首页 > 代码库 > ldap 客户端配置
ldap 客户端配置
#!/bin/bash # yum install nss-pam-ldapd pam_ldap openldap-clients -y sed -i "/^CACHECREDENTIALS=/d;/^USESHADOW=/d;/^USELDAPAUTH=/d;/^USELDAP=/d;/^USECRACKLIB=/d;/^USELOCAUTHORIZE=/d" /etc/sysconfig/authconfig echo "CACHECREDENTIALS=yes USESHADOW=yes USELDAPAUTH=yes USELDAP=yes USECRACKLIB=yes USELOCAUTHORIZE=yes" >> /etc/sysconfig/authconfig grep ‘session optional pam_mkhomedir.so skel=/etc/skel umask=0022‘ /etc/pam.d/system-auth || echo ‘session optional pam_mkhomedir.so skel=/etc/skel umask=0022‘ >> /etc/pam.d/system-auth grep ‘auth sufficient pam_ldap.so use_first_pass‘ /etc/pam.d/system-auth || echo ‘auth sufficient pam_ldap.so use_first_pass account [default=bad success=ok user_unknown=ignore] pam_ldap.so password sufficient pam_ldap.so use_authtok session optional pam_ldap.so‘ >> /etc/pam.d/system-auth grep ‘auth sufficient pam_ldap.so use_first_pass‘ /etc/pam.d/password-auth || echo ‘auth sufficient pam_ldap.so use_first_pass account [default=bad success=ok user_unknown=ignore] pam_ldap.so password sufficient pam_ldap.so use_authtok session optional pam_ldap.so session optional pam_mkhomedir.so skel=/etc/skel umask=0022‘ >> /etc/pam.d/password-auth echo ‘base dc=sky,dc=com uri ldap://172.18.5.105/ ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5‘ > /etc/pam_ldap.conf grep ‘uri ldap://172.18.5.105/‘ /etc/nslcd.conf || echo ‘uid nslcd gid ldap uri ldap://172.18.5.105/ base dc=sky,dc=com ssl no tls_cacertdir /etc/openldap/cacerts‘ >/etc/nslcd.conf sed -i "s/^passwd: files$/passwd: files ldap/g;s/^shadow: files$/shadow: files ldap/g;s/^group: files$/group: files ldap/g;" /etc/nsswitch.conf echo ‘TLS_CACERTDIR /etc/openldap/cacerts URI ldap://172.18.5.105 BASE dc=sky,dc=com‘ > /etc/openldap/ldap.conf chkconfig --level 35 nslcd on /etc/init.d/nslcd start ####sudo config grep ‘sudoers: ldap‘ /etc/nsswitch.conf || echo ‘sudoers: ldap‘ >> /etc/nsswitch.conf echo ‘uri ldap://172.18.5.105 sudoers_base ou=SUDOers,dc=sky,dc=com‘ > /etc/sudo-ldap.conf
本文出自 “秋风颂” 博客,请务必保留此出处http://qiufengsong.blog.51cto.com/7520243/1538679
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。