The Penrose Project

• Overview
  • News
  • FAQ
  • Features
  • Licenses
  • Download
  • Demo
• Documentation
  • Quick Start
  • Version 1.2 (in development)
    • Complete
    • Server User Guide
    • Studio User Guide
    • Developer Guide
    • Embedding Penrose
    • Javadoc
  • Version 1.1 (stable)
    • Complete
    • Server User Guide
    • Studio User Guide
    • Developer Guide
    • Embedding Penrose
    • Javadoc
  • Use Cases
  • Community Wiki
• Developer
  • Nightly Builds
  • Code Repository
  • Road Map
  • Change Log
  • Project Management
• Support
  • WebChat
  • Forum & List
  • Bug/Feature Tracker
  • Team
  • Contact

NSS LDAP

Introduction

Penrose can be used as the name service for Linux machines using NSS LDAP (nss_ldap). See Naming Service for Linux.

Installing NSS LDAP

Some system comes with NSS LDAP installed already. If your system doesn't have it already, you need to download and install the binaries.

Red Hat:

yum install nss_ldap

Debian:

apt-get install libnss-ldap

Alternatively, you can build from the source code:

./configure
make
make install

Configuring NSS LDAP

The NSS LDAP can be configured in /etc/nsswitch.conf.

For users and groups information (including authentication), you need to add "ldap" to the following databases:

passwd:     files ldap
group:      files ldap

Note that for authentication, NSS LDAP will retrieve password from Penrose and then perform the authentication locally. This behaviour is sometimes undesirable because of security concerns. You can avoid this problem by adding PAM LDAP. Instead of retrieving the password, PAM LDAP will execute a bind operation against Penrose. See PAM LDAP.

There are other databases too that you can configure as needed:

hosts:      files dns ldap

ethers:     files ldap
netmasks:   files ldap
networks:   files ldap
protocols:  files ldap
rpc:        files ldap
services:   files ldap

netgroup:   files ldap

References

• NSS LDAP
• RFC 2307
• RFC 2307bis