centos8 install openldap client
2021-08-14centos8 install openldap client
aliyun linux安装后无法访问,因为aliyun默认启动了nscd,停止就可以了
systemctl stop nscd.socket nscd.service
systemctl disable nscd.socket nscd.service
#!/bin/bash
ldapuri="ldap://10.10.0.1/"
ldapbase="dc=wall,dc=com"
ldapsudoers="ou=sudoers,dc=wall,dc=com"
yum -y remove sssd sssd-client
yum -y install nss-pam-ldapd openssh-ldap openldap-clients
yum -y install oddjob oddjob-mkhomedir
systemctl enable --now oddjobd.service
sed -i '/^uri/d' /etc/nslcd.conf /etc/openldap/ldap.conf /etc/sudo-ldap.conf
sed -i '/^base/d' /etc/nslcd.conf /etc/openldap/ldap.conf /etc/sudo-ldap.conf
sed -i '/^URI/d' /etc/nslcd.conf /etc/openldap/ldap.conf /etc/sudo-ldap.conf
sed -i '/^BASE/d' /etc/nslcd.conf /etc/openldap/ldap.conf /etc/sudo-ldap.conf
sed -i '/^sudoers_base/d' /etc/nslcd.conf /etc/openldap/ldap.conf /etc/sudo-ldap.conf
#authselect select sssd with-mkhomedir --force
authconfig \--enablesssd \--enablesssdauth \--ldapserver=${ldapuri} \--ldapbasedn=${ldapbase} \--enablemkhomedir \--updateall
sed -i 's/sss/ldap/g' /etc/pam.d/password-auth
sed -i 's/sss/ldap/g' /etc/pam.d/system-auth
cat >> /etc/sudo-ldap.conf << EOF
uri ${ldapuri}
sudoers_base ${ldapsudoers}
EOF
cat >> /etc/nslcd.conf << EOF
uri ${ldapuri}
base ${ldapbase}
EOF
systemctl restart nslcd.service
sed -i '/sudoers/d' /etc/nsswitch.conf
echo 'sudoers: files ldap' >>/etc/nsswitch.conf
sed -i 's/sss/ldap/g' /etc/nsswitch.conf
sed -i '/AllowGroups/d' /etc/ssh/sshd_config
cat >> /etc/ssh/sshd_config << EOF
AllowGroups root yunwei
EOF
systemctl restart sshd.service
getent passwd|egrep wall
ldapsearch -x cn=ftq -b dc=wall,dc=com
id wall
systemctl stop nscd.socket nscd.service
systemctl disable nscd.socket nscd.service