在本地使用 ldapclient 进行测试

我正在研究 LDAP

目前，我设置了 ldap 服务器并进行检查。

我的设置如下

$ldapsearch -x -LLL -b "dc=myexample,dc=com"

dn: dc=myexample,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: myexample
dc: myexample

dn: cn=admin,dc=myexample,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

dn: ou=people,dc=myexample,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=myexample,dc=com
objectClass: organizationalUnit
ou:: Z3JvdXBzIA==

dn: uid=ldaptest,ou=people,dc=myexample,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: ldaptest
sn: ldaptest
loginShell: /bin/bash
uidNumber: 2000
gidNumber: 2000
homeDirectory: /home/ldaptest
uid: ldaptest

dn: cn=ldaptest,ou=groups,dc=myexample,dc=com
objectClass: posixGroup
cn: ldaptest
gidNumber: 2000
memberUid: ldaptest

据我了解，用户ldaptest已成功创建。

然后我在同一台服务器上安装了 ldapclientsudo apt -y install libnss-ldapd libpam-ldapd ldap-utils

然后尝试以以下身份登录ldaptest

$su ldaptest

No passwd entry for user 'ldaptest'

但是无法登录，我猜这是的问题ldapclient？

那么，我如何检查 ldap 客户端是否正常工作？

---

我的环境是Ubuntu 18

nslcd.conf 如下所示

# /etc/nslcd.conf                                                                                              
# nslcd configuration file. See nslcd.conf(5)                                                                  
# for details.                                                                                                 

# The user and group nslcd should run as.                                                                      
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.                                                
uri ldap://localhost/

# The search base that will be used for all queries.                                                           
base dc=myexample,dc=com

# The LDAP protocol version to use.                                                                            
#ldap_version 3                                                                                                

# The DN to bind with for normal lookups.                                                                      
#binddn cn=annonymous,dc=example,dc=net                                                                        
#bindpw secret                                                                                                 

# The DN used for password modifications by root.                                                              
#rootpwmoddn cn=admin,dc=example,dc=com                                                                        

# SSL options                                                                                                  
#ssl off                                                                                                       
#tls_reqcert never                                                                                             
tls_cacertfile /etc/ssl/certs/ca-certificates.crt

# The search scope.                                                                                            
#scope sub   




systemctl status nslcd.service

● nslcd.service - LSB: LDAP connection daemon
   Loaded: loaded (/etc/init.d/nslcd; generated)
   Active: active (running) since Wed 2023-04-19 18:14:19 JST; 24s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 22346 ExecStop=/etc/init.d/nslcd stop (code=exited, status=0/SUCCESS)
  Process: 22357 ExecStart=/etc/init.d/nslcd start (code=exited, status=0/SUCCESS)
    Tasks: 6 (limit: 4677)
   CGroup: /system.slice/nslcd.service
           └─22392 /usr/sbin/nslcd

Apr 19 18:14:19 koala systemd[1]: Starting LSB: LDAP connection daemon...
Apr 19 18:14:19 koala nslcd[22357]:  * Starting LDAP connection daemon nslcd
Apr 19 18:14:19 koala nslcd[22392]: version 0.9.9 starting
Apr 19 18:14:19 koala nslcd[22392]: accepting connections
Apr 19 18:14:19 koala nslcd[22357]:    ...done.
Apr 19 18:14:19 koala systemd[1]: Started LSB: LDAP connection daemon.

但返回的结果相同。

$su ldaptest

No passwd entry for user 'ldaptest'

Slapd.service 也有效。

systemctl status slapd.service

● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
   Loaded: loaded (/etc/init.d/slapd; generated)
  Drop-In: /lib/systemd/system/slapd.service.d
           └─slapd-remain-after-exit.conf
   Active: active (running) since Mon 2023-04-17 19:03:57 JST; 1 day 23h ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 4 (limit: 4677)
   CGroup: /system.slice/slapd.service
           └─4458 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d

Apr 17 19:03:57 koala systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Apr 17 19:03:57 koala slapd[4426]:  * Starting OpenLDAP slapd
Apr 17 19:03:57 koala slapd[4444]: @(#) $OpenLDAP: slapd  (Ubuntu) (May 12 2022 13:52:38) $
                                           Debian OpenLDAP Maintainers <[email protected]>
Apr 17 19:03:57 koala slapd[4458]: slapd starting
Apr 17 19:03:57 koala slapd[4426]:    ...done.
Apr 17 19:03:57 koala systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).

解决方案

我检查了用户列表getent passwd

发现有 ldaptest:x:2000:2000:ldaptest:/home/ldaptest:/bin/bash

然后重新启动，

systemctl restart nscd.service

问题解决了。