Ubuntu
|
1
2
3
4
|
sudo
apt-get
install
ldap-auth-client nscd
#按提示输入相关 ldap服务器信息
sudo
auth-client-config -t nss -p lac_ldap
getent
passwd
#即可看见全部账号
|
linux下面改密码 self-service-password
'================
https://help.ubuntu.com/community/LDAPClientAuthentication
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
#!/bin/bash
#--------------------------------------------------------------------------------
#Ldap server地址及base DN
LDAP_SERVER_IP=192.168.1.100
BASE_DN=
'dc=my,dc=com,dc=cn'
#--------------------------------------------------------------------------------
#创建preseed文件-软件安装自应答
touch
debconf-ldap-preseed.txt
echo
"ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://$LDAP_SERVER_IP"
>> debconf-ldap-preseed.txt
echo
"ldap-auth-config ldap-auth-config/ldapns/base-dn string $BASE_DN"
>> debconf-ldap-preseed.txt
echo
"ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3"
>> debconf-ldap-preseed.txt
echo
"ldap-auth-config ldap-auth-config/dbrootlogin boolean false"
>> debconf-ldap-preseed.txt
echo
"ldap-auth-config ldap-auth-config/dblogin boolean false"
>> debconf-ldap-preseed.txt
echo
"nslcd nslcd/ldap-uris string ldap://$LDAP_SERVER_IP"
>> debconf-ldap-preseed.txt
echo
"nslcd nslcd/ldap-base string $BASE_DN"
>> debconf-ldap-preseed.txt
cat
debconf-ldap-preseed.txt | debconf-
set
-selections
#安装ldap client相关软件
apt-get
install
-y ldap-utils libpam-ldap libnss-ldap nslcd slapd
#认证方式中添加ldap
auth-client-config -t nss -p lac_ldap
#认证登录后自动创建用户家目录
echo
"session required pam_mkhomedir.so skel=/etc/skel umask=0022"
>>
/etc/pam
.d
/common-session
#自启动服务
update-rc.d nslcd
enable
#可以在Host上通过passwd更改用户密码
cp
/etc/pam
.d
/common-password
/etc/pam
.d
/common-password
.bak
sed
-i
's/use_authtok//'
/etc/pam
.d
/common-password
#使配置生效
/etc/init
.d
/nscd
restart
|
CentOS nscd:
|
1
2
3
4
|
yum
install
-y openldap-clients nss-pam-ldapd
authconfig --enableforcelegacy --update
authconfig --enableldap --enableldapauth --ldapserver=
"ldap.test.net"
--ldapbasedn=
"dc=test,dc=net"
--update
|
CentOS sssd:
|
1
2
3
4
5
6
7
|
yum
install
-y sssd
authconfig --enableldap --enableldapauth --ldapserver=
"ldap.test.net"
--ldapbasedn=
"dc=test,dc=net"
--update
# sssd 使用LDAP据说要使用TLS,未测试.
# copy certificate into the /etc/openldap/cacerts directory:
/etc/openldap/cacerts/cert
.pem
authconfig --enableldaptls --update
|
测试:
|
1
|
getent
passwd
sync
.linux
|
本文转自 nonono11 51CTO博客,原文链接:http://blog.51cto.com/abian/1265170,如需转载请自行联系原作者
