CentOS 6通過ldap集成AD域賬號(nslcd方式)
阿新 • • 發佈:2018-04-02
nslcdCentOS 6通過ldap集成AD域賬號(nslcd方式):
#pagesize 1000
#referrals off
filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=)(unixHomeDirectory=))
map passwd uid sAMAccountName
map passwd homeDirectory unixHomeDirectory
map passwd gecos displayName
filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=)(unixHomeDirectory= ))
map shadow uid sAMAccountName
map shadow shadowLastChange pwdLastSet
filter group (objectClass=group)
map group uniqueMember member
CentOS 6默認有安裝nss-pam-ldapd軟件(rpm -qa nss-pam-ldapd,rpm -ql nss-pam-ldapd)
vi /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
:wq
vi /etc/nslcd.conf
binddn cn=aa,cn=users,dc=ming,dc=com (aa為普通AD賬號,在Users組裏)
bindpw ** (aa的密碼)
下面部分默認為註釋掉的,去掉註釋即可
#Mappings for Active Directory
#referrals off
filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=)(unixHomeDirectory=))
map passwd uid sAMAccountName
map passwd homeDirectory unixHomeDirectory
map passwd gecos displayName
filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=)(unixHomeDirectory=
map shadow uid sAMAccountName
map shadow shadowLastChange pwdLastSet
filter group (objectClass=group)
map group uniqueMember member
uid nslcd
gid ldap
uri ldap://10.0.0.3/
base dc=ming,dc=com
ssl no
tls-cacertdir /etc/openldap/cacerts
:wq
/etc/init.d/nslcd restart
getent passwd | grep zhi.yang
su - zhi.yang
CentOS 6通過ldap集成AD域賬號(nslcd方式)