PamLdap configuration¶
- install ldap base packages
- integrate pam with LDAP via nslcd, nss-ldapd pam-ldapd.
Pillar sample:
makina-states.localsettings.ldap:
ldap_uri: ldap://ldap.foo.net/
ldap_base: dc=company,dc=org
ldap_passwd: ou=People,dc=company,dc=org?sub
ldap_shadow: ou=People,dc=company,dc=org?sub
ldap_group: ou=Group,dc=company,dc=org?sub
ldap_cacert: /etc/ssl/cacerts/cacert.pem
enabled: True
nslcd:
ssl: start_tls
Exposed settings:
makina-states.localsettings.ldap.enabled: true/false: activate pamldap wiring makina-states.localsettings.ldap.ldap_uri: ldaps://localhost:636/ makina-states.localsettings.ldap.ldap_base: dc=company,dc=org makina-states.localsettings.ldap.ldap_passwd: ou=People,dc=company,dc=org?sub makina-states.localsettings.ldap.ldap_shadow: ou=People,dc=company,dc=org?sub makina-states.localsettings.ldap.ldap_group: ou=Group,dc=company,dc=org?sub makina-states.localsettings.ldap.ldap_cacert: /etc/ssl/cacerts/cacert.pem (opt) makina-states.localsettings.ldap.nslcd.ldap_ver: None makina-states.localsettings.ldap.nslcd.scope: sub makina-states.localsettings.ldap.nslcd.user: nslcd makina-states.localsettings.ldap.nslcd.group: nslcd makina-states.localsettings.ldap.nslcd.ssl: start_tls, # ssl, off, start_tls makina-states.localsettings.ldap.nslcd.tls_reqcert: allow makina-states.localsettings.ldap.nslcd.tls_cacert: None makina-states.localsettings.ldap.nslcd.bind_dn: None makina-states.localsettings.ldap.nslcd.bind_pw: None makina-states.localsettings.ldap.nslcd.rootpwmoddn: None makina-states.localsettings.ldap.nslcd.rootpwmodpw: None makina-states.localsettings.ldap.nslcd.bind_timelimit: 30 makina-states.localsettings.ldap.nslcd.timelimit: 30 makina-states.localsettings.ldap.nslcd.idle_timelimit: 3600 makina-states.localsettings.ldap.nslcd.reconnect_sleeptime: 1 makina-states.localsettings.ldap.nslcd.reconnect_retrytime: 10