1

getent passwd

LDAP Configuration

alias ldapsearch='ldapsearch -D "cn=admin,dc=fuel" -w r00tme'
alias ldapmodify='ldapmodify -D "cn=admin,dc=fuel" -w r00tme'

slapcat

dn: dc=fuel
objectClass: top
objectClass: dcObject
objectClass: organization
o: fuel_org
dc: fuel
structuralObjectClass: organization
entryUUID: 9e2a168a-a714-1035-9f39-4b3bdb074971
creatorsName: cn=admin,dc=fuel
createTimestamp: 20160505135423Z
entryCSN: 20160505135423.540761Z#000000#000#000000
modifiersName: cn=admin,dc=fuel
modifyTimestamp: 20160505135423Z

dn: cn=admin,dc=fuel
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9dndjQVZSdnlXWHhyT05LTmpZQVIyMlpmMnFocmg4eWs=
structuralObjectClass: organizationalRole
entryUUID: 9e2a9772-a714-1035-9f3a-4b3bdb074971
creatorsName: cn=admin,dc=fuel
createTimestamp: 20160505135423Z
entryCSN: 20160505135423.544062Z#000000#000#000000
modifiersName: cn=admin,dc=fuel
modifyTimestamp: 20160505135423Z

Добавить организацию Обратить внимание - dn: dc=example_organization,dc=fuel - порядок важен. dc В КОТОРЫЙ добавляется должен быть последним.

# example.org
dn: dc=example_organization,dc=fuel
dc: example_organization
o: Example Organization
objectClass: dcObject
objectClass: organization

Сокращения

alias ldapadd='ldapadd -D "cn=admin,dc=fuel" -w r00tme'
alias ldapmodify='ldapmodify -D "cn=admin,dc=fuel" -w r00tme'
alias ldapsearch='ldapsearch -D "cn=admin,dc=fuel" -w r00tme'

ldapadd < org
adding new entry "dc=example_organization,dc=fuel"

Ссылки

• ВВедение в PAM https://www.ibm.com/developerworks/ru/library/l-pam/

• http://www.mironovs.com/os/unix-os/debian-autentifikatsiya-i-avtorizatsiya-polzovateley-s-pomoschyu-ldap.html

PAM

• https://www.opennet.ru/base/net/pam_linux.txt.html

PAM vs NSS

• http://serverfault.com/questions/538383/understand-pam-and-nss

http://serverfault.com/questions/538383/understand-pam-and-nss

http://skeletor.org.ua/?p=464