1. Install Open LDAP server in every location.
2. Configure replication:
In master LDAP server's slapd.conf:
replica uri=ldap://10.10.10.2:389
binddn="cn=admin,dc=example,dc=com"
bindmethod=simple credentials=SecretPassword
for every replica
in replca LDAP server's slapd.conf:
updatedn "cn=admin,dc=example,dc=com"
updateref ldap://10.10.10.1
Note, that updatedn must match binddn and must have read/write access to LDAP database. See Open LDAP documentation for details.
3. Compile TACACS+ with LDAP support. If you run Debian, simply run "apt-get install tac-plus". It's already compiled with LDAP support.
in tacacs.conf file put
default authentication = ldap "ldap://localhost:389/dc=example,dc=com"
and restart tacacs.
replace "dc=example,dc=com" with your BaseDN
You can use phpLDAPadmin to manage master LDAP server.
Now, if I want to add new user or change my password, I do it on master LDAP server.
For enable password create user $enab15$ in LDAP server. Beware, LDIF format treats dollar sign as line separator.
No comments:
Post a Comment