#!/bin/bash
#
# LdapServer install Script
# author: liulingfeng
# 2023-04-29
#--------------------------------------------
LdapServerIP="192.168.1.24"
DomainPrefix="huawei"
DomainSuffix="com"
AdminPd="Huawei@123"
# 1、安装客户端进行测试
yum install -y epel-release
yum -y install nss-pam-ldapd pam_ldap openldap-clients oddjob oddjob-mkhomedir
# 2、给client配置认证
authconfig --enableldap \
--enableldapauth \
--ldapserver=${LdapServerIP} \
--ldapbasedn="dc=${DomainPrefix},dc=${DomainSuffix}" \
--enablemkhomedir \
--update
# 3、重启LDAP客户端服务器
systemctl restart nslcd && systemctl enable nslcd
systemctl restart oddjobd && systemctl enable oddjobd
# 4、修改配置文件/etc/nslcd.conf
sed -i.bak "/^uri ldap/ s#uri ldap://#uri ldaps://#g" /etc/nslcd.conf
sed -i.bak 's#ssl no#ssl yes#g' /etc/nslcd.conf
echo "tls_cacert /etc/openldap/cacerts/ldapclient.crt" >> /etc/nslcd.conf
echo "tls_reqcert allow" >> /etc/nslcd.conf
# 5、修改配置文件/etc/openldap/ldap.conf
sed -i.bak '/URI ldap:/ s#URI ldap:#URI ldaps:#g' >>/etc/openldap/ldap.conf
echo "TLS_REQCERT allow" >>/etc/openldap/ldap.conf
echo "TLS_CACERT /etc/openldap/cacerts/ldapclient.crt" >>/etc/openldap/ldap.conf
# 6、查看LDAP客户端dn
ldapsearch -D "cn=admin,dc=${DomainPrefix},dc=${DomainSuffix}" -w ${AdminPd} | grep dn
浙公网安备 33010602011771号