Sponsored Link

Configure LDAP Client2015/12/01

Configure LDAP Client in order to share users' accounts in your local networks.
[1] Install and Configure OpenLDAP Client.
www:~ #
zypper -n install openldap2-client sssd pam_ldap nss_ldap
www:~ #
mv /etc/sssd/sssd.conf /etc/sssd/

www:~ #
vi /etc/sssd/sssd.conf
# create new ( replace values for ldap_uri, ldap_search_base to your own env)

id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://
ldap_search_base = dc=srv,dc=world
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/certs
ldap_tls_reqcert = allow

config_file_version = 2
services = nss, pam
domains = default

filter_users = root
filter_groups = root

www:~ #
chmod 600 /etc/sssd/sssd.conf

www:~ #
vi /etc/pam.d/common-account
# change like follows

account requisite     try_first_pass
account sufficient
account required      use_first_pass

www:~ #
vi /etc/pam.d/common-auth
# change like follows

auth    required
auth    optional
auth    sufficient     try_first_pass
auth    required      use_first_pass

www:~ #
vi /etc/pam.d/common-password
# change like follows

password        requisite
password        optional    use_authtok
password        sufficient     use_authtok nullok shadow try_first_pass
password        required      use_authtok

www:~ #
vi /etc/pam.d/common-session
# change like follows

session required
session required     try_first_pass
session optional
session optional
session optional
session optional    auto_start only_if=gdm,gdm-password,lxdm,lightdm
session optional
session optional skel=/etc/skel umask=077

www:~ #
vi /etc/nsswitch.conf
# line 29: add

passwd: compat

group: compat
www:~ #
systemctl enable sssd nscd

www:~ #
Welcome to SUSE Linux Enterprise Server 12  (x86_64) - Kernel 3.12.48-52.27-default (ttyS0).

www login:
# LDAP user

# password

# just logined
# try to change the LDAP password

Current Password:
# current password

New password:
# new password

Retype new password:
passwd: password updated successfully
Matched Content