Difference between revisions of "OpenLDAP client configuration"
m |
m |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[LDAP servers]] > [[OpenLDAP client configuration|Client configuration]] | |||
=Configuring thunderbird to use LDAP address book= | |||
We can use following values to create LDAP address book in thunderbird that uses | We can use following values to create LDAP address book in thunderbird that uses Rekall ldap server: | ||
*Name: | *Name: REKALL LDAP | ||
*Hostname: ldap. | *Hostname: ldap.sbarjatiya.com | ||
*Base DN: dc= | *Base DN: dc=sbarjatiya,dc=com | ||
*Port number=389 | *Port number=389 | ||
*Bind DN: <leave blank> | *Bind DN: <leave blank> | ||
| Line 13: | Line 12: | ||
=Configuring host to use ldap for host resolution= | |||
To configure an machine to do host resolution using ldap server use following steps: | To configure an machine to do host resolution using ldap server use following steps: | ||
| Line 26: | Line 25: | ||
=Troubleshooting= | =Troubleshooting= | ||
==ls -l too slow== | |||
When one uses 'ls -l' on ldap clients then client has to contact ldap server to convert numeric UIDs and GIDs to corresponding usernames and group names as this information is not available in /etc/passwd or /etc/groups. This causes commands like 'ls -l' to become very slow. This is same as slowing of 'iptables -L' or 'route -a' while trying to do reverse lookup. | When one uses 'ls -l' on ldap clients then client has to contact ldap server to convert numeric UIDs and GIDs to corresponding usernames and group names as this information is not available in /etc/passwd or /etc/groups. This causes commands like 'ls -l' to become very slow. This is same as slowing of 'iptables -L' or 'route -a' while trying to do reverse lookup. | ||
| Line 34: | Line 33: | ||
==Server hangs during booting at udev== | |||
Some times ldap clients hang while booting at udev. Since network services are not started before udev, the client cant contact ldap server. For some reason even though it is impossible for ldap client to connect to ldap before network service is started, it tries to contact ldap server during boot. Also default configuration for ldap clients is '<tt>bind_policy hard</tt>' which causes server to keep trying with exponential back off and retry connecting to ldap server. This leads to server getting hanged during boot. | Some times ldap clients hang while booting at udev. Since network services are not started before udev, the client cant contact ldap server. For some reason even though it is impossible for ldap client to connect to ldap before network service is started, it tries to contact ldap server during boot. Also default configuration for ldap clients is '<tt>bind_policy hard</tt>' which causes server to keep trying with exponential back off and retry connecting to ldap server. This leads to server getting hanged during boot. | ||
| Line 46: | Line 45: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[LDAP servers]] > [[OpenLDAP client configuration|Client configuration]] | |||
Latest revision as of 15:32, 13 March 2022
Home > CentOS > CentOS 6.x > LDAP servers > Client configuration
Configuring thunderbird to use LDAP address book
We can use following values to create LDAP address book in thunderbird that uses Rekall ldap server:
- Name: REKALL LDAP
- Hostname: ldap.sbarjatiya.com
- Base DN: dc=sbarjatiya,dc=com
- Port number=389
- Bind DN: <leave blank>
Configuring host to use ldap for host resolution
To configure an machine to do host resolution using ldap server use following steps:
- Install 'nss-pam-ldapd' packages
- Edit '/etc/nslcd.conf' and correct 'base' and 'uri' settings mentioned at end of configuration file
- Start 'nslcd' service, optionally enable it to run on start-up
- Edit '/etc/nssswitch.conf' and add ldap in hosts: line at end. Ensure to add it at end so that if ldap host is domain-name in nslcd.conf, then DNS or hosts file can be used to resolve it so that ldap server can be contacted for further resolution
- Try 'getent hosts' to check settings.
Troubleshooting
ls -l too slow
When one uses 'ls -l' on ldap clients then client has to contact ldap server to convert numeric UIDs and GIDs to corresponding usernames and group names as this information is not available in /etc/passwd or /etc/groups. This causes commands like 'ls -l' to become very slow. This is same as slowing of 'iptables -L' or 'route -a' while trying to do reverse lookup.
Hence, we should install and enable daemon called nscd (name service cache daemon). This helps in caching information provided by ldap/nis etc. servers and hence speeds up commands like 'ls -l'.
Server hangs during booting at udev
Some times ldap clients hang while booting at udev. Since network services are not started before udev, the client cant contact ldap server. For some reason even though it is impossible for ldap client to connect to ldap before network service is started, it tries to contact ldap server during boot. Also default configuration for ldap clients is 'bind_policy hard' which causes server to keep trying with exponential back off and retry connecting to ldap server. This leads to server getting hanged during boot.
To solve this problem we can edit '/etc/ldap.conf' file and change 'bind_policy' to soft as:
bind_policy soft
This solves the problem of ldap clients hanging during boot.
Home > CentOS > CentOS 6.x > LDAP servers > Client configuration
