Aktuelle Version vom 16. Januar 2023, 13:26 Uhr

nsswitch und pam anbinden

passwd:         compat ldap
group:          compat ldap

getent passwd | grep 3001
leroy:x:2001:3001:leroy:/home/leroy:/bin/bash

getent group | grep 3001
it:*:3001:

id leroy
uid=2001(leroy) gid=3001(it) Gruppen=3001(it)

#First entry should be
auth    required     pam_group.so use_first_pass

*;*;*;Al0000-2400;audio,cdrom,dialout,floppy,sudo,adm,video

%it     ALL=(ALL:ALL) ALL

@@ Zeile 1: / Zeile 1: @@
-=sudo=
+=nsswitch und pam anbinden=
+*apt install libnss-ldap libpam-ldap ldap-utils
+=ldap.conf=
+*[[ldap.conf]]
+==Wir benutzen nur eine Konfigurationdatei==
+*ln -sf /etc/ldap/ldap.conf /etc/ldap.conf
+*ln -sf /etc/ldap/ldap.conf /etc/libnss-ldap.conf
+*ln -sf /etc/ldap/ldap.conf /etc/pam_ldap.conf
+=Test=
+*ldapsearch -x | head  -20
+==ergänzen /etc/nsswitch.conf==
+ passwd:         compat ldap
+ group:          compat ldap
+==nsswitch tests==
+===passwd test===
+ getent passwd | grep 3001
+ leroy:x:2001:3001:leroy:/home/leroy:/bin/bash
+===group test===
+ getent group | grep 3001
+ it:*:3001:
+===id test===
+ id leroy
+ uid=2001(leroy) gid=3001(it) Gruppen=3001(it)
+*[[pam ldap]]
+=sudo opportunity 1=
 */etc/pam.d/common-auth
   #First entry should be
@@ Zeile 6: / Zeile 32: @@
 */etc/security/group.conf
   *;*;*;Al0000-2400;audio,cdrom,dialout,floppy,sudo,adm,video
+=sudo opportunity 2=
+*visudo
+ %it     ALL=(ALL:ALL) ALL