How do you use LDAP as an authentication mechanism with Exceed onDemand and PAM?

How do you use LDAP as an authentication mechanism with Exceed onDemand and PAM?

LAST MODIFIED DATE: August 29, 2007

VERSION: This applies to Exceed onDemand version 6.0

DISCUSSION:

The following are some information regarding the Exceed onDemand/PAM configuration using LDAP as a back-end authentication:

It is important to remember that Exceed onDemand does not communicate with LDAP. Exceed onDemand communicates with PAM and PAM communicates with LDAP. Therefore, once the LDAP environment is configured properly on the host, you need to have PAM properly configured as well.

From an Exceed onDemand point of view, the following is what you have to do in order to have Exceed onDemand working with LDAP\PAM:

On the Unix\Linux host where the Exceed onDemand Server is installed, under the /etc/pam.d folder, create a test file called exceedondemand with permissions: 644 and contents as follows:
auth required /lib/security/pam_securetty.so
account required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_ldap.so
On the Exceed onDemand server, change the Authentication from Native to Pam, to enable PAM. You can do this in two ways:
1. Using the Server Manager component of Exceed onDemand Server for Windows as follows:
  1. Connect to host with Server Manager.
  2. Select the hostname (Exceed onDemand server).
  3. Right click and choose Cluster Settings.
  4. Select PAM for Authentication Type.
  5. Save the changes and restart the Exceed onDemand Server.
2. Or make the following change directly on the Unix\Linux host where the Exceed onDemand Server is installed: