SLES 12
Sponsored Link

Configure LDAP Client
2015/12/01
 
Configure LDAP Client in order to share users' accounts in your local networks.
[1] Install and Configure OpenLDAP Client.
www:~ #
zypper -n install openldap2-client sssd pam_ldap nss_ldap
www:~ #
mv /etc/sssd/sssd.conf /etc/sssd/sssd.conf.org

www:~ #
vi /etc/sssd/sssd.conf
# create new ( replace values for ldap_uri, ldap_search_base to your own env)

[domain/default]
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://dlp.srv.world
ldap_search_base = dc=srv,dc=world
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/certs
ldap_tls_reqcert = allow

[sssd]
config_file_version = 2
services = nss, pam
domains = default

[nss]
filter_users = root
filter_groups = root

www:~ #
chmod 600 /etc/sssd/sssd.conf

www:~ #
vi /etc/pam.d/common-account
# change like follows

account requisite       pam_unix.so     try_first_pass
account sufficient      pam_localuser.so
account required        pam_sss.so      use_first_pass

www:~ #
vi /etc/pam.d/common-auth
# change like follows

auth    required        pam_env.so
auth    optional        pam_gnome_keyring.so
auth    sufficient      pam_unix.so     try_first_pass
auth    required        pam_sss.so      use_first_pass

www:~ #
vi /etc/pam.d/common-password
# change like follows

password        requisite       pam_cracklib.so
password        optional        pam_gnome_keyring.so    use_authtok
password        sufficient      pam_unix.so     use_authtok nullok shadow try_first_pass
password        required        pam_sss.so      use_authtok

www:~ #
vi /etc/pam.d/common-session
# change like follows

session required        pam_limits.so
session required        pam_unix.so     try_first_pass
session optional        pam_sss.so
session optional        pam_umask.so
session optional        pam_systemd.so
session optional        pam_gnome_keyring.so    auto_start only_if=gdm,gdm-password,lxdm,lightdm
session optional        pam_env.so
session optional        pam_mkhomedir.so skel=/etc/skel umask=077

www:~ #
vi /etc/nsswitch.conf
# line 29: add

passwd: compat
sss

group: compat
sss
www:~ #
systemctl enable sssd nscd

www:~ #
Welcome to SUSE Linux Enterprise Server 12  (x86_64) - Kernel 3.12.48-52.27-default (ttyS0).

www login:
suse
# LDAP user

Password:
# password

suse@www:~>
# just logined
suse@www:~>
# try to change the LDAP password

Current Password:
# current password

New password:
# new password

Retype new password:
passwd: password updated successfully
Matched Content