Replacing NIS with Kerberos and LDAP

Documentation

• HOWTO
• Samba and LDAP
• Presentation (given in February 2002) PowerPoint and HTML

Sample configuration files discussed in HOWTO

• kpropd.acl: Configuration file for Kerberos replication server
• dbprop: Script for propogating Kerberos database to replicas
• kadm5.acl: Access control file for Kerberos admin server
• kdc.conf: Configuration file for Kerberos servers
• krb5.conf: Configuration file for Kerberos systems (clients and servers)
• pam.conf-8: PAM configuration file for use on a Solaris 8 system using Sun's SEAM Kerberos client
• pam.conf-9: PAM configuration file for use on a Solaris 9 system using Sun's SEAM Kerberos client
• sample.ldif: LDIF file with examples of common UNIX entries
• slapd.conf: Configuration file for LDAP servers
• ldap.conf: Configuration file for PADL nss_ldap (and pam_ldap) on LDAP clients
• ldap_client_file-8: Configuration file for Solaris 8 nss_ldap on LDAP clients
• ldap_client_file-9: Configuration file for Solaris 9 nss_ldap on LDAP clients
• balance.init: Init script for balance load balancing daemon on LDAP servers
• balance_ecv: Script for monitoring servers in balance load balancing pool and telling balance to stop sending connections to servers which aren't serving up valid data
• ecv.init: Init script for ecv_loop
• ecv_loop: Wrapper script around balance_ecv. Runs balance_ecv every 2 minutes and sends email if balance_ecv reports and problems.
• ha.cf: Configuration file for heartbeat clustering daemon on LDAP servers
• haresources: Configuration file for heartbeat clustering daemon on LDAP servers
• system-auth: PAM configuration file for use on a Red Hat Linux system

LDAP tools

The versions ending in _nl use the Perl Net::LDAP module to communicate with the LDAP server. They require you to acquire several modules from CPAN in order for them to work. The versions that don't end in _nl use the OpenLDAP command line tools. Both require that the OpenLDAP config file in /etc/openldap/ldap.conf (or wherever it is on your system) be configured properly.

• ldapcat: Just like ypcat
• ldapcat_nl: Just like ldapcat
• ldapedit: Specify an ldapsearch filter, ldapedit pops the search results up in an editor, you make changes and exit, ldapedit submits changes back to LDAP server.
• ldapposixadd: Pops up a template for a new LDAP entry (user and group templates) in an editor, you make changes and exit, ldapposixadd submits new entry to LDAP server. (Needs a spiffier name...)
• ldiff: Back-end tool for ldapedit, might be useful for other purposes. Compares two LDIF files and prints out a diff in LDIF format, suitable for feeding to OpenLDAP's ldapmodify.