合體技－LDAP+NFS+Autofs

簡易的 LDAP 伺服器架設：原文出處

伺服器端（10.10.10.154）
安裝 # yum install -y openldap-servers
更改 Domain Component（dc）設預值：my-domain→example # cd /etc/openldap/slapd.d
# grep my-domain -r .
　./cn=config/olcDatabase={1}monitor.ldif: l,cn=auth" read by dn.base="cn=manager,dc=my-domain,dc=com" read by * none
　./cn=config/olcDatabase={2}bdb.ldif:olcSuffix: dc=my-domain,dc=com
　./cn=config/olcDatabase={2}bdb.ldif:olcRootDN: cn=Manager,dc=my-domain,dc=com

# vim ./cn\=config/olcDatabase\=\{1\}monitor.ldif
# vim ./cn\=config/olcDatabase\=\{2\}bdb.ldif
LDAP 管理員密碼（建議寫在 olcRootDN 附近） # vim ./cn\=config/olcDatabase\=\{2\}bdb.ldif
　olcRootPW: secret
重啟服務 # /etc/init.d/slapd restart
觀察 process 與 port # netstat -na | grep -w 389 ; netstat -nap | grep slapd

防火牆設定 # iptables -A INPUT -p tcp -m tcp --dport 389 -j ACCEPT
migration tool(轉換 / 遷徙工具)：將原有帳號轉換成 LDAP 格式 # yum install -y migrationtools.noarch
# /usr/share/migrationtools/migrate_passwd.pl /etc/passwd
NFS 設定 # mkdir -p /home/guests
# useradd -d /home/guests/ldapuser2 -u 1702 ldapuser2
# /usr/share/migrationtools/migrate_passwd.pl /etc/passwd
# vim /etc/exports
　/home/guests　*(rw,sync)
客戶端（10.10.10.155）
安裝 # yum install -y openldap-clients nss-pam-ldapd
認證來源設定 # setup

檔案 example.com.ldif 的內容 # cd /etc/openldap/
# vim example.com.ldif
　dn: dc=example,dc=com
　dc: example
　o: example
　ObjectClass: organization
　ObjectClass: dcObject
檔案 people.example.com.ldif 的內容 # vim people.example.com.ldif
　dn: ou=people,dc=example,dc=com
　ObjectClass: top
　ObjectClass: organizationalUnit
　ou: people
檔案 ldapuser2.people.example.com.ldif 的內容 # vim ldapuser2.people.example.com.ldif
　dn: uid=ldapuser2,ou=people,dc=example,dc=com
　uid: ldapuser2
　cn: LDAP Test User 2
　objectClass: account
　objectClass: posixAccount
　objectClass: top
　objectClass: shadowAccount
　userPassword:
　{crypt}$6$YvAT5G9T$mLFxORGWK4yGIMzEX0ZAOoLd.U2AbEBIkwIJQ8.vzd0GoBRRLoVn6CpXOGvJHG03xknIYP6RJuCel3Vr7gyQ/.
　shadowLastChange: 15233
　shadowMin: 0
　shadowMax: 99999
　shadowWarning: 7
　loginShell: /bin/bash
　uidNumber: 1702
　gidNumber: 1702
　homeDirectory: /home/guests/ldapuser2
新增及搜尋 ldap 資訊 # ldapadd -v -x -D "cn=Manager,dc=example,dc=com" -f example.com.ldif -w secret
# ldapadd -v -x -D "cn=Manager,dc=example,dc=com" -f people.example.com.ldif -w secret
# ldapadd -v -x -D "cn=Manager,dc=example,dc=com" -f ldapuser2.people.example.com.ldif -w secret
# ldapsearch -x -b "dc=example,dc=com"

設定 autofs # echo '/home/guests /etc/auto.guests' >> /etc/auto.master
# echo '* -rw,hard,intr 10.10.10.154:/home/guests/&' >> /etc/auto.guests
# su - ldapuser2
　id: cannot find name for group ID 1702
$ pwd　　// 成功掛載路徑，若失敗會顯示 -bash-4.1$
　/home/guests/ldapuser2
$ df