openldap配置以及与ssh集成
来源:互联网 发布:精美图表制作软件 编辑:程序博客网 时间:2024/06/11 06:22
1.安装rpm包:openldap,openldap-clients,openldap-servers;
[root@localhost Desktop]# rpm -qa |grep openldap openldap-clients-2.4.19-15.el6.i686 openldap-devel-2.4.19-15.el6.i686 openldap-servers-2.4.19-15.el6.i686 openldap-2.4.19-15.el6.i686
2.删除slapd.d目录:rm -rf slapd.d/
3.拷贝配置文件:cp slapd.conf.bak slapd.conf ,修改权限:chmod 644 slapd.conf
4.通过ldappasswd创建密码,并粘贴到编辑配置文件slapd.conf
databasebdb suffix"dc=example,dc=com" checkpoint1024 15 rootdn"cn=Manager,dc=example,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # rootpwsecret # rootpw{crypt}ijFYNcSNctBYg rootpw{SSHA}4Y08KJDfylBY2PEgG7nhbJm2ccUt17sA
5.拷贝数据库配置文件: cp /usr/share/doc/openldap-servers-2.4.19/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
修改数据库文件owner: chown -R ldap:ldap /var/lib/ldap/
6.进入/var/lib/ldap/并创建文件example.ldif
dn:dc=example,dc=com objectclass:dcObject objectclass:organization o:Example Company dc:example
dn:cn=Manager, dc=example,dc=com objectclass:organizationalRole cn:Manager
7.将以上条目添加到ldap数据库中:ldapadd -x -D 'cn=Manager,dc=example,dc=com' -W -f example.ldif
8.验证数据是否正确添加: ldapsearch -x -b 'dc=example,dc=com'
[root@localhost ldap]# ldapsearch -x -b 'dc=example,dc=com' # extended LDIF # # LDAPv3 # base <dc=example,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# example.com dn: dc=example,dc=com objectClass: dcObject objectClass: organization o: Example Company dc: example
# Manager, example.com dn: cn=Manager,dc=example,dc=com objectClass: organizationalRole cn: Manager
# search result search: 2 result: 0 Success
# numResponses: 3 # numEntries: 2ssh集成ldap认证1.开启ldap认证:运行命令authconfig-tui并选中以下选项
[*] Use LDAP [*] Use LDAP Authentication
2.修改/etc/ssh/sshd_config以下项目,使ssh通过pam认证账户
UsePAM yes
3.查看/etc/pam.d/sshd文件,以确认调用的pam认证文件(本例为password_auth)
[root@localhost pam.d]# cat sshd #%PAM-1.0 auth requiredpam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke session include password-auth session required pam_mkhomedir.so # 加入此行后,在通过ssh首次登陆服务器时将创建home目录
4.修改/etc/pam.d/password-auth文件
[root@localhost pam.d]# cat password-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass # 加入此行 auth required pam_deny.so
account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account sufficient pam_ldap.so # 加入此行 account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok # 加入此行 password required pam_deny.so
session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so # 加入此行
- openldap配置以及与ssh集成
- OpenLDAP安装与配置
- openldap安装与配置
- OpenLDAP安装与配置
- cas4.0 与openldap的集成
- Fedora16配置与使用openldap
- maven环境变量配置以及与eclipse集成
- SSH集成配置总结
- SSH集成相关配置
- CAS4.0.0集成OpenLdap并返回用户信息配置讲解
- Windows下OpenLDAP的安装与配置
- OpenLDAP服务端+PhpLdapAdmin 基本安装与配置
- OpenLDAP服务端+PhpLdapAdmin 基本安装与配置
- openldap配置
- openldap配置
- OpenLDAP配置
- OpenLDAP配置
- OpenLDAP配置
- poj 2386 Lake Counting——BFS(队列)
- SPOJ GSS1 Can you answer these queries I
- Spring整合CXF,发布RSETful 风格WebService
- CString转char的方法总结
- js漂浮广告代码(简洁!)
- openldap配置以及与ssh集成
- 大四13天实训总结
- Compiling, Linking and Debugging Tips for C++
- Silverlight Grid表格
- android基础--uri简介
- 切克闹小记录
- SPOJ GSS3 Can you answer these queries III
- JS获取字符串长度 (一个汉字长度视为1)
- poj3308Paratroopers(最小割)