diff options
| author | Li-Wen Hsu <lwhsu@FreeBSD.org> | 2021-03-14 12:08:55 +0000 |
|---|---|---|
| committer | Li-Wen Hsu <lwhsu@FreeBSD.org> | 2021-03-14 12:08:55 +0000 |
| commit | a9a9e661059557e5bb6ab3e756e007b8e5d231ce (patch) | |
| tree | b4fba4f5b8c4f985ade395b460936a7447e8d499 /documentation/content/en/articles/ldap-auth/_index.adoc | |
| parent | 55c95407aa64d98cdd8edf18990d89e5b86db96c (diff) | |
Diffstat (limited to 'documentation/content/en/articles/ldap-auth/_index.adoc')
| -rw-r--r-- | documentation/content/en/articles/ldap-auth/_index.adoc | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/documentation/content/en/articles/ldap-auth/_index.adoc b/documentation/content/en/articles/ldap-auth/_index.adoc index 5f1ab43eb0..96d550c2f5 100644 --- a/documentation/content/en/articles/ldap-auth/_index.adoc +++ b/documentation/content/en/articles/ldap-auth/_index.adoc @@ -63,7 +63,7 @@ First, install OpenLDAP: [example] ==== -[source,bash] +[source,shell] .... # cd /usr/ports/net/openldap24-server # make install clean @@ -111,7 +111,7 @@ The [.filename]#cert.crt#, [.filename]#cert.key#, and [.filename]#cacert.crt# fi [example] ==== -[source,bash] +[source,shell] .... % openssl genrsa -out cert.key 1024 Generating RSA private key, 1024 bit long modulus @@ -133,7 +133,7 @@ Finally, the certificate signing request needs to be signed: [example] ==== -[source,bash] +[source,shell] .... % openssl x509 -req -in cert.csr -days 365 -signkey cert.key -out cert.crt Signature ok @@ -154,7 +154,7 @@ slapd_enable="YES" Then run `/usr/local/etc/rc.d/slapd start`. This should start OpenLDAP. Confirm that it is listening on 389 with -[source,bash] +[source,shell] .... % sockstat -4 -p 389 ldap slapd 3261 7 tcp4 *:389 *:* @@ -288,14 +288,14 @@ With this set, package:security/pam_ldap[] will search the entire LDAP directory Users whose shell is not in [.filename]#/etc/shells# will not be able to log in. This is particularly important when Bash is set as the user shell on the LDAP server. Bash is not included with a default installation of FreeBSD. When installed from a package or port, it is located at [.filename]#/usr/local/bin/bash#. Verify that the path to the shell on the server is set correctly: -[source,bash] +[source,shell] .... % getent passwd username .... There are two choices when the output shows `/bin/bash` in the last column. The first is to change the user's entry on the LDAP server to [.filename]#/usr/local/bin/bash#. The second option is to create a symlink on the LDAP client computer so Bash is found at the correct location: -[source,bash] +[source,shell] .... # ln -s /usr/local/bin/bash /bin/bash .... @@ -431,7 +431,7 @@ ldappasswd -D uid="$USER",ou=people,dc=example,dc=org \ This script does hardly any error checking, but more important it is very cavalier about how it stores your passwords. If you do anything like this, at least adjust the `security.bsd.see_other_uids` sysctl value: -[source,bash] +[source,shell] .... # sysctl security.bsd.see_other_uids=0 .... @@ -643,7 +643,7 @@ To create a certificate authority, we simply need a self-signed certificate and [example] ==== -[source,bash] +[source,shell] .... % openssl genrsa -out root.key 1024 % openssl req -new -key root.key -out root.csr @@ -668,7 +668,7 @@ To sign the key, use `-CA` and `-CAkey` instead of `-signkey`: [example] ==== -[source,bash] +[source,shell] .... % openssl x509 -req -days 1024 \ -in ldap-server-one.csr -CA root.crt -CAkey root.key \ |