openldap双主
In this post, how to unified Linux login and home directory using OpenLDAP and NFS/automount will be introduced.
在本文中,将介绍如何使用OpenLDAP和NFS / automount统一Linux登录名和主目录。
This solution is tested on Fedora 12 systems and CentOS 5.
该解决方案已在Fedora 12 系统和CentOS 5上进行了测试。
LDAP and NFS server:
IP: 10.0.0.2
OS: Fedora 12 x86_64
ldap base dn: “dc=lgcpu1″
LDAP和NFS服务器:
IP:10.0.0.2
作业系统:Fedora 12 x86_64
ldap基本dn:“ dc = lgcpu1”
Clients:
IP: 10.0.0.1/24
OS: Fedora 12 x86_64
客户:
IP:10.0.0.1/24
作业系统:Fedora 12 x86_64
# yum install openldap-servers
# /sbin/chkconfig ldap on
# /sbin/service ldap start
Edit /etc/openldap/slapd.conf. Add or edit:
编辑/etc/openldap/slapd.conf 。 添加或编辑:
include /etc/openldap/schema/redhat/autofs.schema#########################################################
# ldbm and/or bdb database definitions
#########################################################database bdb
suffix "dc=lgcpu1"
checkpoint 1024 15
rootdn "cn=Manager,dc=lgcpu1"rootpw {crypt}x# Access Control
access to attrs=userPasswordby self writeby anonymous authby dn="cn=manager,dc=lgcpu1" writeby * compare
access to *by self writeby dn="cn=manager,dc=lgcpu1" writeby * read
How to get the rootpw:
如何获得rootpw:
perl -e "print crypt('passwd', 'salt_string',);"
top.ldif:
top.ldif:
dn: dc=lgcpu1
objectclass: dcObject
objectclass: organization
o: lgcpu1 group
dc: lgcpu1dn: cn=manager,dc=lgcpu1
objectclass: organizationalRole
cn: managerdn: ou=people,dc=lgcpu1
ou: people
objectclass: organizationalUnit
objectclass: domainRelatedObject
associatedDomain: lgcpu1dn: ou=contacts,ou=people,dc=lgcpu1
ou: contacts
ou: people
objectclass: organizationalUnit
objectclass: domainRelatedObject
associatedDomain: lgcpu1dn: ou=group,dc=lgcpu1
ou: group
objectclass: organizationalUnit
objectclass: domainRelatedObject
associatedDomain: lgcpu1
Add top.ldif to ldap server:
将top.ldif添加到ldap服务器:
$ ldapadd -x -D 'cn=manager,dc=lgcpu1' -W -f top.ldif
Then search all the content in the ldap server by:
然后通过以下方式搜索ldap服务器中的所有内容:
ldapsearch -x -D 'cn=manager,dc=lgcpu1' -W
If the previous work is correctly processed. ldapsearch will print out all the content in ldap database.
如果先前的工作得到正确处理。 ldapsearch将打印出ldap数据库中的所有内容。
Copy passwd shadow group from /etc/ to some tmp location
Edit them and only keep the normal users, that means no system users.
将passwd影子组从/ etc /复制到某个tmp位置
编辑它们,只保留普通用户,这意味着没有系统用户。
$ vim /usr/share/openldap/migration/migrate_common.ph
Edit these values:
编辑这些值:
# Default DNS domain
$DEFAULT_MAIL_DOMAIN = "cse.ust.hk";# Default base
$DEFAULT_BASE = "dc=lgcpu1";
Then add the encryped password from shadow file to userPassword like this:
然后将加密文件中的加密密码从影子文件添加到userPassword中,如下所示:
$ /usr/share/openldap/migration/migrate_passwd.pl ./passwd > people.ldif
The password is in this format:
密码采用以下格式:
userPassword: {crypt}$1$Zlkjsdf...
Then add people.ldif to ldap server
然后将people.ldif添加到ldap服务器
$ /usr/share/openldap/migration/migrate_group.ph ./group > group.ldif
Then add group.ldif to ldap server
然后将group.ldif添加到ldap服务器
dn: ou=auto.master,dc=lgcpu1
objectClass: top
objectClass: automountMap
ou: auto.masterdn: cn=/home,ou=auto.master,dc=lgcpu1
objectClass: automount
automountInformation: ldap:ou=auto.home,dc=lgcpu1
cn: /homedn: cn=/share,ou=auto.master,dc=lgcpu1
objectClass: automount
automountInformation: ldap:ou=auto.misc, dc=lgcpu1
cn: /share
add auto.master.ldif
添加auto.master.ldif
Add for every users
为每个用户添加
add auto.home.ldif
添加auto.home.ldif
Add for some common share directories
添加一些常见的共享目录
dn: ou=auto.misc,dc=lgcpu1
objectClass: top
objectClass: automountMap
ou: auto.misc
add auto.misc.ldif
添加auto.misc.ldif
Please refer to How to Set Up and Configure NFS Server and Clients for how to set up a NFS server.
请参阅如何设置和配置NFS服务器和客户端以了解如何设置NFS服务器。
Allow the servers inside subnet 10.0.0.1/24 to mount the /home directory with read/write permission. Add this line to /etc/exports:
允许子网10.0.0.1/24内的服务器安装具有读/写权限的/ home目录。 将此行添加到/ etc / exports:
/home 10.0.0.1/24(rw)
Enable nfs service on the NFS server so that the service automatically starts each time the server starts:
在NFS服务器上启用nfs服务,以便该服务在每次服务器启动时自动启动:
# /sbin/chkconfig nfs on
You may also manually start it
您也可以手动启动它
# service nfs start
# yum install nss_ldap autofs nfs-utils
# chkconfig autofs on
# service rpcbind restart
# service autofs restart
# authconfig-tui
Select like this:
像这样选择:
| User Information Authentication │
│ [ ] Cache Information [*] Use MD5 Passwords │
│ [ ] Use Hesiod [*] Use Shadow Passwords │
│ [*] Use LDAP [*] Use LDAP Authentication │
│ [ ] Use NIS [ ] Use Kerberos │
│ [ ] Use Winbind [ ] Use Fingerprint reader │
│ [ ] Use Winbind Authentication │
│ [*] Local authorization is sufficient │
In next step:
下一步:
│ [ ] Use TLS │
│ Server: ldap://10.0.0.2/________________________ │
│ Base DN: dc=lgcpu1_______________________________ │
/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
/ etc / passwd
/ etc / shadow
/ etc / group
/ etc / gshadow
dn: uid=sample,ou=People,dc=lgcpu1
uid: sample
cn: sample
sn: sample
mail: sample@cse.ust.hk
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {crypt}$6$encryped password here
loginShell: /bin/bash
uidNumber: 507
gidNumber: 507
homeDirectory: /home/sample
dn: cn=sample,ou=Group,dc=lgcpu1
objectClass: posixGroup
objectClass: top
cn: sample
userPassword: {crypt}x
gidNumber: 507
dn: cn=sample,ou=auto.home,dc=lgcpu1
objectClass: automount
automountInformation: 10.0.0.2:/home/sample
cn: sample
/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
/ etc / passwd
/ etc / shadow
/ etc / group
/ etc / gshadow
# mkdir /home/sample
# cp /etc/skel/.[a-z]* /home/sample/
# chown -R 507:507 /home/sample/
翻译自: https://www.systutorials.com/unified-linux-login-and-home-directory-using-openldap-and-nfsautomount/
openldap双主