OpenLDAP client configuration

From Notes_Wiki
Revision as of 18:13, 17 August 2018 by Saurabh (talk | contribs)

<yambe:breadcrumb self="Client configuration">LDAP servers|LDAP servers</yambe:breadcrumb>

ldap client configuration

Configuring thunderbird to use LDAP address book

We can use following values to create LDAP address book in thunderbird that uses IIIT ldap server:

  • Name: IIIT LDAP
  • Hostname: ldap.iiit.ac.in
  • Base DN: dc=iiit,dc=ac,dc=in
  • Port number=389
  • Bind DN: <leave blank>


Configuring host to use ldap for host resolution

To configure an machine to do host resolution using ldap server use following steps:

  1. Install 'nss-pam-ldapd' packages
  2. Edit '/etc/nslcd.conf' and correct 'base' and 'uri' settings mentioned at end of configuration file
  3. Start 'nslcd' service, optionally enable it to run on start-up
  4. Edit '/etc/nssswitch.conf' and add ldap in hosts: line at end. Ensure to add it at end so that if ldap host is domain-name in nslcd.conf, then DNS or hosts file can be used to resolve it so that ldap server can be contacted for further resolution
  5. Try 'getent hosts' to check settings.


Troubleshooting

ls -l too slow

When one uses 'ls -l' on ldap clients then client has to contact ldap server to convert numeric UIDs and GIDs to corresponding usernames and group names as this information is not available in /etc/passwd or /etc/groups. This causes commands like 'ls -l' to become very slow. This is same as slowing of 'iptables -L' or 'route -a' while trying to do reverse lookup.

Hence, we should install and enable daemon called nscd (name service cache daemon). This helps in caching information provided by ldap/nis etc. servers and hence speeds up commands like 'ls -l'.


Server hangs during booting at udev

Some times ldap clients hang while booting at udev. Since network services are not started before udev, the client cant contact ldap server. For some reason even though it is impossible for ldap client to connect to ldap before network service is started, it tries to contact ldap server during boot. Also default configuration for ldap clients is 'bind_policy hard' which causes server to keep trying with exponential back off and retry connecting to ldap server. This leads to server getting hanged during boot.

To solve this problem we can edit '/etc/ldap.conf' file and change 'bind_policy' to soft as:

bind_policy soft

This solves the problem of ldap clients hanging during boot.



<yambe:breadcrumb self="Client configuration">LDAP servers|LDAP servers</yambe:breadcrumb>