LDAP
August 11, 2017 | Linux SecurityUCSC runs two directory services: Blue & Gold, on ldap-blue.ucsc.edu & ldap-gold.ucsc.edu respectively. The Blue directory service carries a lot of baggage. For example, here is my LDAP entry:
Particularly glaring is the attribute for homeDirectory: /afs/cats.ucsc.edu/users/t/shaw, which harkens back to the old happy days when AFS was popular and widely deployed! To use this legacy directory service for authentication on modern Linux, we need to map / overwrite the attributes, especially the homeDirectory attribute.
Fortunately, solutions are easy and varied.
1) I wrote an article in 2014, describing how to use an init shell script to overwrite the homeDirectory attribute and automatically create home directories.
2) If you use nss-pam-ldapd, you can use nslcd to map attributes. Add the following to /etc/nslcd.conf
:
3) If you use SSSD, you can use the override_homedir option. Add the following to /etc/sssd/sssd/conf
: