特殊:Badtitle/NS100:SunLDAPClientAuthentication:修订间差异
小无编辑摘要 |
小无编辑摘要 |
||
| 第20行: | 第20行: | ||
ncampbell@naaman:~$ sudo vi /etc/nsswitch.conf | ncampbell@naaman:~$ sudo vi /etc/nsswitch.conf | ||
# perform the following vi commands | |||
:1,$s/compat/files ldap/g | :1,$s/compat/files ldap/g | ||
:x! | :x! | ||
| 第53行: | 第54行: | ||
ncampbell@naaman:/etc/pam.d$ sudo vi common-account | ncampbell@naaman:/etc/pam.d$ sudo vi common-account | ||
account sufficient pam_ldap.so | |||
account required pam_unix.so | |||
ncampbell@naaman:/etc/pam.d$ sudo vi common-auth | ncampbell@naaman:/etc/pam.d$ sudo vi common-auth | ||
auth sufficient pam_ldap.so | |||
auth required pam_unix.so nullok_secure use_first_pass | |||
ncampbell@naaman:/etc/pam.d$ sudo vi common-password | ncampbell@naaman:/etc/pam.d$ sudo vi common-password | ||
password sufficient pam_ldap.so nullok | |||
password required pam_unix.so nullok obscure min=4 max=8 md5 | |||
ncampbell@naaman:/etc/pam.d$ sudo vi common-session | ncampbell@naaman:/etc/pam.d$ sudo vi common-session | ||
session sufficient pam_ldap.so | |||
session required pam_unix.so | |||
ncampbell@naaman:/etc/pam.d$ cd ~ | ncampbell@naaman:/etc/pam.d$ cd ~ | ||
2007年5月24日 (四) 14:47的版本
 |
文章出处: |
{{#if: | {{{2}}} | https://help.ubuntu.com/community/SunLDAPClientAuthentication }} |
|
点击翻译: |
English {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/af | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Afrikaans| [[::SunLDAPClientAuthentication/af|Afrikaans]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ar | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|العربية| [[::SunLDAPClientAuthentication/ar|العربية]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/az | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|azərbaycanca| [[::SunLDAPClientAuthentication/az|azərbaycanca]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/bcc | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|جهلسری بلوچی| [[::SunLDAPClientAuthentication/bcc|جهلسری بلوچی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/bg | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|български| [[::SunLDAPClientAuthentication/bg|български]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/br | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|brezhoneg| [[::SunLDAPClientAuthentication/br|brezhoneg]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ca | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|català| [[::SunLDAPClientAuthentication/ca|català]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/cs | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|čeština| [[::SunLDAPClientAuthentication/cs|čeština]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/de | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Deutsch| [[::SunLDAPClientAuthentication/de|Deutsch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/el | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Ελληνικά| [[::SunLDAPClientAuthentication/el|Ελληνικά]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/es | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|español| [[::SunLDAPClientAuthentication/es|español]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/fa | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|فارسی| [[::SunLDAPClientAuthentication/fa|فارسی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/fi | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|suomi| [[::SunLDAPClientAuthentication/fi|suomi]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/fr | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|français| [[::SunLDAPClientAuthentication/fr|français]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/gu | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|ગુજરાતી| [[::SunLDAPClientAuthentication/gu|ગુજરાતી]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/he | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|עברית| [[::SunLDAPClientAuthentication/he|עברית]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/hu | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|magyar| [[::SunLDAPClientAuthentication/hu|magyar]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/id | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Bahasa Indonesia| [[::SunLDAPClientAuthentication/id|Bahasa Indonesia]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/it | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|italiano| [[::SunLDAPClientAuthentication/it|italiano]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ja | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|日本語| [[::SunLDAPClientAuthentication/ja|日本語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ko | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|한국어| [[::SunLDAPClientAuthentication/ko|한국어]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ksh | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Ripoarisch| [[::SunLDAPClientAuthentication/ksh|Ripoarisch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/mr | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|मराठी| [[::SunLDAPClientAuthentication/mr|मराठी]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ms | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Bahasa Melayu| [[::SunLDAPClientAuthentication/ms|Bahasa Melayu]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/nl | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Nederlands| [[::SunLDAPClientAuthentication/nl|Nederlands]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/no | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|norsk| [[::SunLDAPClientAuthentication/no|norsk]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/oc | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|occitan| [[::SunLDAPClientAuthentication/oc|occitan]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/pl | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|polski| [[::SunLDAPClientAuthentication/pl|polski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/pt | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|português| [[::SunLDAPClientAuthentication/pt|português]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ro | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|română| [[::SunLDAPClientAuthentication/ro|română]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/ru | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|русский| [[::SunLDAPClientAuthentication/ru|русский]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/si | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|සිංහල| [[::SunLDAPClientAuthentication/si|සිංහල]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/sq | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|shqip| [[::SunLDAPClientAuthentication/sq|shqip]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/sr | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|српски / srpski| [[::SunLDAPClientAuthentication/sr|српски / srpski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/sv | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|svenska| [[::SunLDAPClientAuthentication/sv|svenska]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/th | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|ไทย| [[::SunLDAPClientAuthentication/th|ไทย]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/tr | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Türkçe| [[::SunLDAPClientAuthentication/tr|Türkçe]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/vi | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|Tiếng Việt| [[::SunLDAPClientAuthentication/vi|Tiếng Việt]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/yue | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|粵語| [[::SunLDAPClientAuthentication/yue|粵語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/zh | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|中文| [[::SunLDAPClientAuthentication/zh|中文]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/zh-hans | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|中文(简体)| [[::SunLDAPClientAuthentication/zh-hans|中文(简体)]]}}|}} {{#ifexist: {{#if: UbuntuHelp:SunLDAPClientAuthentication | UbuntuHelp:SunLDAPClientAuthentication | {{#if: | :}}SunLDAPClientAuthentication}}/zh-hant | • {{#if: UbuntuHelp:SunLDAPClientAuthentication|中文(繁體)| [[::SunLDAPClientAuthentication/zh-hant|中文(繁體)]]}}|}} |
{{#ifeq:UbuntuHelp:SunLDAPClientAuthentication|:SunLDAPClientAuthentication|请不要直接编辑翻译本页,本页将定期与来源同步。}} |
{{#ifexist: :SunLDAPClientAuthentication/zh | | {{#ifexist: SunLDAPClientAuthentication/zh | | {{#ifeq: {{#titleparts:SunLDAPClientAuthentication|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:SunLDAPClientAuthentication|1|-1|}} | zh | | }}
Foreword
After Sun had made the big announcement that they were open-sourcing and making free their Sun Java Enterprise System suite, there now exists another viable alternative to OpenLDAP.
The following guide is intended only for readers wishing to authenticate Ubuntu clients off an existing Sun Java Enterprise System Directory Server.
Users wishing to authenticate off an OpenLDAP server should use the UbuntuHelp:LDAPClientAuthentication page instead.
Name Switch Server Setup
The first step is to setup nss-ldap, the LDAP-specific name switch server package. During installation, accept all the defaults:
ncampbell@naaman:~$ sudo apt-get install libnss-ldap
In order to authenticate using LDAP, /etc/nsswitch.conf will need to be edited:
ncampbell@naaman:~$ sudo vi /etc/nsswitch.conf # perform the following vi commands :1,$s/compat/files ldap/g :x!
The /etc/libnss-ldap.conf file is where all the settings are configured. For brevity, the example libnss-ldap.conf is attached and not listed in this document - https://help.ubuntu.com/community/SunLDAPClientAuthentication?action=AttachFile&do=get&target=libnss-ldap.conf
To test the setup of nss-ldap, perform the following command to see a listing of LDAP shadow entries:
ncampbell@naaman:~$ getent shadow
Pluggable Authentication Modules Setup
The next step requires pam-ldap, the LDAP-specific PAM package. Answer <No> to the 2 questions asked during installation:
ncampbell@naaman:~$ sudo apt-get install libpam-ldap
The configuration file provided with the libpam-ldap package is unneccesary and can be replaced by libnss-ldap.conf:
ncampbell@naaman:~$ sudo rm /etc/pam_ldap.conf ncampbell@naaman:~$ sudo ln -s /etc/libnss-ldap.conf /etc/pam_ldap.conf
To complete the configuration of the pam-ldap package, the following files in the /etc/pam.d directory need to be changed:
ncampbell@naaman:~$ cd /etc/pam.d ncampbell@naaman:/etc/pam.d$ sudo vi common-account account sufficient pam_ldap.so account required pam_unix.so ncampbell@naaman:/etc/pam.d$ sudo vi common-auth auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass ncampbell@naaman:/etc/pam.d$ sudo vi common-password password sufficient pam_ldap.so nullok password required pam_unix.so nullok obscure min=4 max=8 md5 ncampbell@naaman:/etc/pam.d$ sudo vi common-session session sufficient pam_ldap.so session required pam_unix.so ncampbell@naaman:/etc/pam.d$ cd ~
To test the setup of the pam-ldap package, attempt to logon as an LDAP user.
Name Caching Service Daemon Setup
The final step in the LDAP client setup is to install nscd, the name service caching daemon, to prevent excess LDAP traffic:
ncampbell@naaman:~$ sudo apt-get install nscd ncampbell@naaman:~$ sudo mkdir -p /var/db/nscd /var/run/nscd ncampbell@naaman:~$ sudo /etc/init.d/nscd start
References
- LDAP Authentication for Linux
- Making a Debian or Ubuntu Machine an LDAP Authentication Client - more suited to an OpenLDAP environment
- Installing and configuring iPlanet Directory Server for Solaris9 - namely Step 4: Configure RedHat Linux LDAP Client (OpenLDAP+PADL libraries) - also a good source of information on setting up a Sun Directory Server
