OpenLDAP : LDAP クライアントの設定2023/07/03 |
|
LDAP サーバーのユーザーアカウント情報を共有できるように LDAP クライアントとして設定します。
|
|
| [1] | LDAP クライアントの設定です。 |
|
root@node01:~#
apt -y install libnss-ldapd libpam-ldapd ldap-utils (1) LDAP サーバーの URI を指定 +---------------------| Configuring ldap-auth-config |----------------------+ | Please enter the URI of the LDAP server to use. This is a string in the | | form of ldap://<hostname or IP>:<port>/. ldaps:// or ldapi:// can also | | be used. The port number is optional. | | | | Note: It is usually a good idea to use an IP address because it reduces | | risks of failure in the event name service problems. | | | | LDAP server Uniform Resource Identifier: | | | | ldap://dlp.srv.world/_________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ (2) 識別名を指定 +---------------------| Configuring ldap-auth-config |----------------------+ | Please enter the distinguished name of the LDAP search base. Many sites | | use the components of their domain names for this purpose. For example, | | the domain "example.net" would use "dc=example,dc=net" as the | | distinguished name of the search base. | | | | Distinguished name of the search base: | | | | dc=srv,dc=world_______________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ (3) [nsswitch.conf] で LDAP を設定するサービスを選択 +-----------------------+ Configuring libnss-ldapd +------------------------+ | For this package to work, you need to modify the /etc/nsswitch.conf file | | to use the ldap datasource. | | | | You can select the services that should have LDAP lookups enabled. The | | new LDAP lookups will be added as the last datasource. Be sure to review | | these changes. | | | | Name services to configure: | | | | [*] passwd | | [*] group | | [*] shadow | | [ ] hosts | | [ ] networks | | | | | | <Ok> | | | +---------------------------------------------------------------------------+
root@node01:~#
vi /etc/pam.d/common-session # 必要があれば、最終行に追記 (ログイン時にホームディレクトリを自動作成) session optional pam_mkhomedir.so skel=/etc/skel umask=077 Debian GNU/Linux 12 node01.srv.world ttyS0 node01 login: bookworm # LDAP 登録ユーザー Password: Linux node01.srv.world 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Creating directory '/home/bookworm'. bookworm@node01:~$ # ログインできた # パスワード変更は通常通り bookworm@node01:~$ (current) LDAP Password: # 現在のパスワード New password: # 新しいパスワード Retype new password: passwd: password updated successfully bookworm@node01:~$ # 変更された |
| Sponsored Link |