CẤU HÌNH LDAP CLIENT

1.1.1.     CẤU HÌNH LDAP CLIENT

[root@linux ~]#yum -y install openldap-clients nss-pam-ldapd

[root@linux ~]#vi /etc/openldap/ldap.conf

# add at the last line

# LDAP server's URI

URI ldap://10.0.0.39/

# specify Suffix

BASE dc=server,dc=world
TLS_CACERTDIR /etc/openldap/cacerts

[root@linux ~]#vi /etc/nslcd.conf

# line 131: specify URI, Suffix

uri

ldap://10.0.0.39/

base dc=server,dc=world

ssl no
tls_cacertdir /etc/openldap/cacerts

[root@linux ~]#vi /etc/pam_ldap.conf

# line 17: make it comment

#host 127.0.0.1

# line 20: specify Suffix

base dc=server,dc=world

# add at the last line

uri ldap://10.0.0.39/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5

[root@linux ~]#vi /etc/pam.d/system-auth

# add like follows

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth        required      pam_env.so

auth        sufficient    pam_fprintd.so

auth        sufficient    pam_unix.so nullok try_first_pass

auth        requisite     pam_succeed_if.so uid >= 500 quiet

auth        sufficient    pam_ldap.so use_first_pass

auth        required      pam_deny.so

account     required      pam_unix.so

account     sufficient    pam_localuser.so

account     sufficient    pam_succeed_if.so uid < 500 quiet

account     [default=bad success=ok user_unknown=ignore] pam_ldap.so

account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=

password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok

password    sufficient    pam_ldap.so use_authtok

password    required      pam_deny.so

session     optional      pam_keyinit.so revoke

session     required      pam_limits.so

session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session     required      pam_unix.so

session     optional      pam_ldap.so

# add if you need ( create home directory automatically if it's none )

session     optional      pam_mkhomedir.so skel=/etc/skel umask=077

[root@linux ~]#vi /etc/nsswitch.conf

passwd:     files       ldap  # line 33: add

shadow:     files       ldap  # add

group:      files       ldap  # add

netgroup:   ldap        # line 57: change

automount: files ldap   # line 61: change

[root@linux ~]#vi /etc/sysconfig/authconfig

# line 18: change

USELDAP=yes

[root@linux ~]#chkconfig nslcd on

[root@linux ~]#shutdown -r now

www.serverlinux.vn login:fermi      # user on LDAP

Password:
Creating directory '/home/fermi'.
[fermi@www ~]$          # just logined

[fermi@www ~]$ passwd   # try to change LDAP password

Changing password for user fermi.
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information changed for fermi
passwd: all authentication tokens updated successfully.