[CentOS] Howto for LDAP authentication with replication

Sat Jan 12 15:11:43 UTC 2008
Sean Carolan <scarolan at gmail.com>

> sure, I use webmin's LDAP Users and Groups module on every network
> server that I maintain. It's perfect for my needs.

Yes, this is exactly what I'm trying to do.  It would be perfect for our 
needs too.

> The first question that occurs to me is if you did all that. When you do
> 'getent passwd' does each user in LDAP show up? Remember that if you
> still have a user in /etc/passwd and in LDAP (which would be a fatal
> setup), they would actually appear twice.

Yep, each user shows up one time when I run 'getent passwd'.  I'm 
thinking that perhaps there is a problem in my /etc/ldap.conf since this 
is what it appears webmin is using to bind to the LDAP server.  Here's a 
copy of that file if it's any help.

> #host 127.0.0.1
> #base dc=domain,dc=com
> 
> suffix          "dc=domain,dc=com"
> #rootbinddn     "cn=Admin,dc=domain,dc=com"
> 
> uri ldap://127.0.0.1/
> pam_password exop
> 
> ldap_version 3
> pam_filter objectclass=posixAccount
> pam_login_attribute uid
> pam_member_attribute memberuid
> nss_base_passwd ou=People,dc=domain,dc=com
> nss_base_shadow ou=People,dc=domain,dc=com
> nss_base_group  ou=Group,dc=domain,dc=com
> nss_base_hosts  ou=Hosts,dc=domain,dc=com
> 
> scope one