Configure SLES 11 LDAP client without Yast


I need to figure out how to configure a SLES 11 installation to authenticate via LDAP without using any interactive tools,
it is going to be handled by CFengine.
The ldap.conf and nsswitch.conf is already taken care of, but it is not enough, I guess the Yast LDAP module does
something with PAM as well.

Can anyone point me to what more needs to be done, I suspect that pam-config can be what I´m looking for, but I don´t know
how to use it.

Random idea:

Have you considered setting up a test box via Yast and seeing what is
changed by the installation? I’d guess 99.9% of changes are in /etc so
copying and then comparing old/new should be pretty easy.

I’d check /etc/pam.d for changes specifically, based on what you’re
written so far.

Good luck.

Once you get the ldap.conf and nsswitch.conf right, you have to configure pam like this:

password requisite nullok cracklib
password sufficient use_authtok nullok
password required try_first_pass use_authtok

auth required
auth sufficient
auth required use_first_pass

account requisite
account sufficient
account required use_first_pass

session required
session required
session optional
session optional

Be careful, if you screw up “these files” you may not be able to log in, so keep a root shell logged in and test on another console.

Best regards