- 安裝套件
[root@kvm4 ~]# yum install {openldap,openldap-clients,nss-pam-ldapd}
- LDAP server條件
1. ldap server: deyu.wang
2. base dn: dc=deyu,dc=wang
3. 認證證書: ftp://deyu.wang/pub/cacert.pem
4. 帳號: ldapuser1
5. 密碼: 123
- 以authconfig命令幫忙設定LDAP認證
[root@kvmr4 ~]# authconfig --help | grep ldap
--enableldap enable LDAP for user information by default
--disableldap disable LDAP for user information by default
--enableldapauth enable LDAP for authentication by default
--disableldapauth disable LDAP for authentication by default
--ldapserver=<server>
--ldapbasedn=<dn> default LDAP base DN
--enableldaptls, --enableldapstarttls
--disableldaptls, --disableldapstarttls
--ldaploadcacert=<URL>
[root@kvm4 ~]# authconfig --enableldap --enableldapauth \
--ldapserver=deyu.wang --ldapbasedn="dc=deyu,dc=wang" --enableldaptls --enableldapstarttls \
--ldaploadcacert=ftp://deyu.wang/pub/cacert.pem --update
- 檢查要登入的帳號是否存在?
[root@kvm4 ~]# getent passwd ldapuser1
ldapuser1:{SSHA}HAvRpYe5TR88asauGqYtoCFzT7qHYqjP:1001:1001:ldapuser1:/home/guests/ldapuser1:/bin/bash
- 登入測試
[root@kvm4 ~]# su - ldapuser1
su: warning: cannot change directory to /home/guests/ldapuser1: No such file or directory
-bash-4.1$
- 若已掛載 NFS 後,登入 LDAP 帳號已有家目錄
[root@kvm4 ~]# getent passwd ldapuser1
ldapuser1:{SSHA}HAvRpYe5TR88asauGqYtoCFzT7qHYqjP:1001:1001:ldapuser1:/home/guests/ldapuser1:/bin/bash
[root@kvm4 ~]# su - ldapuser1
[ldapuser1@kvm4 ~]$ pwd
/home/guests/ldapuser1
- LDAP client 圖形界面設定工具
[root@kvm4 cacerts]# system-config-authentication
1. Under, "User account database" select LDAP
2. For "base DN", enter 'dc=deyu,dc=wang'
3. For "LDAP Server", enter 'ldap://deyu.wang'
4. Click "Download certificate" and use
ftp://deyu.wang/pub/cacert.pem
5. Leave TLS *UNCHECKED*
6. Under "Authentication Method", select LDAP
7. Select Apply and complete firstboot setup
