Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 494 — #520
i
i
i
i
i
i
i
i
Figure 21.21: YaST OpenLDAP Server Configuration: Importing a Certificate
To edit a previously created database, select its base DN in the tree to the
left. In right part of the window, YaST displays a dialog similar to the one
used for the creation of a new database — with the main difference that
the base ID should not be changed so is grayed out (see Figure 21.24 on
page 497).
After leaving this dialog by selecting ‘Quit’, you are ready to go with a ba-
sic working configuration for your LDAP server. To fine-tune this setup,
edit the file /etc/openldap/slapd.conf accordingly then restart the
server.
21.8.6 The YaST LDAP Client
YaST includes a module to set up LDAP-based user management. If you
did not enable this feature during the installation, start the module by se-
lecting ‘Network Services’ ➝ ‘LDAP Client’. YaST automatically enables
any PAM and NSS related changes as required by LDAP (described below)
and installs the necessary files.
Standard Procedure
The processes acting in the background of a client machine must be known
to understand the workings of the YaST LDAP client module. If LDAP
is activated for network authentication or the YaST module is called, the
packages pam_ldap and nss_ldap are installed and the two correspond-
ing configuration files are adapted. pam_ldap is the PAM module respon-
sible for negotiation between login processes and the LDAP directory as
the source of authentication data. The dedicated module pam_ldap.so is
installed and the PAM configuration is adapted (see Example 21.27 on the
next page).
494 21.8. LDAP — A Directory Service