Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

openSUSE 11.1 Reference Guide
Previous Page Home Next Page

26.4 Configuring an LDAP Client with YaST

YaST includes a module to set up LDAP-based user management. If you did not enable this feature during the installation, start the module by selecting Network Services > LDAP Client. YaST automatically enables any PAM and NSS related changes as required by LDAP and installs the necessary files. Simply connect your client to the server and let YaST manage users over LDAP. This basic setup is described in Section 26.4.1, Configuring Basic Settings.

Use the YaST LDAP client to further configure the YaST group and user configuration modules. This includes manipulating the default settings for new users and groups and the number and nature of the attributes assigned to a user or group. LDAP user management allows you to assign far more and different attributes to users and groups than traditional user or group management solutions. This is described in Section 26.4.2, Configuring the YaST Group and User Administration Modules.

26.4.1 Configuring Basic Settings

The basic LDAP client configuration dialog (Figure 26-6) opens during installation if you choose LDAP user management or when you select Network Services > LDAP Client in the YaST Control Center in the installed system.

Figure 26-6 YaST: LDAP Client Configuration

To authenticate users of your machine against an OpenLDAP server and enable user management via OpenLDAP, proceed as follows:

  1. Click Use LDAP to enable the use of LDAP. Select Use LDAP but Disable Logins instead if you want to use LDAP for authentication, but do not want other users to log in to this client.

  2. Enter the IP address of the LDAP server to use.

  3. Enter the LDAP Base DN to select the search base on the LDAP server. To retrieve the base DN automatically, click Fetch DN. YaST then checks for any LDAP database on the server address specified above. Choose the appropriate base DN from the search results given by YaST.

  4. If TLS or SSL protected communication with the server is required, select LDAP TLS/SSL.

  5. If the LDAP server still uses LDAPv2, explicitly enable the use of this protocol version by selecting LDAP Version 2.

  6. Select Start Automounter to mount remote directories on your client, such as a remotely managed /home.

  7. Select Create Home Directory on Login to have a user's home automatically created on the first user login.

  8. Click Finish to apply your settings.

To modify data on the server as administrator, click Advanced Configuration. The following dialog is split in two tabs. See Figure 26-7.

Figure 26-7 YaST: Advanced Configuration

  1. In the Client Settings tab, adjust the following settings according to your needs:

    1. If the search base for users, passwords, and groups differs from the global search base specified in the LDAP base DN, enter these different naming contexts in User Map, Password Map, and Group Map.

    2. Specify the password change protocol. The standard method to use whenever a password is changed is crypt, meaning that password hashes generated by crypt are used. For details on this and other options, refer to the pam_ldap man page.

    3. Specify the LDAP group to use with Group Member Attribute. The default value for this is member.

  2. In Administration Settings, adjust the following settings:

    1. Set the base for storing your user management data via Configuration Base DN.

    2. Enter the appropriate value for Administrator DN. This DN must be identical with the rootdn value specified in /etc/openldap/slapd.conf to enable this particular user to manipulate data stored on the LDAP server. Enter the full DN (such as cn=Administrator,dc=example,dc=com) or activate Append Base DN to have the base DN added automatically when you enter cn=Administrator.

    3. Check Create Default Configuration Objects to create the basic configuration objects on the server to enable user management via LDAP.

    4. If your client machine should act as a file server for home directories across your network, check Home Directories on This Machine.

    5. Use the Password Policy section to select, add, delete, or modify the password policy settings to use. The configuration of password policies with YaST is part of the LDAP server setup.

    6. Click OK to leave the Advanced Configuration, then Finish to apply your settings.

Use Configure User Management Settings to edit entries on the LDAP server. Access to the configuration modules on the server is then granted according to the ACLs and ACIs stored on the server. Follow the procedures outlined in Section 26.4.2, Configuring the YaST Group and User Administration Modules.

26.4.2 Configuring the YaST Group and User Administration Modules

Use the YaST LDAP client to adapt the YaST modules for user and group administration and to extend them as needed. Define templates with default values for the individual attributes to simplify the data registration. The presets created here are stored as LDAP objects in the LDAP directory. The registration of user data is still done with the regular YaST modules for user and group management. The registered data is stored as LDAP objects on the server.

Figure 26-8 YaST: Module Configuration

The dialog for module configuration (Figure 26-8) allows the creation of new modules, selection and modification of existing configuration modules, and design and modification of templates for such modules.

To create a new configuration module, proceed as follows:

  1. In the LDAP Client Configuration click Advanced Configuration, then open the Administration Settings tab. Click Configure User Management Settings and enter the LDAP server credentials.

  2. Click New and select the type of module to create. For a user configuration module, select suseuserconfiguration and for a group configuration choose susegroupconfiguration.

  3. Choose a name for the new template. The content view then features a table listing all attributes allowed in this module with their assigned values. Apart from all set attributes, the list also contains all other attributes allowed by the current Schema but currently not used.

  4. Accept the preset values or adjust the defaults to use in group and user configuration by selecting the respective attribute, pressing Edit, and entering the new value. Rename a module by simply changing the cn attribute of the module. Clicking Delete deletes the currently selected module.

  5. After you click OK, the new module is added to the selection menu.

The YaST modules for group and user administration embed templates with sensible standard values. To edit a template associated with a configuration module, proceed as follows:

  1. In the Module Configuration dialog, click Configure Template.

  2. Determine the values of the general attributes assigned to this template according to your needs or leave some of them empty. Empty attributes are deleted on the LDAP server.

  3. Modify, delete, or add new default values for new objects (user or group configuration objects in the LDAP tree).

Figure 26-9 YaST: Configuration of an Object Template

Connect the template to its module by setting the susedefaulttemplate attribute value of the module to the DN of the adapted template.

HINT: The default values for an attribute can be created from other attributes by using a variable instead of an absolute value. For example, when creating a new user, cn=%sn %givenName is created automatically from the attribute values for sn and givenName.

Once all modules and templates are configured correctly and ready to run, new groups and users can be registered in the usual way with YaST.

openSUSE 11.1 Reference Guide
Previous Page Home Next Page

 
 
  Published under the terms fo the GNU General Public License Design by Interspire