centos 6.4
ldap server 位于ubuntu 12.04 Server上
1.安装
yum -y install openldap-clients nss-pam-ldapd
一个完整的配置(地址点此):
[root@www ~]# yum -y install openldap-clients nss-pam-ldapd [root@www ~]# vi /etc/openldap/ldap.conf # add at the last line # LDAP server's URI URI ldap://10.0.0.39/ # specify Suffix BASE dc=server,dc=world TLS_CACERTDIR /etc/openldap/cacerts [root@www ~]# vi /etc/nslcd.conf # line 131: specify URI, Suffix uri ldap://10.0.0.39/ base dc=server,dc=world ssl no tls_cacertdir /etc/openldap/cacerts [root@www ~]# vi /etc/pam_ldap.conf # line 17: make it comment # host 127.0.0.1 # line 20: specify Suffix base dc=server,dc=world # add at the last line uri ldap://10.0.0.39/ ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5 [root@www ~]# vi /etc/pam.d/system-auth # add like follows #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so # add if you need ( create home directory automatically if it's none ) session optional pam_mkhomedir.so skel=/etc/skel umask=077 [root@www ~]# vi /etc/nsswitch.conf passwd:files ldap# line 33: add shadow:files ldap# add group:files ldap# add netgroup:ldap# line 57: change automount: files ldap# line 61: change [root@www ~]# vi /etc/sysconfig/authconfig # line 18: change USELDAP=yes [root@www ~]# chkconfig nslcd on [root@www ~]# shutdown -r now www.server.world login: fermi# user on LDAP Password: Creating directory '/home/fermi'. [fermi@www ~]$ # just logined [fermi@www ~]$ passwd# try to change LDAP password Changing password for user fermi. Enter login(LDAP) password: New password: Retype new password: LDAP password information changed for fermi passwd: all authentication tokens updated successfully.