Friday, August 19, 2011

Must configure ldap.conf

I setup a ldap server to authenticating linux clients. My setup was ok , and clients was authenticating from server properly. Today due to some reason my ldap server become down and i try to logon linux using local account. But there was long time taken by clients for login screen, i become fade up with that, i edited my /etc/nsswitch.conf file in single use mode, removed ldap from passwd and group section. But then i concluded that this occur occur because my ldap client configuration is not proper. I edited my /etc/ldap.conf and entered following entries in it.


base dc=abc,dc=del

uri ldaps:// s1.abc.del ldaps://s2.abc.del

ldap_version 3

timelimit 10

bind_timelimit 10

nss_initgroups_ignoreusers root,ldap,named,avahi,

haldaemon,dbus,radvd,tomcat,radiusd,news,mailman

ssl yes

pam_password md5

nss_base_passwd ou=People,dc=abc,dc=del

nss_base_group dc=abc,dc=del

use_sasl off

tls_checkpeer yes

TLS_CACERTFILE /etc/pki/tls/certs/ca-bundle.crt

bind_policy hard_open

idle_timelimit 3550

Now everything is fine.