我正在尝试使用centos 6来对ldap进行身份验证(特定的活动目录)我有点困惑,因为在安装nss-pam-ldapd后,我看到几个文件似乎是相同的配置.例如,我有/etc/pam_ldap.conf和/etc/nslcd.conf.这两个文件似乎都具有相同的配置选项.似乎没有工作.任何指导将不胜感激.
Make sure you:
1. yum remove sssd
2. yum install openldap-clients nss-pam-ldapd
3. Run Authconfig
4. Check your /etc/openldap/ldap.conf
- Check for your valid certfile is pointed to
5. Check your /etc/nslcd.conf
- confirm ssl start_tls
- confirm certfile is pointing to a valid file
Here is a example authconfig line:
authconfig --enableldap --enableldapauth \
--ldapserver=ldap://ldap.example.com/,ldap://ldap2.example.com/ \
--ldapbasedn=dc=example,dc=com --update
Then make sure:
/etc/openldap/ldap.conf
TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt
TLS_REQCERT demand
And in /etc/nslcd.conf:
ssl start_tls
tls_cacertfile /etc/pki/tls/certs/ca-bundle.crt
tls_reqcert never
So that you get a certificate not a empty directory.
