我正在研究 LDAP
目前,我设置了 ldap 服务器并进行检查。
我的设置如下
$ldapsearch -x -LLL -b "dc=myexample,dc=com"
dn: dc=myexample,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: myexample
dc: myexample
dn: cn=admin,dc=myexample,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
dn: ou=people,dc=myexample,dc=com
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=myexample,dc=com
objectClass: organizationalUnit
ou:: Z3JvdXBzIA==
dn: uid=ldaptest,ou=people,dc=myexample,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: ldaptest
sn: ldaptest
loginShell: /bin/bash
uidNumber: 2000
gidNumber: 2000
homeDirectory: /home/ldaptest
uid: ldaptest
dn: cn=ldaptest,ou=groups,dc=myexample,dc=com
objectClass: posixGroup
cn: ldaptest
gidNumber: 2000
memberUid: ldaptest
据我了解,用户ldaptest
已成功创建。
然后我在同一台服务器上安装了 ldapclientsudo apt -y install libnss-ldapd libpam-ldapd ldap-utils
然后尝试以以下身份登录ldaptest
$su ldaptest
No passwd entry for user 'ldaptest'
但是无法登录,我猜这是的问题ldapclient
?
那么,我如何检查 ldap 客户端是否正常工作?
我的环境是Ubuntu 18
nslcd.conf 如下所示
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldap://localhost/
# The search base that will be used for all queries.
base dc=myexample,dc=com
# The LDAP protocol version to use.
#ldap_version 3
# The DN to bind with for normal lookups.
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret
# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com
# SSL options
#ssl off
#tls_reqcert never
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
# The search scope.
#scope sub
systemctl status nslcd.service
● nslcd.service - LSB: LDAP connection daemon
Loaded: loaded (/etc/init.d/nslcd; generated)
Active: active (running) since Wed 2023-04-19 18:14:19 JST; 24s ago
Docs: man:systemd-sysv-generator(8)
Process: 22346 ExecStop=/etc/init.d/nslcd stop (code=exited, status=0/SUCCESS)
Process: 22357 ExecStart=/etc/init.d/nslcd start (code=exited, status=0/SUCCESS)
Tasks: 6 (limit: 4677)
CGroup: /system.slice/nslcd.service
└─22392 /usr/sbin/nslcd
Apr 19 18:14:19 koala systemd[1]: Starting LSB: LDAP connection daemon...
Apr 19 18:14:19 koala nslcd[22357]: * Starting LDAP connection daemon nslcd
Apr 19 18:14:19 koala nslcd[22392]: version 0.9.9 starting
Apr 19 18:14:19 koala nslcd[22392]: accepting connections
Apr 19 18:14:19 koala nslcd[22357]: ...done.
Apr 19 18:14:19 koala systemd[1]: Started LSB: LDAP connection daemon.
但返回的结果相同。
$su ldaptest
No passwd entry for user 'ldaptest'
Slapd.service 也有效。
systemctl status slapd.service
● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
Loaded: loaded (/etc/init.d/slapd; generated)
Drop-In: /lib/systemd/system/slapd.service.d
└─slapd-remain-after-exit.conf
Active: active (running) since Mon 2023-04-17 19:03:57 JST; 1 day 23h ago
Docs: man:systemd-sysv-generator(8)
Tasks: 4 (limit: 4677)
CGroup: /system.slice/slapd.service
└─4458 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
Apr 17 19:03:57 koala systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Apr 17 19:03:57 koala slapd[4426]: * Starting OpenLDAP slapd
Apr 17 19:03:57 koala slapd[4444]: @(#) $OpenLDAP: slapd (Ubuntu) (May 12 2022 13:52:38) $
Debian OpenLDAP Maintainers <[email protected]>
Apr 17 19:03:57 koala slapd[4458]: slapd starting
Apr 17 19:03:57 koala slapd[4426]: ...done.
Apr 17 19:03:57 koala systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
解决方案
我检查了用户列表getent passwd
发现有 ldaptest:x:2000:2000:ldaptest:/home/ldaptest:/bin/bash
然后重新启动,
systemctl restart nscd.service
问题解决了。