PAM LDAP在Linux Redhat 5和Solaris 10系统上的用户认证

                                     PAM LDAP在Linux Redhat 5和Solaris 10系统上的用户认证


每个系统都需要对用户进行认证Authentication和鉴权Authorization，用户集中管理只需要一份用户信息，简化了管理。通过PAM能够对不同的认证系统进行动态配置，如Radius，LDAP。


PAM LDAP on Linux Redhat5


1 Configure OpenLDAP

OpenLDAP is installed at /usr/local/, the LDAP server configuration file is /usr/local/etc/openldap/slapd.conf, and including the following setting which will be modified according the specific context.

 

#access control

access to * by * read

atabase        bdb

suffix          "dc=cisco,dc=com"

rootdn          "cn=root,dc=cisco,dc=com"

rootpw               Crdc%123

#if log is needed, and add “local4.* /var/log/ldap/ldap.log” into /etc/syslog.conf

loglevel any

 

LDAP client configuration file is etc/openldap/ldap.conf.

 

Then start LDAP server:

# /usr/local/libexec/slapd

 

2 Import user accounts

Create the ldif file to include all the user accounts information. One binding user is required to send binding request to LDAP before authentication start.

 

users.ldif :

 

dn: uid=testbind,dc=cisco,dc=com

uid: testbind

cn: testbind

sn: testbind

userPassword: testbind

uidNumber: 1104

gidNumber: 1100

homeDirectory: /home/testbind

loginShell: /bin/bash

objectClass: inetOrgPerson

objectClass: posixAccount

 

dn: uid=test,dc=cisco,dc=com

uid: test

cn: test

sn: test

userPassword: test

uidNumber: 1105

gidNumber: 1100

homeDirectory: /home/test

loginShell: /bin/bash

objectClass: inetOrgPerson

objectClass: posixAccount

 

….

 

Use the following command to add and search the user accounts:

 

#ldapadd -x -D "cn=root,dc=cisco,dc=com" -W -f users.ldif

#ldapsearch -x -D "cn=root,dc=cisco,dc=com" -W -b "cn=test,dc=cisco,dc=com"

#ldapdelete -x -D "cn=root,dc=cisco,dc=com" -W "ou=people,dc=cisco,dc=com"

 
<