Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 496 — #522
i
i
i
i
i
i
i
i
Figure 21.23: YaST OpenLDAP Server Configuration: New Database
Example 21.28: Adaptations in nsswitch.conf
passwd: compat
group: compat
passwd_compat: ldap
group_compat: ldap
These lines order the resolver library of glibc first to evaluate the cor-
responding files in /etc/ and additionally access the LDAP server as
sources for authentication and user data. Test this mechanism, for exam-
ple, by reading the content of the user database with the command getent
passwd. The returned set should contain a survey of the local users of your
system as well as all users stored on the LDAP server.
To prevent regular users managed through LDAP from logging in
to the server with ssh or login, the files /etc/passwd and /etc/
group each need to include an additional line. This is the line
+::::::/sbin/nologin in /etc/passwd and +::: in /etc/group.
496 21.8. LDAP — A Directory Service