OpenLDAP : Configure LDAP Client2023/07/03 |
Configure LDAP Client in order to share user accounts in your local networks.
|
|
[1] | Configure LDAP Client. |
root@node01:~#
apt -y install libnss-ldapd libpam-ldapd ldap-utils (1) specify LDAP server's URI +---------------------| Configuring ldap-auth-config |----------------------+ | Please enter the URI of the LDAP server to use. This is a string in the | | form of ldap://<hostname or IP>:<port>/. ldaps:// or ldapi:// can also | | be used. The port number is optional. | | | | Note: It is usually a good idea to use an IP address because it reduces | | risks of failure in the event name service problems. | | | | LDAP server Uniform Resource Identifier: | | | | ldap://dlp.srv.world/_________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ (2) specify suffix +---------------------| Configuring ldap-auth-config |----------------------+ | Please enter the distinguished name of the LDAP search base. Many sites | | use the components of their domain names for this purpose. For example, | | the domain "example.net" would use "dc=example,dc=net" as the | | distinguished name of the search base. | | | | Distinguished name of the search base: | | | | dc=srv,dc=world_______________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ (3) select services that should have LDAP lookups enabled +-----------------------+ Configuring libnss-ldapd +------------------------+ | For this package to work, you need to modify the /etc/nsswitch.conf file | | to use the ldap datasource. | | | | You can select the services that should have LDAP lookups enabled. The | | new LDAP lookups will be added as the last datasource. Be sure to review | | these changes. | | | | Name services to configure: | | | | [*] passwd | | [*] group | | [*] shadow | | [ ] hosts | | [ ] networks | | | | | | <Ok> | | | +---------------------------------------------------------------------------+
root@node01:~#
vi /etc/pam.d/common-session # add to the end if need (create home directory automatically at initial login) session optional pam_mkhomedir.so skel=/etc/skel umask=077 Debian GNU/Linux 12 node01.srv.world ttyS0 node01 login: bookworm # LDAP user Password: Linux node01.srv.world 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Creating directory '/home/bookworm'. bookworm@node01:~$ # logined # changing password is like follows bookworm@node01:~$ (current) LDAP Password: # current password New password: # new one Retype new password: passwd: password updated successfully bookworm@node01:~$ # changed |
Sponsored Link |