1.配置ldap 用户登录权限(前提是该linux加入ldap)
1)在ldap上设置adminzhy属于linuxadmin组,在linux系统上/etc/security/login.allowed加入一行为LinuxAdmin
2).在linux系统上设置pam模块
[root@vertica pam.d]# grep login.allowed ./*
./password-auth-ac: auth required pam_listfile.so item=group sense=allow file=/etc/security/login.allowed onerr=fail
./system-auth-ac: auth required pam_listfile.so item=group sense=allow file=/etc/security/login.allowed onerr=fail
2.配置用户sudo权限
linux上新建一个用户组sysadmin,将ldap用户adminzhy加入该组groupmems -g sysadmin -a adminzhy
并在/etc/sudoers/中加入该行
%sysadmin ALL=(ALL)ALL,!/bin/su,!/usr/bin/passwd,!/usr/sbin/visudo,!/usr/sbin/chpasswd,!/usr/sbin/useradd,!/usr/sbin/usermod