/etc/ldap.conf
*************************************
host ldap-server-ip-address
base ou=Users,dc=advistatech,dc=com
ssl no
pam_password md5
*************************************
/etc/openldap/ldap.conf
*************************************
HOST ldap-server-ip-address
BASE ou=Users,dc=advistatech,dc=com
*************************************
/etc/pam.d/system-auth
*************************************
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
*************************************
nsswitch.conf
**********************
passwd: files ldap
shadow: files ldap
group: files ldap
**********************
You can use "getent passwd" to list all the users in the ldap server.
To make sshd work, restart the sshd service.
No comments:
Post a Comment