openldap-client安装和配置
2019-04-11centos8-openldap客户端安装
#!/bin/bash
ldapuri="ldap://172.10.1.100/"
ldapbase="dc=wall,dc=com"
ldapsudoers="ou=sudoers,dc=wall,dc=com"
yum -y remove sssd sssd-client
yum -y install nss-pam-ldapd openssh-ldap openldap-clients
yum -y install oddjob oddjob-mkhomedir
sed -i '/^uri/d' /etc/nslcd.conf /etc/openldap/ldap.conf /etc/sudo-ldap.conf
sed -i '/^base/d' /etc/nslcd.conf /etc/openldap/ldap.conf /etc/sudo-ldap.conf
sed -i '/^URI/d' /etc/nslcd.conf /etc/openldap/ldap.conf /etc/sudo-ldap.conf
sed -i '/^BASE/d' /etc/nslcd.conf /etc/openldap/ldap.conf /etc/sudo-ldap.conf
sed -i '/^sudoers_base/d' /etc/nslcd.conf /etc/openldap/ldap.conf /etc/sudo-ldap.conf
#authselect select sssd with-mkhomedir --force
authconfig \--enablesssd \--enablesssdauth \--ldapserver=${ldapuri} \--ldapbasedn=${ldapbase} \--enablemkhomedir \--updateall
sed -i 's/sss/ldap/g' /etc/pam.d/password-auth
sed -i 's/sss/ldap/g' /etc/pam.d/system-auth
cat >> /etc/sudo-ldap.conf << EOF
uri ${ldapuri}
sudoers_base ${ldapsudoers}
EOF
cat >> /etc/nslcd.conf << EOF
uri ${ldapuri}
base ${ldapbase}
EOF
systemctl restart nslcd.service
sed -i '/sudoers/d' /etc/nsswitch.conf
echo 'sudoers: files ldap' >>/etc/nsswitch.conf
sed -i 's/sss/ldap/g' /etc/nsswitch.conf
sed -i '/AllowGroups/d' /etc/ssh/sshd_config
cat >> /etc/ssh/sshd_config << EOF
AllowGroups root yunwei
EOF
systemctl restart sshd.service