Openldap enabled TLS protocol

Need to change the following four configuration files:

vi /etc/openldap/ldap.conf

# add at the last line

# LDAP server's URI

URI ldap://

# specify Suffix

BASE dc=csdn,dc=net

TLS_CACERTDIR /etc/openldap/certs

vi /etc/nslcd.conf

# line 131: specify URI, Suffix

uri ldap://

base dc=csdn,dc=net

#ssl start_tls

tls_cacertdir /etc/openldap/certs

vi /etc/pam_ldap.conf

# line 17: make it comment

# host

# line 20: specify Suffix

base dc=csdn,dc=net

# add at the last line

uri ldap://

#ssl start_tls

tls_cacertdir /etc/openldap/certs

pam_password md5

#vi /etc/pam.d/system-auth

auth sufficient use_first_pass

account [default=bad success=ok user_unknown=ignore]

password sufficient use_authtok

session optional

# add if you need ( create home directory automatically if it's none )

session optional skel=/etc/skel umask=077

#vi /etc/nsswitch.conf

passwd: files ldap # line 33: add

shadow: files ldap # add

group: files ldap # add

netgroup: ldap # line 57: change

automount: files ldap # line 61: change


This place must use ldap,If is sss this setting is not successful

#vi /etc/sysconfig/authconfig

USELDAP= yes # line 18: change

set to run on startup:

#chkconfig nslcd on

#shutdown -r now