个人工具
登录
查看“LDAPClientAuthentication”的源代码 - Ubuntu中文
页面
讨论
查看源代码
历史
搜索
导航
首页
最近更改
随机页面
页面分类
帮助
编辑
编辑指南
沙盒
新闻动态
字词处理
工具
链入页面
相关更改
特殊页面
页面信息
查看“LDAPClientAuthentication”的源代码
来自Ubuntu中文
←
LDAPClientAuthentication
跳转至:
导航
,
搜索
因为以下原因,你没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
原文出处:Ubuntu官方Wiki 原文作者: 授权许可:[http://www.creativecommons.cn/licenses/by-nc-sa/1.0/ 创作共用协议] 翻译人员:FireHare 校对人员: 适用版本: 文章状态:等待校正 ---- === Intended Audience(阅读对象) === This page is intended for anyone who wants to enable an Ubuntu client to authenticate on an existing OpenLDAP server. For more details on the server installation part see [[UbuntuHelp:OpenLDAPServer]].<br> 本页是为那些想配置 Ubuntu 客户端以便从已有 OpenLDAP 服务得到认证的人而写的。服务器安装的详情请参见 [[UbuntuHelp:OpenLDAPServer]]。 For authenticating on a Sun Java Enterprise System Directory Server should consult the [[UbuntuHelp:SunLDAPClientAuthentication]] page.<br> 要从 Sun Java 企业系统目录服务中得到认证,可以参考 [[UbuntuHelp:SunLDAPClientAuthentication]] 页。 === Installing and configuring LDAP authentication(安装配置 LDAP 认证) === ==== Install the necessary packages(安装必需的软件包) ==== Install the following packages: <code><nowiki>libpam-ldap libnss-ldap</nowiki></code> (see InstallingSoftware). Note that you have to enable the universe repositories for this.<br> 安装下列包:<code><nowiki>libpam-ldap libnss-ldap</nowiki></code> (参见 InstallingSoftware )。注意你必须激活 universe 库。 During installation, you will be asked the following questions:<br> 在安装时,您将询问下列问题: * '''The address of the LDAP server used'''. You can also use a fully qualified domain name here. For example: ''ldap.example.com''<br>'''所用 LDAP 服务器地址''' 在这里您也可以使用完整的域名。如''ldap.example.com'' * '''The distinguished name of the search base'''. For example ''dc=example,dc=com''<br>'''搜索所基的标识名'''。如''dc=example,dc=com'' * '''The LDAP version to use'''. You usually would choose ''3'' here.<br>'''所用 LDAP 版本''' 在这您通常可以选 ''3''。 * '''If your database requires logging in'''. You would usually choose ''no'' here.<br>'''您的数据库是否要求登录''' 这里您通常可以选 ''no''。 * '''If you want to make configuration readable/writeable by owner only'''. A ''no'' should be the answer to this.<br>'''您是否只想为自己配置可读/可写权限''' 这里应该回答 ''no'' * A Dialog is displayed explaining it cannot manage ''nsswitch.conf'' automatically. Just select ''OK''.<br>显示的对话框说明它不能自动管理 ''nsswitch.conf''。只需选择 ''OK''。 * '''If you want the local root to be the database admin'''. You would usually choose ''yes'' here.<br>'''您是否想让本地根用户成为数据库管理员''' 这里通常选 ''yes'' * Again '''If your database requires logging in'''. You would usually choose ''no'' here.<br> 再次询问'''您的数据库是否要求登录 '''这里您将选择'' no'' * '''Your root login account'''. For example: ''cn=manager,dc=example,dc=com ''<br>''''''''' 您的根用户登录帐号 '''如:''cn=manager,dc=example,dc=com'' * '''Your root password'''. <br> '''您的根用户密码''' * After, a dialog explaining the different encryption methods to specify the '''encryption method to use before sending your password'''. ''exop'' is usually a good choice. <br> 然后,一个对话框显示不同的加密方式以指定 '''发送您密码前所用的加密方式'''。 ''exop'' 通常是个好的选择。 ==== Configuring nsswitch.conf(配置 nsswitch.conf) ==== Unfortunately we cannot test the above configuration until /etc/nsswitch.conf is configured:<br> 不幸的是我们在 /etc/nsswitch.conf 被配置之前还不能测试上述配置: <pre><nowiki> $ sudo vi /etc/nsswitch.conf </nowiki></pre> and enter the following command, which will replace ''compat'' with ''ldap files'':<br> 输入下列命令,以便用 ''ldap files'' 代替 ''compat'': <pre><nowiki> :%s/compat/ldap files/g </nowiki></pre> ===== Testing the ''nsswitch.conf'' configuration using ''getent''(使用''getent''测试''nsswitch.conf''配置 ===== Now you can test the configuration by using the following line (substitute ''<someldapuser>'' with a user and ''<someldapgroup>'' with a group known by your LDAP server):<br> 现在您可以使用下列命令来测试配置(用用户代替 ''<someldapuser>'' 并用您 LDAP 服务已知组代替 ''<someldapgroup>''): <pre><nowiki> $ getent passwd <someldapuser> $ getent group <someldapgroup> </nowiki></pre> If you get a response in both cases, your LDAP ''nsswitch.conf'' configuration is correct and all you need to do is to configure PAM.<br> 如果您在上述情形下得到回复,那么您 LDAP ''nsswitch.conf'' 配置就是正确的,所有您所需做的就是去配置 PAM 了。 ===== Changing the lookup order for ''nsswitch.conf''(改变''nsswitch.conf''中的查找顺序) ===== You might want to swap around ''ldap'' and ''files'' to first check your local passwd file before consulting the LDAP server:<br> 您也许想交换 ''ldap'' 和 ''files'' 的顺序,以便在查询 LDAP 服务器之前先检查您的本地 passwd 文件: <pre><nowiki> $ sudo vi /etc/nsswitch.conf </nowiki></pre> ...and change the lines to show the following:<br> ...然后按下面形式改变每行的顺序: <pre><nowiki> passwd: files ldap group: files ldap shadow: files ldap </nowiki></pre> ==== Configuring PAM(配置 PAM) ==== The PAM configuration is split in 4 files: common-account, common-auth, common-password and common-session<br> PAM 配置被拆分成 4 个文件:common-account, common-auth, common-password and common-session ===== /etc/pam.d/common-account ===== <pre><nowiki> $ sudo vi /etc/pam.d/common-account </nowiki></pre> Enter the following lines:<br> 输入下列语句: <pre><nowiki> account sufficient pam_ldap.so account required pam_unix.so </nowiki></pre> ===== /etc/pam.d/common-auth ===== <pre><nowiki> $ sudo vi /etc/pam.d/common-auth </nowiki></pre> Enter the following lines:<br> 输入下列语句: <pre><nowiki> auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass </nowiki></pre> ===== /etc/pam.d/common-password ===== ====== Standard Configuration(标准配置) ====== <pre><nowiki> $ sudo vi /etc/pam.d/common-password </nowiki></pre> Enter the following lines:<br> 输入下列语句: <pre><nowiki> password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5 </nowiki></pre> ====== Using Stronger Passwords(使用强口令) ====== If you want stronger passwords, you might be interested in ''libpam-cracklib''. Install the following packages: <code><nowiki>libpam-cracklib</nowiki></code> (see InstallingSoftware).<br> 如果您想使用强口令,您也许会对 ''libpam-cracklib'' 感兴趣。安装下列软件包: You than need to change the configuration of ''/etc/pam.d/common-password'':<code><nowiki>libpam-cracklib</nowiki></code> (参见 InstallingSoftware) <pre><nowiki> $ sudo vi /etc/pam.d/common-password </nowiki></pre> Enter the following lines:<br> 输入下列语句: <pre><nowiki> password required pam_cracklib.so retry=3 minlen=6 difok=3 password sufficient pam_ldap.so use_authtok nullok md5 password required pam_unix.so use_authtok use_first_pass </nowiki></pre> ===== /etc/pam.d/common-session ===== ====== Standard Configuration(标准配置) ====== <pre><nowiki> $ sudo vi /etc/pam.d/common-session </nowiki></pre> Enter the following lines:<br> 输入下列语句: <pre><nowiki> session sufficient pam_ldap.so session required pam_unix.so </nowiki></pre> ====== Automatically creating home directory on first logon(在首次登录时自动创建主文件夹) ====== If you want the home directory of the user to be created automatically at first logon, you need to edit the ''common-session'' file again:<br> 如果您想在首次登录时自动创建用户主文件夹,您需要再次编辑 ''common-session'' 文件: <pre><nowiki> $ sudo vi /etc/pam.d/common-session </nowiki></pre> Enter the following lines:<br> 输入下列语句: <pre><nowiki> session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ session optional pam_ldap.so </nowiki></pre> === Credits(鸣谢) === * Most of the information used in this document was found on the following page: http://mcwhirter.com.au/documentation/MakingaDebianorUbuntuMachineanLDAPAuthenticationClient<br>关于本文档的更多信息可以在以下网页找到:http://mcwhirter.com.au/documentation/MakingaDebianorUbuntuMachineanLDAPAuthenticationClient * Some additional documentation I found here: http://www.gentoo.org/doc/en/ldap-howto.xml<br>我还找到了其他一些文档,在这里:http://www.gentoo.org/doc/en/ldap-howto.xml ----
返回至
LDAPClientAuthentication
。