CentOS下安装sssd使用ldap登录

在centos7下使用sssd将nss和ldap结合,主要用于ssh用户登录。

操作步骤

yum install sssd sssd-ldap -y
echo '192.168.1.1 ldap.troy.wang' >> /etc/hosts
cat > /etc/sssd/sssd.conf <<-EOF
[sssd]
services = nss, pam
domains = example
[pam]
[domain/example]
cache_credentials = true
account_cache_expiration = 0
id_provider = ldap
auth_provider = ldap
access_provider = ldap
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_uri = ldaps://ldap.troy.wang:636
ldap_search_base = dc=troy,dc=wang
ldap_tls_reqcert = allow
ldap_user_search_base = ou=staff,dc=troy,dc=wang
ldap_group_search_base = ou=group,dc=troy,dc=wang
ldap_group_member = memberUid
ldap_user_ssh_public_key = sshPublicKey
dns_discovery_domain = troy.wang
ldap_schema = rfc2307
ldap_force_upper_case_realm = true
EOF
chmod 600 /etc/sssd/sssd.conf
systemctl enable sssd
systemctl start sssd
authconfig --enablesssdauth --enablesssd --enablemkhomedir --updateall