NFSv4 in a multi-realm environment
Setting up an LDAP client to use nss_ldap for name<->id mapping
These instructions assume you are starting with a complete
installation of
Fedora Core 2.
They also assume that your LDAP server has been populated
with entries conforming to the NIS schema defined in
RFC 2307.
- Verify you have the ldap client package installed. If not, install it:
# yum list installed | grep ldap
nss_ldap i386 217-1 db
openldap i386 2.1.29-1 db
openldap-clients i386 2.1.29-1 db
openldap-devel i386 2.1.29-1 db
openldap-servers i386 2.1.29-1 db
#
- Set up the default ldap client parameters in
/etc/openldap/ldap.conf as follows:
% cat /etc/openldap/ldap.conf
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
HOST tangent.citi.umich.edu
BASE dc=arbitrary,dc=domain,dc=org
%
- Modify /etc/nsswitch.conf to specify that passwd and/or
group name<->id resolution should use ldap. Be careful
to put ldap after files. Otherwise, access to the
machine as root may be impaired!
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files ldap
shadow: files
group: files ldap
#hosts: db files nisplus nis dns
hosts: files dns
- You'll want to make sure you are running the Name Service Caching Daemon (nscd) to cache ldap responses.
# /etc/init.d/nscd start
