配置客户端
1、 修改 /etc/ldap.conf // 编辑好了,拷贝一份到 /etc/openldap 目录下,否则 ldapsearch 出错
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
# This file should be world readable but not world writable.
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
#TIMELIMIT 15
#DEREF never
host ***.***.13.2 # LDAP server IP address
base dc=cas,dc=cn
uri ldap://159.226.13.2/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
base dc=cas,dc=cn
uri ldap://159.226.13.2/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
2、 修改 /etc/nsswitch.conf
增加下列行:
passwd: files ldap
shadow: files ldap
group: files ldap
shadow: files ldap
group: files ldap
该文件的全部信息如下
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files ldap
shadow: files ldap
group: files ldap
shadow: files ldap
group: files ldap
#hosts: db files nisplus nis dns
hosts: files dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
compat/hesiod
aliases: files nisplus
compat/hesiod
3、修改/etc/pam.d/system-auth
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_ldap.so
account sufficient pam_ldap.so
account required pam_ldap.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password sufficient pam_unix.so nullok md5 shadow use_authtok
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
session required pam_limits.so
session required pam_unix.so
session optional pam_ldap.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_unix.so
session optional pam_ldap.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
4、 测试 # ldapsearch -x -b 'dc=cas,dc=cn'
下面由管理员完成
4、 编辑用户导入文件 user.ldif // 参考 zah.ldif
5、 导入用户文件 # ldapadd -x -D "cn=admin,dc=cas,dc=cn" -W -f user.ldif // 管理员admin 密码: ldappwd@sdc
4、 编辑用户导入文件 user.ldif // 参考 zah.ldif
5、 导入用户文件 # ldapadd -x -D "cn=admin,dc=cas,dc=cn" -W -f user.ldif // 管理员admin 密码: ldappwd@sdc