Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up

License

NotificationsYou must be signed in to change notification settings

roghuchi/Openldap

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Installation

server side

configure FQDN hostname for your server

sudo nano /etc/hosts

192.168.56.111 ldap.example.com

sudo hostnamectl set-hostname ldap.example.com --static

Update Debian server

sudo apt  update -y
sudo apt  upgrade -y

Install OpenLDAP on Debian 11 / Debian 10 Linux

sudo apt  install slapd ldap-utils -y
sudo dpkg-reconfigure slapd

Answer these questions:

omit openldap server configuration? NoDNS domain name? example.comremove the database when slapd is purged? Nomove old database? Yes

check ldap configuration:

sudo slapcat

Add base dn for Users and Groups

nano basedn.ldif
dn: ou=people,dc=example,dc=com objectClass: organizationalUnitou: peopledn: ou=groups,dc=example,dc=comobjectClass: organizationalUnitou: groups

apply basedn.ldif

sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f basedn.ldif

Add User Accounts and Groups

Generate a password for the user account to add

sudo slappasswd

sample output:

New password:Re-enter new password:{SSHA}5D94oKzVyJYzkCq21LhXDZFNZpPQD9uE

Create ldif file for adding users

nano ldapusers.ldif
dn: uid=jmutai,ou=people,dc=example,dc=comobjectClass: inetOrgPersonobjectClass: posixAccountobjectClass: shadowAccountcn: Josphatsn: MutaiuserPassword: {SSHA}5D94oKzVyJYzkCq21LhXDZFNZpPQD9uEloginShell: /bin/bashhomeDirectory: /home/jmutaiuidNumber: 3000gidNumber: 300

apply ldapusers.ldif

sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f ldapusers.ldif

Create ldif file for adding group

nano ldapgroups.ldif
dn: cn=jmutai,ou=groups,dc=example,dc=comobjectClass: posixGroupcn: jmutaigidNumber: 3000memberUid: jmutai
sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f ldapgroups.ldif

Install LDAP Account Manager on Debian 11 / Debian 10

Download the latest release of ldap account manager deb package

wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_7.7-1_all.deb
sudo apt install -f ./ldap-account-manager_7.7-1_all.deb

Configure LDAP Account Manager on Debian 11 / Debian 10

check it on the web:

http://(server’s hostname or IP address)/lamhttp://192.168.56.111//lam

client side Debian

sudo apt update
sudo apt install libnss-ldap libpam-ldap ldap-utils

Answer these questions:

LDAP server URI ?

ldap://192.168.56.111/

Distinguished name of search base?

dc=example,dc=com

LDAP version to use?

3

LDAP account for root?

cn=admin,dc=example,dc=com

LDAP root account password?

admin password (smile)

Allow LDAP admin account to behave like local root?

Yes

Does the LDAP database require login?

No

LDAP administrative account?

cn=admin,dc=example,dc=com

LDAP administrative password?

admin password (smile)

First edit nsswitch : (/etc/nsswitch.conf)

passwd:            compat ldapgroup:             compat ldapshadow:            compat ldap

Then edit these files :

/etc/pam.d/common-account

account sufficient pam_unix.so

account required pam_ldap.so

/etc/pam.d/common-auth

auth sufficient pam_unix.so nullok_secureauth required pam_ldap.so use_first_passauth required pam_permit.so

/etc/pam.d/common-password

password sufficient pam_unix.so nullok obsecure md5password required pam_ldap.so

/etc/pam.d/common-session

session required pam_unix.sosession required pam_mkhomedir.so skel=/etc/skel umask=0022

Then restart nscd service

/etc/init.d/nscd restart

Run this command and select all parameters:

pam-auth-update --force

client side Centos

sudo yum update
sudo yum install  nss-pam-ldapd nscd openldap-clients -y

After install the packages you should run the following command for change configs:

authconfig-tui

in the next page you should enter ldap uri and base dn

also add these lines in this file:

sudo vi /etc/nslcd.conf

ldap_version 3binddn cn=admin,dc=example,dc=combindpw [admin password]

Then restart nscd service

service nslcd restart

Then add the line in this file for make home directory for the ldap users :

/etc/pam.d/sshd

session required pam_mkhomedir.so skel=/etc/skel umask=0022

Then restart sshd service

sudo service sshd restart

Commands

ldapsearch -x -D cn=admin,dc=test,dc=com -w [pass] -p 389 -h localhost
ldapadd -x -D cn=admin,dc=test,dc=com -w  [pass] -p 389 -h localhost -f sshPublicKey.ldif
ldapmodify -x -a -D cn=admin,dc=test,dc=com -w [pass] -p 389 -h localhost -f /etc/ldap/schema/ppolicy.ldif

LSC configuration

LSC Link

[8]ページ先頭
©2009-2025 Movatter.jp