Configure LDAP Client2015/12/01

	Configure LDAP Client in order to share users' accounts in your local networks.
[1]	Install and Configure OpenLDAP Client.

www:~ #

zypper -n install openldap2-client sssd pam_ldap nss_ldap

www:~ #

mv /etc/sssd/sssd.conf /etc/sssd/sssd.conf.org

www:~ #

vi /etc/sssd/sssd.conf

# create new ( replace values for ldap_uri, ldap_search_base to your own env)

[domain/default]
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://dlp.srv.world
ldap_search_base = dc=srv,dc=world
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/certs
ldap_tls_reqcert = allow

[sssd]
config_file_version = 2
services = nss, pam
domains = default

[nss]
filter_users = root
filter_groups = root

www:~ #

chmod 600 /etc/sssd/sssd.conf

www:~ #

vi /etc/pam.d/common-account

# change like follows

account requisite       pam_unix.so     try_first_pass
account sufficient      pam_localuser.so
account required        pam_sss.so      use_first_pass

www:~ #

vi /etc/pam.d/common-auth

# change like follows

auth    required        pam_env.so
auth    optional        pam_gnome_keyring.so
auth    sufficient      pam_unix.so     try_first_pass
auth    required        pam_sss.so      use_first_pass

www:~ #

vi /etc/pam.d/common-password

# change like follows

password        requisite       pam_cracklib.so
password        optional        pam_gnome_keyring.so    use_authtok
password        sufficient      pam_unix.so     use_authtok nullok shadow try_first_pass
password        required        pam_sss.so      use_authtok

www:~ #

vi /etc/pam.d/common-session

# change like follows

session required        pam_limits.so
session required        pam_unix.so     try_first_pass
session optional        pam_sss.so
session optional        pam_umask.so
session optional        pam_systemd.so
session optional        pam_gnome_keyring.so    auto_start only_if=gdm,gdm-password,lxdm,lightdm
session optional        pam_env.so
session optional        pam_mkhomedir.so skel=/etc/skel umask=077

www:~ #

vi /etc/nsswitch.conf

# line 29: add

passwd: compat

sss

group: compat

sss

www:~ #

systemctl enable sssd nscd

www:~ #

reboot

Welcome to SUSE Linux Enterprise Server 12  (x86_64) - Kernel 3.12.48-52.27-default (ttyS0).

www login:

suse

# LDAP user

Password:

# password

suse@www:~>

# just logined

suse@www:~>

passwd

# try to change the LDAP password

Current Password:

# current password

New password:

# new password

Retype new password:
passwd: password updated successfully

Matched Content