#######################################

##############ldap网络帐号#############

1.ldap是什么

ldap目录服务认证,和windows活动目录类似,就是记录数据的一种方式

 

2.ldap客户端所须软件

yum sssd krb5-workstation -y

 

3.如何开启ldap用户认证

authconfig-tui

 

┌────────────────┤ Authentication Configuration ├─────────────────┐

│                                                                 │

│  User Information        Authentication                         │

│  [ ] Cache Information   [ ] Use MD5 Passwords                  │

│  [*] Use LDAP            [*] Use Shadow Passwords               │

│  [ ] Use NIS             [ ] Use LDAP Authentication            │

│  [ ] Use IPAv2           [*] Use Kerberos                       │

│  [ ] Use Winbind         [ ] Use Fingerprint reader             │

│                          [ ] Use Winbind Authentication         │

│                          [*] Local authorization is sufficient  │

│                                                                 │

│            ┌────────┐                      ┌──────┐             │

│            │ Cancel │                      │ Next │             │

│            └────────┘                      └──────┘             │

│                                                                 │

│                                                                 │

└─────────────────────────────────────────────────────────────────┘

   wKiom1gq7yTyTc66AACBbwHgQA0115.png-wh_50                                                 

wKioL1gq71KD-1zLAADivnIrqZI258.png-wh_50

           

<当出现以下报错时>

 

┌────────────────┤ Warning ├─────────────────┐

│                                            │

│ To connect to a LDAP server with TLS       │

│ protocol enabled you need a CA certificate │

│ which signed your server's certificate.    │

│ Copy the certificate in the PEM format to  │

│ the '/etc/openldap/cacerts' directory.     │

│ Then press OK.                             │

│                                            │

│                  ┌────┐                    │

│                  │ Ok │                    │

│                  └────┘                    │

│                                            │

│                                            │

└────────────────────────────────────────────┘

                                                                                

时因为tls的证书缺失,需要到服务器端下载所需要的证书到/etc/openldap/cacerts,

用到的命令

wget http://172.25.254.254/pub/example-ca.crt

 

<测试>

getent passwd ldapuser1

如果用户信息可以正常显示,证明客户端认成功。

 

4.自动挂载用户家目录

yum install autofs -y

vim /etc/autofs.master

/home/guests/etc/auto.ldap

 

vim /etc/auto.ldap

ldapuser1172.25.254.254:/home/guests/ldapuser1

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

*172.25.254.254:/home/guests/&

 

systemctl restart autofs                                

 

 

 5.非交互式脚本完成ldap用户认证:

wKiom1gq8BKghP-lAAEsNJgedls821.png-wh_50