Openldap posix accounts
Zur Navigation springen
Zur Suche springen
nsswitch und pam anbinden
- apt install libnss-ldap libpam-ldap ldap-utils
ldap.conf
Wir benutzen nur eine Konfigurationdatei
- ln -sf /etc/ldap/ldap.conf /etc/ldap.conf
- ln -sf /etc/ldap/ldap.conf /etc/libnss-ldap.conf
- ln -sf /etc/ldap/ldap.conf /etc/pam_ldap.conf
Test
- ldapsearch -x | head -20
ergänzen /etc/nsswitch.conf
passwd: compat ldap group: compat ldap
nsswitch tests
passwd test
getent passwd | grep 3001 leroy:x:2001:3001:leroy:/home/leroy:/bin/bash
group test
getent group | grep 3001 it:*:3001:
id test
id leroy uid=2001(leroy) gid=3001(it) Gruppen=3001(it)
sudo opportunity 1
- /etc/pam.d/common-auth
#First entry should be auth required pam_group.so use_first_pass
- /etc/security/group.conf
*;*;*;Al0000-2400;audio,cdrom,dialout,floppy,sudo,adm,video
sudo opportunity 2
- visudo
%it ALL=(ALL:ALL) ALL