OpenLDAP : LDAP クライアントの設定2022/05/09 |
|
LDAP サーバーのユーザーアカウント情報を共有できるように LDAP クライアントとして設定します。
|
|
| [1] | LDAP クライアントの設定です。 |
|
root@node01:~#
apt -y install libnss-ldapd libpam-ldapd ldap-utils (1) LDAP サーバーの URI を指定 +---------------------| Configuring ldap-auth-config |----------------------+ | Please enter the URI of the LDAP server to use. This is a string in the | | form of ldap://<hostname or IP>:<port>/. ldaps:// or ldapi:// can also | | be used. The port number is optional. | | | | Note: It is usually a good idea to use an IP address because it reduces | | risks of failure in the event name service problems. | | | | LDAP server Uniform Resource Identifier: | | | | ldap://dlp.srv.world/_________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ (2) 識別名を指定 +---------------------| Configuring ldap-auth-config |----------------------+ | Please enter the distinguished name of the LDAP search base. Many sites | | use the components of their domain names for this purpose. For example, | | the domain "example.net" would use "dc=example,dc=net" as the | | distinguished name of the search base. | | | | Distinguished name of the search base: | | | | dc=srv,dc=world_______________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ (3) [nsswitch.conf] で LDAP を設定するサービスを選択 +-----------------------+ Configuring libnss-ldapd +------------------------+ | For this package to work, you need to modify the /etc/nsswitch.conf file | | to use the ldap datasource. | | | | You can select the services that should have LDAP lookups enabled. The | | new LDAP lookups will be added as the last datasource. Be sure to review | | these changes. | | | | Name services to configure: | | | | [*] passwd | | [*] group | | [*] shadow | | [ ] hosts | | [ ] networks | | | | | | <Ok> | | | +---------------------------------------------------------------------------+
root@node01:~#
vi /etc/pam.d/common-session # 必要があれば、最終行に追記 (ログイン時にホームディレクトリを自動作成) session optional pam_mkhomedir.so skel=/etc/skel umask=077 Ubuntu 22.04 LTS node01.srv.world ttyS0 node01 login: jammy # LDAP 登録ユーザー Password: Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-25-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage ..... ..... Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Creating directory '/home/jammy'. jammy@node01:~$ # ログインできた # パスワード変更は通常通り jammy@node01:~$ (current) LDAP Password: # 現在のパスワード New password: # 新しいパスワード Retype new password: passwd: password updated successfully jammy@node01:~$ # 変更された |
| Sponsored Link |