Compose-Files/openldap/Шпаргалка.txt

visudo -> %Linux\ Users ALL=(ALL:ALL) ALL

sudo apt update
sudo apt install libnss-ldap libpam-ldap ldap-utils nscd
dc=ldap,dc=server,dc=home
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldap://server.ldap.home

# The search base that will be used for all queries.
base dc=ldap,dc=server,dc=home
binddn cn=readonly,dc=ldap,dc=server,dc=home
bindpw qaz55qwe
# The LDAP protocol version to use.
ldap_version 3
#sudoers_base cn=sudoers,ou=Linux Users,dc=ldap,dc=server,dc=home
#sudoers_debug 0
# The DN to bind with for normal lookups.
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret

# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com

# SSL options
#ssl off
#tls_reqcert never
tls_cacertfile /etc/ssl/certs/ca-certificates.crt

# The search scope.
#scope sub


#/etc/nsswitch.conf
passwd:         files ldap
group:          files ldap
shadow:         files ldap


#/etc/pam.d/common-auth
auth    [success=1 default=ignore]      pam_unix.so nullok_secure
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
auth    optional                        pam_ldap.so

#/etc/pam.d/common-account
account [success=1 new_authtok_reqd=done default=ignore]        pam_unix.so
account required                                                pam_ldap.so

#/etc/pam.d/common-session
session required        pam_unix.so
session optional        pam_ldap.so
session required        pam_mkhomedir.so skel=/etc/skel/ umask=077

commands:
sudo systemctl restart nslcd
getent passwd
added "Шпаргалка" 2024-10-07 11:41:16 +03:00			`visudo -> %Linux\ Users ALL=(ALL:ALL) ALL`

"Шпаргалка Update" 2.0 2024-10-07 18:51:54 +03:00			`sudo apt update`
			`sudo apt install libnss-ldap libpam-ldap ldap-utils nscd`
			`dc=ldap,dc=server,dc=home`
added "Шпаргалка" 2024-10-07 11:41:16 +03:00			`# /etc/nslcd.conf`
			`# nslcd configuration file. See nslcd.conf(5)`
			`# for details.`

			`# The user and group nslcd should run as.`
			`uid nslcd`
			`gid nslcd`

			`# The location at which the LDAP server(s) should be reachable.`
			`uri ldap://server.ldap.home`

			`# The search base that will be used for all queries.`
			`base dc=ldap,dc=server,dc=home`
			`binddn cn=readonly,dc=ldap,dc=server,dc=home`
			`bindpw qaz55qwe`
			`# The LDAP protocol version to use.`
			`ldap_version 3`
			`#sudoers_base cn=sudoers,ou=Linux Users,dc=ldap,dc=server,dc=home`
			`#sudoers_debug 0`
			`# The DN to bind with for normal lookups.`
			`#binddn cn=annonymous,dc=example,dc=net`
			`#bindpw secret`

			`# The DN used for password modifications by root.`
			`#rootpwmoddn cn=admin,dc=example,dc=com`

			`# SSL options`
			`#ssl off`
			`#tls_reqcert never`
			`tls_cacertfile /etc/ssl/certs/ca-certificates.crt`

			`# The search scope.`
"Шпаргалка Update" 2024-10-07 11:43:00 +03:00			`#scope sub`



			`#/etc/nsswitch.conf`
			`passwd: files ldap`
			`group: files ldap`
			`shadow: files ldap`


			`#/etc/pam.d/common-auth`
			`auth [success=1 default=ignore] pam_unix.so nullok_secure`
			`auth requisite pam_deny.so`
			`auth required pam_permit.so`
			`auth optional pam_ldap.so`

			`#/etc/pam.d/common-account`
			`account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so`
			`account required pam_ldap.so`

			`#/etc/pam.d/common-session`
			`session required pam_unix.so`
			`session optional pam_ldap.so`
			`session required pam_mkhomedir.so skel=/etc/skel/ umask=077`

			`commands:`
			`sudo systemctl restart nslcd`
			`getent passwd`