OpenLDAP : Configure LDAP Client (AD)2019/02/27 |
|
Configure LDAP Client for the case LDAP Server is Windows Active Directory.
|
|
| [1] | |
| [2] | Install OpenLDAP Client. |
|
[root@www ~]#
yum -y install openldap-clients nss-pam-ldapd # ldapserver=(Active Directory's hostname or IP address) # ldapbasedn="dc=(AD's Suffix)" [root@www ~]# authconfig --enableldap \
--enableldapauth \ --ldapserver=fd3s.srv.world \ --ldapbasedn="dc=srv,dc=world" \ --enablemkhomedir \ --update
[root@www ~]#
vi /etc/nslcd.conf # line 29: add a user's Suffix (the user is for connection user of AD and Linux, you added in [1] section)
binddn cn=ldapusers,cn=Users,dc=srv,dc=world
# line 34: add the password of a user above
bindpw password
# line 107-117: uncomment all # Mappings for Active Directory pagesize 1000 referrals off idle_timelimit 800 filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) map passwd uid sAMAccountName map passwd homeDirectory unixHomeDirectory map passwd gecos displayName filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) map shadow uid sAMAccountName map shadow shadowLastChange pwdLastSet filter group (objectClass=group)
[root@www ~]#
systemctl restart nslcd
# verify with an user you added in [1] section on AD [root@www ~]# id Serverworld uid=5000(Serverworld) gid=100(users) groups=100(users) # login to localhost with the user [root@www ~]# ssh Serverworld@localhost The authenticity of host 'localhost (::1)' can't be established. ECDSA key fingerprint is SHA256:FJ60H2JS8pafTcugLCIAs8Vw3LkGN5lXYJ+ehrHCYmw. ECDSA key fingerprint is MD5:25:fe:3d:55:e1:29:fb:f1:a9:2b:53:d6:22:06:7e:83. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. Serverworld@localhost's password: Creating directory '/home/Serverworld'. [Serverworld@www ~]$ [Serverworld@www ~]$ id uid=5000(Serverworld) gid=100(users) groups=100(users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 |
| Sponsored Link |