OpenLDAP : LDAP クライアントの設定2021/05/17 |
LDAP サーバーのユーザーアカウント情報を共有できるように LDAP クライアントとして設定します。
|
|
[1] | LDAP クライアントの設定です。 |
root@node01:~#
apt -y install libnss-ldapd libpam-ldapd ldap-utils (1) LDAP サーバーの URI を指定 +---------------------| Configuring ldap-auth-config |----------------------+ | Please enter the URI of the LDAP server to use. This is a string in the | | form of ldap://<hostname or IP>:<port>/. ldaps:// or ldapi:// can also | | be used. The port number is optional. | | | | Note: It is usually a good idea to use an IP address because it reduces | | risks of failure in the event name service problems. | | | | LDAP server Uniform Resource Identifier: | | | | ldap://dlp.srv.world/_________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ (2) 識別名を指定 +---------------------| Configuring ldap-auth-config |----------------------+ | Please enter the distinguished name of the LDAP search base. Many sites | | use the components of their domain names for this purpose. For example, | | the domain "example.net" would use "dc=example,dc=net" as the | | distinguished name of the search base. | | | | Distinguished name of the search base: | | | | dc=srv,dc=world_______________________________________________________ | | | | <Ok> | | | +---------------------------------------------------------------------------+ (3) [nsswitch.conf] で LDAP を設定するサービスを選択 +-----------------------+ Configuring libnss-ldapd +------------------------+ | For this package to work, you need to modify the /etc/nsswitch.conf file | | to use the ldap datasource. | | | | You can select the services that should have LDAP lookups enabled. The | | new LDAP lookups will be added as the last datasource. Be sure to review | | these changes. | | | | Name services to configure: | | | | [*] passwd | | [*] group | | [*] shadow | | [ ] hosts | | [ ] networks | | | | | | <Ok> | | | +---------------------------------------------------------------------------+
root@node01:~#
vi /etc/pam.d/common-session # 必要があれば、最終行に追記 (ログイン時にホームディレクトリを自動作成) session optional pam_mkhomedir.so skel=/etc/skel umask=077 Ubuntu 21.04 node01.srv.world ttyS0 node01 login: hirsute # LDAP 登録ユーザー Password: Welcome to Ubuntu 21.04 (GNU/Linux 5.11.0-16-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Mon May 17 01:17:12 AM UTC 2021 System load: 0.0 Memory usage: 4% Processes: 126 Usage of /: 32.3% of 19.56GB Swap usage: 0% Users logged in: 0 ..... ..... Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Creating directory '/home/hirsute'. hirsute@node01:~$ # ログインできた # パスワード変更は通常通り hirsute@node01:~$ (current) LDAP Password: # 現在のパスワード New password: # 新しいパスワード Retype new password: passwd: password updated successfully hirsute@node01:~$ # 変更された |
Sponsored Link |
|