[SAC] [OSGeo] #2010: New Website allow LDAP integration and enable ssh login with LDAP
OSGeo
trac_osgeo at osgeo.org
Sat Oct 21 08:16:30 PDT 2017
#2010: New Website allow LDAP integration and enable ssh login with LDAP
---------------------------+--------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Website rebranding 2017
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+--------------------------------------
Comment (by martin):
# Avoid error messages upon login
{{{
root at osgeo:~# aptitude install locales-all
}}}
# Have the preferred LDAP subsystem
{{{
root at osgeo:~# aptitude install libpam-ldapd libnss-ldapd
}}}
# Purge deprecated configs
{{{
root at osgeo:~# dpkg -l | grep \^rc | awk '{print $2}' | cut -f 1 -d \: |
xargs dpkg --purge
}}}
# Purge local user
{{{
root at osgeo:~# grep -v \^martin /etc/passwd > Hallo && cat Hallo >
/etc/passwd
root at osgeo:~# grep -v \^martin /etc/shadow > Hallo && cat Hallo >
/etc/shadow
root at osgeo:~# rm -vf Hallo
}}}
# Purge cache and reload LDAP stuff
{{{
root at osgeo:~# /etc/init.d/nscd stop; rm -vf /var/cache/nscd/*;
/etc/init.d/nscd start
root at osgeo:~# /etc/init.d/nslcd restart
}}}
# Voila
{{{
root at osgeo:~# getent passwd martin
martin:x:10026:100:Martin Spott:/home/martin:/bin/tcsh
}}}
# Have a homedir and proper login shell
{{{
root at osgeo:~# cp -a /etc/skel /home/martin
root at osgeo:~# chown -R martin:100 /home/martin
root at osgeo:~# aptitude install tcsh
}}}
# Reduce authentication error log
{{{
root at osgeo:~# aptitude install fail2ban
}}}
BTW, using "*-ldapd libraries and nslcd makes /etc/ldap/ldap.conf obsolete
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2010#comment:10>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list