Task #4842
closed
Make the ldap configuration on rstudio(-dev).d4science.org point to ldap.d4science.org
100%
Description
I changed /etc/ldap.conf but the services use nslcd. I tried to reconfigure it, but the connection to the ldap server fails.
Also need to automate all the ldap pam configuration, that spans from /etc/pam.d/* to /etc/nsswitch.conf
Related issues
Updated by Andrea Dell'Amico almost 9 years ago
A reference to a workaround for a problem that affects ubuntu 14.04: https://www.benjaminfleckenstein.name/en/pam-auth-update-automatisation-workaround.html
Updated by Andrea Dell'Amico almost 9 years ago
- Blocks Task #4865: Installing data analysis machine to develop prototypes added
Updated by Andrea Dell'Amico almost 9 years ago
- Status changed from New to In Progress
- Assignee changed from _InfraScience Systems Engineer to Andrea Dell'Amico
Updated by Andrea Dell'Amico over 8 years ago
- Blocks deleted (Task #4865: Installing data analysis machine to develop prototypes)
Updated by Andrea Dell'Amico over 8 years ago
- Related to Task #4865: Installing data analysis machine to develop prototypes added
Updated by Andrea Dell'Amico over 8 years ago
The ldap authentication against the new ldap server is working correctly on dataminer1-prototype, see #4865.
Let me know when I can change the ldap configuration on the rstudio servers. 30/60 minutes of service unavailability are to be expected.
Updated by Andrea Dell'Amico over 8 years ago
- % Done changed from 0 to 90
rstudio-dev was also migrated. The rstudio ldap configuration was changed, at the next reboot it will be effective.
Updated by Andrea Dell'Amico over 8 years ago
- Status changed from In Progress to Feedback
- % Done changed from 90 to 100
rstudio.d4science.org is now authenticating against ldap.d4science.org. While rstudio-dev.d4science.org is authenticating against ldap-d.d4science.org
Updated by Andrea Dell'Amico over 8 years ago
As I wrote by email, I don't know why the r-connector script that adds users creates local users if they're not available via ldap.
If the portal is the only way to access the rstudio services should be better to not add local users at all and rely on the ldap authentication only.
Now the users situation is mixed up: some are local, some are ldap only.
Cleaning up is possible: it's a matter of removing the local users and changing the ownership of their home directories to the ldap userid. And restarting the rstudio service, after that.
Updated by Andrea Dell'Amico over 8 years ago
I cleaned up all the local users. Now all the users authenticate against ldap.
Updated by Andrea Dell'Amico over 8 years ago
- Status changed from Feedback to Closed
