LDAP configuration _ Ubuntu14.04 configure the LDAPClient Client

Source: Internet
Author: User
Tags redmine
LightweightDirectoryAccessProtocol is a centralized user management system. Imagine that when multiple services such as redmine and gitlab are built in an enterprise, it is very troublesome to re-open an account and it is not conducive to management. LDAP provides a unified interface for user management. Its backend is equivalent to a database, which is stored as a directory tree and a file, so that it does not need to depend on any database. Lightweight Directory Access Protocol is a centralized user management system. Imagine that when multiple services such as redmine and gitlab are built in an enterprise, it is very troublesome to re-open an account and it is not conducive to management. LDAP provides a unified interface for user management. Its backend is equivalent to a database, which is stored as a directory tree and a file, so that it does not need to depend on any database.

Record the process of configuring the LDAP client on Ubuntu 14.04.

sudo apt-get install ldap-utils ldap-auth-client libnss-ldap libpam-ldap

During the installation process, the following information is displayed: ldap server address, base dc, etc,Save the information in/etc/ldap. conf.You can use dpkg-reconfigure ldap-auth-config to reconfigure the configuration, where:

Lda address format ldap: // 192.168.x.x: 389 Distinguished name of the search base: is the root of your directory tree. For example, if my directory is dc = navinfo, dc = comLDAP version to use: 3 Make local root Database admin: YesDoes the LDAP database require login? NoLDAP account for root: the admin account created when the LDAP server is installed. my options are cn = admin, dc = navinfo, dc = comLDAP root account password:

Modify the/etc/nsswitch. conf file, add the ldap login mode, and search the order of the system to check your local passwd file before querying the LDAP server.

sudo cp -p /etc/nsswitch.conf /etc/nsswitch.conf.baksudo auth-client-config -t nss -p lac_ldap

 

As you can see, the execution is complete.CommandLater, the nsswitch. conf file becomes the following content:

……passwd: files ldapgroup:  files ldapshadow: files ldap……

Modify/etc/pam. d/common-password so that the password can be synchronized to the LDAP server when passwd is executed.

Sudo vim/etc/pam. d/common-password ...... # Find row 26th (delete use_authtok field) password [success = 1 user_unknown = ignore default = die] pam_ldap.so try_first_pass ......

If you do not perform this step, the logged-on LDAP user will prompt the passwd: Authentication information cannot be recovered error when executing the passwd command to change the password.

Automatically create the home Directory
Enable the pam_mkhomedir.so module to work properly. When you log on for the first time, create the main directory

Sudo vim/etc/pam. d/common-session # add a line at the end (before pam_ldap and pam_krb5 must be added) session required pam_mkhomedir.so umask = 0022 skel =/etc/skel
sudo /etc/init.d/libnss-ldap restart

Then you can test the connection to the LDAP Server. If an error occurs, check the local/var/log/auth. log to analyze the cause.

Reference:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.