projects techreports press lab location staff
citi top.2 top.3
citi mid.3
bot.1 bot.2 bot.3

Projects: NFS Version 4 Open Source Reference Implementation

NFSv4 in a multi-realm environment

Setting up an LDAP client to use nss_ldap for name<->id mapping

These instructions assume you are starting with a complete installation of Fedora Core 2.

They also assume that your LDAP server has been populated with entries conforming to the NIS schema defined in RFC 2307.

  1. Verify you have the ldap client package installed. If not, install it:
    # yum list installed | grep ldap
    nss_ldap			i386	217-1		db
    openldap			i386	2.1.29-1		db
    openldap-clients		i386	2.1.29-1		db
    openldap-devel		i386	2.1.29-1	db
    openldap-servers	i386	2.1.29-1	db
  2. Set up the default ldap client parameters in /etc/openldap/ldap.conf as follows:
    % cat /etc/openldap/ldap.conf
    # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
    # LDAP Defaults
    # See ldap.conf(5) for details
    # This file should be world readable but not world writable.
    #BASE   dc=example, dc=com
    #URI    ldap:// ldap://
    #SIZELIMIT      12
    #TIMELIMIT      15
    #DEREF          never
    BASE dc=arbitrary,dc=domain,dc=org
  3. Modify /etc/nsswitch.conf to specify that passwd and/or group name<->id resolution should use ldap. Be careful to put ldap after files. Otherwise, access to the machine as root may be impaired!
    # Example:
    #passwd:    db files nisplus nis
    #shadow:    db files nisplus nis
    #group:     db files nisplus nis
    passwd:     files ldap
    shadow:     files
    group:      files ldap
    #hosts:     db files nisplus nis dns
    hosts:      files dns
  4. You'll want to make sure you are running the Name Service Caching Daemon (nscd) to cache ldap responses.
    # /etc/init.d/nscd start projects | techreports | press | lab | location | staff Email address
or call +1 734 763 2929
Copyright © 1996-2013
The Regents of the University of Michigan