Admin/SetupGuides/Move to hex

This document describes the steps taken to setup hex to take over from holly.

holly had the following functions:

First off, you need to install packages from apt

apt-get install ldap-utils libldap2 libnss-ldap  
libpam-ldap postfix-ldap slapd postfix postfix-ldap
postfix-pcre postfix-tls postgrey nscd uw-imapd ipopd procmail

LDAP

The password for the admin entry in the LDAP directory is the contents of ldap.secret on holly.

The distinguished name of the search base is dc=skynet,dc=ie. Use LDAP version 3

The distinguished name to bind to the server with the effective user ID is rootcn=accounts,dc=skynet,dc=ie

Repeat the contents of ldap.secret for the password libpam_ldap uses to try and login to the database.

nsswitch.conf

passwd:         files ldap
group:          files ldap
shadow:         files ldap

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

changes to make to /etc/libnss-ldap.conf (find the lines that start with the same thing and replace)

rootbinddn cn=accounts,dc=skynet,dc=ie

nss_base_passwd     ou=People,dc=skynet,dc=ie?one
nss_base_shadow     ou=People,dc=skynet,dc=ie?one
nss_base_group      ou=Group,dc=skynet,dc=ie?one
nss_base_hosts      ou=Hosts,dc=skynet,dc=ie?one
nss_base_services   ou=Services,dc=skynet,dc=ie?one
nss_base_networks   ou=Networks,dc=skynet,dc=ie?one
nss_base_protocols  ou=Protocols,dc=skynet,dc=ie?one
nss_base_rpc        ou=Rpc,dc=skynet,dc=ie?one
nss_base_ethers     ou=Ethers,dc=skynet,dc=ie?one
nss_base_netmasks   ou=Networks,dc=skynet,dc=ie?ne
nss_base_bootparams ou=Ethers,dc=skynet,dc=ie?one
nss_base_aliases    ou=Aliases,dc=skynet,dc=ie?one
nss_base_netgroup   ou=Netgroup,dc=skynet,dc=ie?one

And with /etc/ldap/slapd.conf. Delete:

include         /etc/ldap/schema/inetorgperson.schema

database        bdb

#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend         bdb
checkpoint 512 30

suffix          "dc=csn,dc=ul,dc=ie"

access to attribute=userPassword
        by dn="cn=admin,dc=csn,dc=ul,dc=ie" write
        by anonymous auth
        by self write
        by * none

access to *
        by dn="cn=admin,dc=csn,dc=ul,dc=ie" write
        by * read

Add/change:

database        ldbm
suffix          "dc=skynet,dc=ie"
rootdn          "cn=Accounts,dc=skynet,dc=ie"
rootpw          <type in contents of ldap.secret>

index uid pres,eq

moduleload      back_ldbm

access to attr=userPassword
        by self write
        by anonymous auth
        by dn="cn=Accounts,dc=skynet,dc=ie" write
        by * none
access to attr=loginShell
        by self write
        by dn="cn=Accounts,dc=skynet,dc=ie" write
        by * read
access to attr=gecos
        by self write
        by dn="cn=Accounts,dc=skynet,dc=ie" write
        by * read
access to *
        by dn="cn=Accounts,dc=skynet,dc=ie" write
        by * read

size 3000

For /etc/ldap.conf, add:

BASE dc=skynet,dc=ie
HOST 136.201.105.8
URI ldap://136.201.105.8
SASL_SECPROPS none

SIZELIMIT 0

Copy over /etc/ldap/schema/nis.schema

Copy over /var/lib/ldap/*

Start slapd (/etc/init.d/slapd start). If it works, finger someone.

Postfix

Copy across and edit (change IP addresses and check):

Check the above files.

PAM

auth    sufficient      pam_unix.so nullok_secure
auth    required        pam_ldap.so use_first_pass

last edited 2005-11-21 23:51:06 by 87