server
端
- 安装
openldap
- 参考:openldap安装
- 安装
migrationtools
|
|
- 修改
migrate_common.sh
,该文件在/etc/migrationtools
文件夹下
|
|
以上的东西改成自己的
- 配置
|
|
client
端
手动方式
手动方式
安装软件
|
|
期间配置一些server端的信息
认证方式中添加ldap
|
|
查看/etc/nsswitch.conf
|
|
|
|
使认证通过后自动创建用户家目录
|
|
添加:session required pam_mkhomedir.so skel=/etc/skel umask=0022
执行
|
|
配置可在本机通过passwd更改用户密码
|
|
- 登陆或切换用户时即通过ldap进行认证,如切换为ldap中的用户manager
|
|
Password:*
Creating directory ‘/home/manager’.
manager@ldapclient:~$
脚本方式
- 代码:1234567891011121314151617181920212223242526272829303132333435363738394041#!/bin/bash#--------------------------------------------------------------------------------#Ldap server地址及base DNLDAP_SERVER_IP=xxx.xx.xx.xxBASE_DN='dc=olei,dc=me'#--------------------------------------------------------------------------------#创建preseed文件-软件安装自应答touch debconf-ldap-preseed.txtecho "ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://$LDAP_SERVER_IP" >> debconf-ldap-preseed.txtecho "ldap-auth-config ldap-auth-config/ldapns/base-dn string $BASE_DN" >> debconf-ldap-preseed.txtecho "ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3" >> debconf-ldap-preseed.txtecho "ldap-auth-config ldap-auth-config/dbrootlogin boolean false" >> debconf-ldap-preseed.txtecho "ldap-auth-config ldap-auth-config/dblogin boolean false" >> debconf-ldap-preseed.txtecho "nslcd nslcd/ldap-uris string ldap://$LDAP_SERVER_IP" >> debconf-ldap-preseed.txtecho "nslcd nslcd/ldap-base string $BASE_DN" >> debconf-ldap-preseed.txtcat debconf-ldap-preseed.txt | debconf-set-selections#安装ldap client相关软件apt-get install -y ldap-utils libpam-ldap libnss-ldap nslcd#认证方式中添加ldapauth-client-config -t nss -p lac_ldap#认证登录后自动创建用户家目录echo "session required pam_mkhomedir.so skel=/etc/skel umask=0022" >> /etc/pam.d/common-session#自启动服务/etc/init.d/libnss-ldap restartupdate-rc.d nslcd enable#可以在Host上通过passwd更改用户密码cp /etc/pam.d/common-password /etc/pam.d/common-password.baksed -i 's/use_authtok//' /etc/pam.d/common-password#使配置生效/etc/init.d/nscd restart