Configure Ubuntu client to obtain OPENLDAP service authentication

Source: Internet
Author: User
Keywords Here get whether can
Tags activate aliyun authenticate authentication client configuration configure dialog box

This page is written for people who want to configure the http://www.aliyun.com/zixun/aggregation/13835.html ">ubuntu client to authenticate to a OpenLDAP service."

Install Configure LDAP Authentication

Install the following packages: Libpam-ldap Libnss-ldap (see Installingsoftware). Note that you must activate the Universe library.

When you install, you will ask the following questions:

The LDAP server address used here you can also use the full domain name. such as ldap.example.co
The identity name of the search base. such as dc=example,dc=com
The LDAP version used in this you can usually choose 3.
Whether your database requires you to log in here you can usually choose No.
Do you want to configure your own readable/writable permissions?
The dialog box shown shows that it does not automatically manage nsswitch.conf. Just select OK.
Do you want the local root user to be the database administrator?
Ask your database again if you want to log in here and you will select No
Your root User login account: cn=manager,dc=example,dc=com
Your root user password
A dialog box then displays different encryption methods to specify the encryption method used before sending your password. EXOP is usually a good choice.

Configure nsswitch.conf

Unfortunately, we are not able to test this configuration until/ETC/NSSWITCH.CONF is configured:

$ sudo vi/etc/nsswitch.conf

Enter the following command to replace Compat with LDAP files:

:%s/compat/ldap files/g

Using Getent to test nsswitch.conf configuration

You can now use the following commands to test your configuration (replace <someldapuser> with a user and a known group of your LDAP service instead of <someldapgroup>):

$ getent passwd <someldapuser>
$ getent Group <someldapgroup>

If you get a response in the above scenario, your LDAP nsswitch.conf configuration is correct and all you need to do is configure PAM.

Change the search order in nsswitch.conf

You may want to exchange LDAP and files in order to check your local passwd files before querying the LDAP server:

$ sudo vi/etc/nsswitch.conf

Then change the order of each line in the following form:

Passwd:files LDAP
Group:files LDAP
Shadow:files LDAP

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.