OpenLDAP : LDAP クライアントの設定2021/09/02 |
LDAP サーバーのユーザーアカウント情報を共有できるように LDAP クライアントとして設定します。
|
|
[1] | LDAP クライアントの設定です。 |
root@node01:~#
apt -y install libnss-ldapd libpam-ldapd ldap-utils (1) LDAP サーバーの URI を指定 +---------------------| Configuring ldap-auth-config |----------------------+ | Please enter the URI of the LDAP server to use. This is a string in the | | form of ldap://<hostname or IP>:<port>/. ldaps:// or ldapi:// can also | | be used. The port number is optional. | | | | Note: It is usually a good idea to use an IP address because it reduces | | risks of failure in the event name service problems. | | | | LDAP server Uniform Resource Identifier: | | | | ldap://dlp.srv.world/_________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ (2) 識別名を指定 +---------------------| Configuring ldap-auth-config |----------------------+ | Please enter the distinguished name of the LDAP search base. Many sites | | use the components of their domain names for this purpose. For example, | | the domain "example.net" would use "dc=example,dc=net" as the | | distinguished name of the search base. | | | | Distinguished name of the search base: | | | | dc=srv,dc=world_______________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ (3) [nsswitch.conf] で LDAP を設定するサービスを選択 +-----------------------+ Configuring libnss-ldapd +------------------------+ | For this package to work, you need to modify the /etc/nsswitch.conf file | | to use the ldap datasource. | | | | You can select the services that should have LDAP lookups enabled. The | | new LDAP lookups will be added as the last datasource. Be sure to review | | these changes. | | | | Name services to configure: | | | | [*] passwd | | [*] group | | [*] shadow | | [ ] hosts | | [ ] networks | | | | | | <Ok> | | | +---------------------------------------------------------------------------+
root@node01:~#
vi /etc/pam.d/common-session # 必要があれば、最終行に追記 (ログイン時にホームディレクトリを自動作成) session optional pam_mkhomedir.so skel=/etc/skel umask=077 Debian GNU/Linux 11 node01.srv.world ttyS0 node01 login: bullseye # LDAP 登録ユーザー Password: Linux node01.srv.world 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Creating directory '/home/bullseye'. bullseye@node01:~$ # ログインできた # パスワード変更は通常通り bullseye@node01:~$ (current) LDAP Password: # 現在のパスワード New password: # 新しいパスワード Retype new password: passwd: password updated successfully bullseye@node01:~$ # 変更された |
Sponsored Link |