4: All together I
Integration of openLDAP and NSS/PAM to build an identification and authentication service
The goal now is to learn how to use the secure LDAP service from a client host. To be specific, you must make it possible for any LDAP user on server-01
to open an SSH session on the frontend
, being SSH sessions the ONLY service that LDAP users can use.
Make sure that the SSH service is installed and running on
frontend
.This host should be able to use the LDAP service on
server-01
(over SSL) and thus identify and authenticate local and remote (LDAP) users (1)Make sure that frontend and server-01 are property linked to each other through LDAP.
(1) Consider also the following data and aspects:
LDAP server URI:
ldaps://server-01.localdomain
ldap://server-02.localdomain
(**)
DN of the search base:
dc=localdomain
LDAP version to be used: 3
LDAP account for root:
cn=admin,dc=localdomain
LDAP root account Password:
'ldap'
Don’t allow the LDAP administration account to behave like the local root
LDAP data base doesn’t require login
For LDAP users who connect to
frontend
for the first time, the system should create their$HOME
directories automatically.
(**) No SSL!! Only if optional assignment is done.
Last updated