ldapadd -h localhost -D "cn=root,$SUFFIX" -w admin -x -f passwd.ldif
</div>
==Setup LDAP client on the HDA==
<div style="text-align: left; border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">
sed --in-place -e "s/#host 127.0.0.1/host hda.home.com/" /etc/ldap.conf<br/>
sed --in-place -e "s/base dc=example,dc=com/base $SUFFIX/" /etc/ldap.conf<br/>
sed --in-place -e "s/#rootbinddn cn=manager,dc=example,dc=com/rootbinddn cn=root,$SUFFIX/" /etc/ldap.conf<br/>
sed --in-place -e "s/#scope one/scope one/" /etc/ldap.conf<br/>
sed --in-place -e "s/#pam_filter objectclass=account/pam_filter objectclass=posixaccount/" /etc/ldap.conf<br/>
sed --in-place -e "s/#pam_login_attribute uid/pam_login_attribute uid/" /etc/ldap.conf<br/>
sed --in-place -e "s/#pam_member_attribute uniquemember/pam_member_attribute gid/" /etc/ldap.conf<br/>
sed --in-place -e "s/#nss_base_passwd.*ou=People,dc=example,dc=com.*/nss_base_passwd ou=People,$SUFFIX?one/" /etc/ldap.conf<br/>
sed --in-place -e "s/#nss_base_shadow.*ou=People,dc=example,dc=com.*/nss_base_shadow ou=People,$SUFFIX?one/" /etc/ldap.conf<br/>
sed --in-place -e "s/#nss_base_group.*ou=Group,dc=example,dc=com.*/nss_base_group ou=Group,$SUFFIX?one/" /etc/ldap.conf<br/>
sed --in-place -e "s/#nss_base_hosts.*ou=Hosts,dc=example,dc=com.*/nss_base_hosts ou=Hosts,$SUFFIX?one/" /etc/ldap.conf<br/>
sed --in-place -e "s/#pam_check_service_attr yes/pam_check_service_attr yes/" /etc/ldap.conf
echo admin > /etc/ldap.secret<br/>
chown root:root /etc/ldap.secret<br/>
chmod 600 /etc/ldap.secret
sed --in-place -e "s/^passwd:.*/passwd: files ldap/" /etc/nsswitch.conf<br/>
sed --in-place -e "s/^shadow:.*/shadow: files ldap/" /etc/nsswitch.conf<br/>
sed --in-place -e "s/^hosts:.*/hosts: files ldap dns mdns/" /etc/nsswitch.conf
</div>
==Change a LDAP user to use authorizedService==
For a specific user to be authorized or not on specific services, you need to add an objectClass to it's LDAP object, like this:
<div style="text-align: left; border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">
cat > authorizedService.ldif <<'EOF'<br/>
dn: uid=some_user,ou=People,dc=home,dc=com
changetype: modify
add: objectclass
objectclass: authorizedServiceObject
EOF<br/>
ldapadd -h localhost -D "cn=root,$SUFFIX" -w admin -x -f authorizedService.ldif
</div>
Replace '''uid=some_user''' with the Linux username you want to modify.
==Allow a user SSH access==
<div style="text-align: left; border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">
cat > give_ssh_access.ldif <<'EOF'<br/>
dn: uid=some_user,ou=People,dc=home,dc=com
changetype: modify
add: authorizedService
authorizedService: sshd
EOF<br/>
ldapadd -h localhost -D "cn=root,$SUFFIX" -w admin -x -f give_ssh_access.ldif
</div>
Replace '''uid=some_user''' with the Linux username you want to modify.