LDAP客户端配置

一. 安装客户端软件

[root@labsys00208 ~]# yum -y install openldap-clients nss-pam-ldapd
[root@labsys00208 ~]# authconfig --enableldap --enableldapauth --ldapserver=10.17.161.18 --ldapbasedn="dc=contoso,dc=com" --enablemkhomedir --update

 

refer: https://www.server-world.info/en/note?os=CentOS_7&p=openldap&f=3

     If SELinux is enabled, it needs to add a rule to allow creating home directories automatically by mkhomedir.
[root@www ~]# vi mkhomedir.te
# create new

module mkhomedir 1.0;

require {
        type unconfined_t;
        type oddjob_mkhomedir_exec_t;
        class file entrypoint;
}

#============= unconfined_t ==============
allow unconfined_t oddjob_mkhomedir_exec_t:file entrypoint;

[root@www ~]# checkmodule -m -M -o mkhomedir.mod mkhomedir.te

checkmodule: loading policy configuration from mkhomedir.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 17) to mkhomedir.mod
[root@www ~]# semodule_package --outfile mkhomedir.pp --module mkhomedir.mod

[root@www ~]# semodule -i mkhomedir.pp 

 

posted on 2019-05-20 13:39  okay半个  阅读(1566)  评论(0编辑  收藏  举报

导航