Ubuntu 21.04
Sponsored Link

OpenLDAP : LDAP クライアントの設定
2021/05/17
 
LDAP サーバーのユーザーアカウント情報を共有できるように LDAP クライアントとして設定します。
[1] LDAP クライアントの設定です。
root@node01:~#
apt -y install libnss-ldapd libpam-ldapd ldap-utils
(1) LDAP サーバーの URI を指定

 +---------------------| Configuring ldap-auth-config |----------------------+
 | Please enter the URI of the LDAP server to use. This is a string in the   |
 | form of ldap://<hostname or IP>:<port>/. ldaps:// or ldapi:// can also    |
 | be used. The port number is optional.                                     |
 |                                                                           |
 | Note: It is usually a good idea to use an IP address because it reduces   |
 | risks of failure in the event name service problems.                      |
 |                                                                           |
 | LDAP server Uniform Resource Identifier:                                  |
 |                                                                           |
 | ldap://dlp.srv.world/_________________________________________________    |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+

(2) 識別名を指定
 +---------------------| Configuring ldap-auth-config |----------------------+
 | Please enter the distinguished name of the LDAP search base. Many sites   |
 | use the components of their domain names for this purpose. For example,   |
 | the domain "example.net" would use "dc=example,dc=net" as the             |
 | distinguished name of the search base.                                    |
 |                                                                           |
 | Distinguished name of the search base:                                    |
 |                                                                           |
 | dc=srv,dc=world_______________________________________________________    |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+

(3) [nsswitch.conf] で LDAP を設定するサービスを選択
 +-----------------------+ Configuring libnss-ldapd +------------------------+
 | For this package to work, you need to modify the /etc/nsswitch.conf file  |
 | to use the ldap datasource.                                               |
 |                                                                           |
 | You can select the services that should have LDAP lookups enabled. The    |
 | new LDAP lookups will be added as the last datasource. Be sure to review  |
 | these changes.                                                            |
 |                                                                           |
 | Name services to configure:                                               |
 |                                                                           |
 |    [*] passwd                                                             |
 |    [*] group                                                              |
 |    [*] shadow                                                             |
 |    [ ] hosts                                                              |
 |    [ ] networks                                                           |
 |                                                                           |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+

root@node01:~#
vi /etc/pam.d/common-session
# 必要があれば、最終行に追記 (ログイン時にホームディレクトリを自動作成)

session optional        pam_mkhomedir.so skel=/etc/skel umask=077
root@node01:~#
systemctl restart nscd nslcd

root@node01:~#
exit
Ubuntu 21.04 node01.srv.world ttyS0

node01 login: hirsute     # LDAP 登録ユーザー
Password:
Welcome to Ubuntu 21.04 (GNU/Linux 5.11.0-16-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Mon May 17 01:17:12 AM UTC 2021

  System load: 0.0                Memory usage: 4%   Processes:       126
  Usage of /:  32.3% of 19.56GB   Swap usage:   0%   Users logged in: 0

.....
.....

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

Creating directory '/home/hirsute'.
hirsute@node01:~$      # ログインできた

# パスワード変更は通常通り

hirsute@node01:~$
(current) LDAP Password:     # 現在のパスワード
New password:                # 新しいパスワード
Retype new password:
passwd: password updated successfully
hirsute@node01:~$            # 変更された
関連コンテンツ