Я настроил openldap с back-sql на ubuntu 18.04, но не могу войти в систему с ldapusers на клиентской машине (centos 7). Я могу получить данные пользователя, используя ldapsearch команда на клиентском компьютере, но вход в систему не происходит. Я получаю сообщение об ошибке «Пользователь не существует» при входе в систему.
Пожалуйста, найдите ниже вывод команды ldapsearch.
[root@ldapclient ~]# ldapsearch -x -b "dc=mobilewaretech,dc=com"
# extended LDIF
#
# LDAPv3
# base <dc=mobilewaretech,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# mrugesh, mobilewaretech.com
dn: cn=mrugesh,dc=mobilewaretech,dc=com
objectClass: inetOrgPerson
seeAlso: documentTitle=book1,dc=mobilewaretech,dc=com
seeAlso: documentTitle=book2,dc=mobilewaretech,dc=com
givenName: mrugesh
userPassword:: cXdlcnR5MTIz
telephoneNumber: 222-3234
telephoneNumber: 332-2334
# amey, mobilewaretech.com
dn: cn=amey,dc=mobilewaretech,dc=com
objectClass: inetOrgPerson
seeAlso: documentTitle=book1,dc=mobilewaretech,dc=com
givenName: amey
userPassword:: YW1leQ==
telephoneNumber: 545-4563
# Kishor Toraskar, mobilewaretech.com
dn: cn=Kishor Toraskar,dc=mobilewaretech,dc=com
objectClass: inetOrgPerson
objectClass: pkiUser
cn: Kishor Toraskar
sn: Toraskar
givenName: Kishor
userCertificate;binary:: MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDV
QQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTH
RkLjETMBEGA1UEAxMKRXhhbXBsZSBDQTEdMBsGCSqGSIb3DQEJARYOY2FAZXhhbXBsZS5jb20wHhc
NMDMxMDE3MTYzMzE5WhcNMDQxMDE2MTYzMzE5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2Fs
aWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwgTHRkLjEYMBYGA1UEAxMPVXJzdWxhI
EhhbXBzdGVyMR8wHQYJKoZIhvcNAQkBFhB1aGFtQGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQ
UAA4GNADCBiQKBgQDuxgp5ELV9LmhxWMpV7qc4028QQT3+zzFDXhruuXE7ji2n3S3ea8bOwDtJh+q
nsDe561DhHHHlgIjMKCiDEizYMpxvJPYEXmvp0huRkMgpKZgmel95BSkt6TYmJ0erS3aoimOHLEFi
mmnTLolNRMiWqNBvqwobx940PGwUWEePKQIDAQABo4H/MIH8MAkGA1UdEwQCMAAwLAYJYIZIAYb4Q
gENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSjI94TbBmuDEeUUO
iC37EK0Uf0XjCBoQYDVR0jBIGZMIGWgBRLbyEaNiTSkPlDsFNHLX3hwOaYI6F7pHkwdzELMAkGA1U
EBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHzAdBgNVBAoTFk9wZW5MREFQIEV4YW1wbGUsIEx0
ZC4xEzARBgNVBAMTCkV4YW1wbGUgQ0ExHTAbBgkqhkiG9w0BCQEWDmNhQGV4YW1wbGUuY29tggEAM
A0GCSqGSIb3DQEBBAUAA4GBAIgUcARb3OlWYNbmr1nmqESuxLn16uqI1Ot6WkcICvpkdQ+Bo+R9AP
05xpoXocZtKdNvBu3FNxB/jFkiOcLU2lX7Px1Ijnsjh60qVRy9HOsHCungIKlGcnXLKHmKu0y//5j
ds/HnaJsGcHI5JRG7CBJbW+wrwge3trJ1xHJI8prN
# book1, mobilewaretech.com
dn: documentTitle=book1,dc=mobilewaretech,dc=com
objectClass: document
description: abstract1
documentTitle: book1
documentAuthor: cn=amey,dc=mobilewaretech,dc=com
documentAuthor: cn=mrugesh,dc=mobilewaretech,dc=com
documentIdentifier: document 1
# book2, mobilewaretech.com
dn: documentTitle=book2,dc=mobilewaretech,dc=com
objectClass: document
description: abstract2
documentTitle: book2
documentAuthor: cn=mrugesh,dc=mobilewaretech,dc=com
documentIdentifier: document 2
# mobilewaretech.com
dn: dc=mobilewaretech,dc=com
objectClass: organization
objectClass: dcObject
o: Mobileware
dc: mobileware
# search reference
ref: ldap://localhost:389/dc=mobilewaretech,dc=com??sub
# search result
search: 2
result: 0 Success
# numResponses: 8
# numEntries: 6
# numReferences: 1
Я сослался на это https://gist.github.com/mahirrudin/9b7754e54f1e8e532049484864beba42 URL-адрес для настройки сервера openldap с помощью back-sql. Вот мой файл nsswitch.conf с клиентской машины.
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: mysql files sss
shadow: mysql files sss
group: mysql files sss
#initgroups: files sss
#hosts: db files nisplus nis dns
hosts: files dns myhostname
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss
publickey: nisplus
automount: files sss
aliases: files nisplus
Найдите файл nslcd.conf.
uid nslcd gid ldap
uri ldap: //192.168.0.227: 389 /
base dc = mobilewaretech, dc = com
ssl нет tls_cacertdir / etc / openldap / cacerts
У этих пользователей отсутствуют необходимые поля для входа в систему.
uidNumber:
gidNumber:
loginShell:
homeDirectory:
userPassword:
Эти атрибуты являются стандартной частью objectClass: posixAccount.
Кроме того, вам следует обратить внимание на свой /etc/nsswitch.conf как таковой он может не иметь ldap в качестве источника.