LDAP客户端配置
一. 安装客户端软件
[root@labsys00208 ~]# yum -y install openldap-clients nss-pam-ldapd
[root@labsys00208 ~]# authconfig --enableldap --enableldapauth --ldapserver=10.17.161.18 --ldapbasedn="dc=contoso,dc=com" --enablemkhomedir --update
refer: https://www.server-world.info/en/note?os=CentOS_7&p=openldap&f=3
If SELinux is enabled, it needs to add a rule to allow creating home directories automatically by mkhomedir. [root@www ~]# vi mkhomedir.te # create new module mkhomedir 1.0; require { type unconfined_t; type oddjob_mkhomedir_exec_t; class file entrypoint; } #============= unconfined_t ============== allow unconfined_t oddjob_mkhomedir_exec_t:file entrypoint; [root@www ~]# checkmodule -m -M -o mkhomedir.mod mkhomedir.te checkmodule: loading policy configuration from mkhomedir.te checkmodule: policy configuration loaded checkmodule: writing binary representation (version 17) to mkhomedir.mod [root@www ~]# semodule_package --outfile mkhomedir.pp --module mkhomedir.mod [root@www ~]# semodule -i mkhomedir.pp