Configure LDAP Client
2015/12/01 |
Configure LDAP Client in order to share users' accounts in your local networks.
|
|
[1] | Install and Configure OpenLDAP Client. |
www:~ #
www:~ # zypper -n install openldap2-client sssd pam_ldap nss_ldap mv /etc/sssd/sssd.conf /etc/sssd/sssd.conf.org
www:~ #
vi /etc/sssd/sssd.conf # create new ( replace values for ldap_uri, ldap_search_base to your own env) [domain/default] id_provider = ldap auth_provider = ldap ldap_uri = ldap://dlp.srv.world ldap_search_base = dc=srv,dc=world cache_credentials = True ldap_tls_cacertdir = /etc/openldap/certs ldap_tls_reqcert = allow [sssd] config_file_version = 2 services = nss, pam domains = default [nss] filter_users = root filter_groups = root chmod 600 /etc/sssd/sssd.conf
www:~ #
vi /etc/pam.d/common-account # change like follows
account requisite pam_unix.so try_first_pass
account sufficient pam_localuser.so
account required pam_sss.so use_first_pass
www:~ #
vi /etc/pam.d/common-auth # change like follows
auth required pam_env.so
auth optional pam_gnome_keyring.so
auth sufficient pam_unix.so try_first_pass
auth required pam_sss.so use_first_pass
www:~ #
vi /etc/pam.d/common-password # change like follows
password requisite pam_cracklib.so
password optional pam_gnome_keyring.so use_authtok
password sufficient pam_unix.so use_authtok nullok shadow try_first_pass
password required pam_sss.so use_authtok
www:~ #
vi /etc/pam.d/common-session # change like follows session required pam_limits.so session required pam_unix.so try_first_pass session optional pam_sss.so session optional pam_umask.so session optional pam_systemd.so session optional pam_gnome_keyring.so auto_start only_if=gdm,gdm-password,lxdm,lightdm session optional pam_env.so session optional pam_mkhomedir.so skel=/etc/skel umask=077
www:~ #
vi /etc/nsswitch.conf # line 29: add
passwd: compat
www:~ # sss group: compat sss
systemctl enable sssd nscd
www:~ #
Welcome to SUSE Linux Enterprise Server 12 (x86_64) - Kernel 3.12.48-52.27-default (ttyS0).
www login:
suse@www:~> suse # LDAP user Password: # password suse@www:~> # just logined # try to change the LDAP password Current Password: # current password New password: # new password Retype new password: passwd: password updated successfully |