Home‎ > ‎Server config‎ > ‎

LDAP legacy client setup

Sometimes you run a legacy, non-TLS LDAP server, and have to authenticate modern Linux clients against it. This is a serious problem. Everybody wants to force you to use certificates and TLS. Not always feasible.

Links:

https://forums.opensuse.org/showthread.php/478283-How-Do-I-Disable-TLS-for-LDAP/page2

Method (must add complete procedure):

Install nss-pam-ldapd pam_krb5

Edit /etc/sysconfig/authconfig:

FORCELEGACY=yes

Install nss_ldap and pam_ldap

Edit nsswitch.conf, ldap.conf (all of them)

Restart client or services.