部署 LLDAP

LLDAP 是轻量级的 LDAP 实现，适合小型实验室。

1. 安装 LLDAP：

   # 添加 OBS 源
   echo 'deb [signed-by=/etc/apt/keyrings/lldap.gpg] http://download.opensuse.org/repositories/home:/Masgalor:/LLDAP/xUbuntu_24.04/ /' | sudo tee /etc/apt/sources.list.d/lldap.list
   
   # 导入 GPG key
   curl -fsSL https://download.opensuse.org/repositories/home:Masgalor:LLDAP/xUbuntu_24.04/Release.key | gpg --dearmor | sudo tee /etc/apt/keyrings/lldap.gpg > /dev/null
   
   # 安装
   sudo apt update
   sudo apt install lldap lldap-migration-tool lldap-set-password lldap-cli
   

2. 编辑 LLDAP 配置：

   sudoedit /etc/lldap/lldap_config.toml
   

   ldap_base_dn = "dc=example,dc=com"
   ldap_user_pass = "password"
   ldap_port = 3890
   http_port = 17170
   

3. 启动 LLDAP

   sudo systemctl enable --now lldap
   

4. 编辑 SSSD 配置文件：

   sudoedit /etc/sssd/sssd.conf
   

   [sssd]
   services = nss, pam, ssh
   domains = default
   
   [domain/default]
   id_provider = ldap
   auth_provider = ldap
   
   ldap_uri = ldap://example.com:3890
   ldap_search_base = dc=example,dc=com
   ldap_default_bind_dn = uid=admin,ou=people,dc=example,dc=com
   ldap_default_authtok = password
   
   cache_credentials = True
   enumerate = True
   auto_private_groups = True
   override_homedir = /home/%u
   
   ldap_user_object_class = person
   ldap_user_name = uid
   ldap_user_uid_number = uidNumber
   ldap_user_gid_number = gidNumber
   ldap_user_home_directory = homeDirectory
   ldap_user_shell = loginShell
   ldap_user_ssh_public_key = sshPublicKey
   ldap_group_object_class = groupOfUniqueNames
   ldap_group_name = cn
   ldap_group_gid_number = gidNumber
   ldap_group_member = uniqueMember