Configure Ubuntu to use ldap authentication

Configure Ubuntu to use ldap authentication to pass ldap authentication to make it ldapclient. the tutorial environment in this article is ubuntu12.04. I. manual configuration method 1. software installation: Java code apt-getinstallldap-utilslibpam-ldaplibnss-ldap... configure Ubuntu to use ldap authentication to pass ldap authentication to make it an ldap client. in this tutorial, the environment is ubuntu 12.04. I. manual configuration method 1. software installation: during the installation of the Java code apt-get install ldap-utils libpam-ldap libnss-ldap nslcd, the following information is displayed: ldap server address, base dc, etc. The information is stored in/etc/ldap. in the conf file, you can use dpkg-reconfigure ldap-auth-config to reconfigure it. in the format of ldap service uri, ldap: // ldapServerIP/search base: dc = my, dc = com, dc = cnroot ldap account: cn = admin, dc = my, dc = com, dc = cn 2. add ldap in authentication mode: Java code root @ ldapclient :~ # Auth-client-config-t nss-p lac_ldap 3. after authentication is passed, the user's home directory is automatically created: Java code vi/etc/pam. d/common-session, append content: session required pam_mkhomedir.so skel =/etc/skel umask = 0022 4. configure to enable the ldap authentication mode Java code root @ ldapclient :~ # Pam-auth-update 5. execute the Java code update-rc.d nslcd enable 6. configure to change the user password on the local machine via passwd: Java code vi/etc/pam. d/common-password, excluding use_authtok parameter 7. restart related services: Java code/etc/init. d/nscd restart 8. authentication is performed through ldap upon login or user switching. for example, switch to User manager in ldap: Java code user1 @ ldapclient :~ $ Su-manager Password: ***** Creating directory '/home/manager'. manager @ ldapclient :~ $ See http://askubuntu.com/questions/127389/how-to-configure-ubuntu-as-an-ldap-client II. script configuration method if many machines need to be configured, manual configuration is not suitable. you can run the following shell script on the machine to be configured for automatic configuration: C code #! /Bin/bash # Protocol # Ldap server address and base DN LDAP_SERVER_IP = 192.168.1.100 BASE_DN = 'DC = my, dc = com, dc = cn' # Prepare # create preseed file-software installation self-response touch debconf-ldap-preseed.txt echo "ldap-auth-config/ldapns/ldap-server string ldap: // $ LDAP_SERVER_IP "> debconf-ldap-preseed.txt echo" ldap-auth-config/ldapns/base-dn string $ BASE_DN "> debconf-ldap-preseed.txt echo" ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3> debconf-ldap-preseed.txt echo "ldap-auth-config/dbrootlogin boolean false"> debconf-ldap-preseed.txt echo "ldap-auth -config ldap-auth-config/dblogin boolean false "> debconf-ldap-preseed.txt echo" nslcd/ldap-uris string ldap: // $ LDAP_SERVER_IP "> debconf-ldap-preseed.txt echo" nslcd/ldap-base string $ BASE_DN "> debconf-ldap-preseed.txt cat debconf-ldap-preseed.txt | debconf-set-selections # install ldap client related software apt-get install-y ldap-utils libpam-ldap libnss-ldap nslcd # Add ldap auth-client-config-t nss-p lac_ldap in authentication mode # automatically create echo in the user's home directory after logon "session required pam_mkhomedir.so skel =/etc/skel umask = 0022">/etc/pam. d/common-session # self-starting service update-rc.d nslcd enable # you can change the user password cp/etc/pam on the Host through passwd. d/common-password/etc/pam. d/common-password.bak sed-I's/use_authtok // '/etc/pam. d/common-password # Make the configuration take effect/etc/init. d/nscd restart