On 06/26/2018 12:19 PM, malcolm moore wrote:
Are there any instructions for this anywhere ? I've been seaching and struggling now for several days and I can't work out how to do it. It can't be as difficult as i am making it
If you let dpkg-configure setup your LDAP server and/or NSS/PAM config (sssd, nss-pam-ldapd, etc.) you should probably ask the Debian folks what they're planning to do.
Be warned when using OS packages with too mighty config mechanims you might run into surprising update issues later (seen incidents on Debian and CentOS at my customers because of that). So personally I'm staying away from OS package configuration mechs as far as possible - own custom systemd unit files with additional hardening options - disabled standard service name - static monolithic slapd.conf generated by config management - etc.
Also Debian folks link OpenLDAP against GnuTLS instead of OpenSSL leading to its own set of issues. Therefore I'd recommend to use the LTB builds if you don't want to build from source yourself.
Ciao, Michael.