######ldap网络帐号#####
1.什么是ldap?
ldap目录服务认证,和windows活动目录类似,就是记录数据的一种方式

在江阴等地区,都构建了全面的区域性战略布局,加强发展的系统性、市场前瞻性、产品创新能力,以专注、极致的服务理念,为客户提供网站制作、成都网站制作 网站设计制作按需网站制作,公司网站建设,企业网站建设,品牌网站建设,全网整合营销推广,成都外贸网站建设,江阴网站建设费用合理。
2.ldap客户端所须软件
yum sssd krb5-workstation -y
3.如何开启ldap用户认证
authconfig-tui
                       ┌────────────────┤ Authentication Configuration ├─────────────────┐
                       │                                                                 │ 
                       │  User Information        Authentication                         │ 
                       │  [ ] Cache Information   [ ] Use MD5 Passwords                  │ 
                       │  [*] Use LDAP            [*] Use Shadow Passwords               │ 
                       │  [ ] Use NIS             [ ] Use LDAP Authentication            │ 
                       │  [ ] Use IPAv2           [*] Use Kerberos                       │ 
                       │  [ ] Use Winbind         [ ] Use Fingerprint reader             │ 
                       │                          [ ] Use Winbind Authentication         │ 
                       │                          [*] Local authorization is sufficient  │ 
                       │                                                                 │ 
                       │            ┌────────┐                      ┌──────┐             │ 
                       │            │ Cancel │                      │ Next │             │ 
                       │            └────────┘                      └──────┘             │ 
                       │                                                                 │ 
                       │                                                                 │ 
                       └─────────────────────────────────────────────────────────────────┘ 
                                                                                          
                              ┌─────────────────┤ LDAP Settings ├─────────────────┐
                              │                                                   │ 
                              │          [*] Use TLS                              │ 
                              │  Server: ldap://cla***oom.example.com/___________ │ 
                              │ Base DN: dc=example,dc=com_______________________ │ 
                              │                                                   │ 
                              │         ┌──────┐                ┌──────┐          │ 
                              │         │ Back │                │ Next │          │ 
                              │         └──────┘                └──────┘          │ 
                              │                                                   │ 
                              │                                                   │ 
                              └───────────────────────────────────────────────────┘ 
                                                                                   
                           ┌─────────────────┤ Kerberos Settings ├──────────────────┐
                           │                                                        │ 
                           │        Realm: EXAMPLE.COM_____________________________ │ 
                           │          KDC: cla***oom.example.com___________________ │ 
                           │ Admin Server: cla***oom.example.com___________________ │ 
                           │               [ ] Use DNS to resolve hosts to realms   │ 
                           │               [ ] Use DNS to locate KDCs for realms    │ 
                           │                                                        │ 
                           │          ┌──────┐                    ┌────┐            │ 
                           │          │ Back │                    │ Ok │            │ 
                           │          └──────┘                    └────┘            │ 
                           │                                                        │ 
                           │                                                        │ 
                           └────────────────────────────────────────────────────────┘ 
                                                                                     
<当出现以下报错时>
                                 ┌────────────────┤ Warning ├─────────────────┐
                                 │                                            │ 
                                 │ To connect to a LDAP server with TLS       │ 
                                 │ protocol enabled you need a CA certificate │ 
                                 │ which signed your server's certificate.    │ 
                                 │ Copy the certificate in the PEM format to  │ 
                                 │ the '/etc/openldap/cacerts' directory.     │ 
                                 │ Then press OK.                             │ 
                                 │                                            │ 
                                 │                  ┌────┐                    │ 
                                 │                  │ Ok │                    │ 
                                 │                  └────┘                    │ 
                                 │                                            │ 
                                 │                                            │ 
                                 └────────────────────────────────────────────┘ 
                                                                                
时因为tls的证书缺失,需要到服务器端下载所需要的证书到/etc/openldap/cacerts,
用到的命令
wget http://172.25.254.254/pub/example-ca.crt
<测试> 
getent passwd ldapuser1
如果用户信息可以正常显示,证明客户端认成功。
4.自动挂载用户家目录
yum install autofs -y
vim /etc/autofs.master
/home/guests /etc/auto.ldap
vim /etc/auto.ldap
ldapuser1 172.25.254.254:/home/guests/ldapuser1
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
*  172.25.254.254:/home/guests/&
systemctl restart autofs 
####建立脚本执行ldap####
vim set-ldap.sh
#!/bin/bash
echo "install software ing ..."
yum install sssd krb5-workstation autofs -y
echo "config ldap auth client ing ..."
authconfig \
--enableldap \
--enablekrb5 \
--disableldapauth \
--enableldaptls \
--ldaploadcacert=http://172.25.254.254/pub/example-ca.crt \
--ldapserver="cla***oom.example.com" \
--ldapbasedn="dc=example,dc=com" \
--krb5realm="EXAMPLE.COM" \
--krb5kdc="cla***oom.example.com" \
--krb5adminserver="cla***oom.example.com" \
--enablesssd \
--enablesssdauth \
--update \
echo "config ldap user\'s home directory"
echo /home/guests /etc/auto.ldap >> /etc/auto.master
echo "* 172.25.254.254:/home/guests/&" >> /etc/auto.ldap
systemctl restart autofs
systemctl enable autofs
echo "all is successful!"
:wq
sh set-ldap.sh   ##执行脚本