我正在尝试使用centos 6来对ldap进行身份验证(特定的活动目录)我有点困惑,因为在安装nss-pam-ldapd后,我看到几个文件似乎是相同的配置.例如,我有/etc/pam_ldap.conf和/etc/nslcd.conf.这两个文件似乎都具有相同的配置选项.似乎没有工作.任何指导将不胜感激.
Make sure you: 1. yum remove sssd 2. yum install openldap-clients nss-pam-ldapd 3. Run Authconfig 4. Check your /etc/openldap/ldap.conf - Check for your valid certfile is pointed to 5. Check your /etc/nslcd.conf - confirm ssl start_tls - confirm certfile is pointing to a valid file Here is a example authconfig line: authconfig --enableldap --enableldapauth \ --ldapserver=ldap://ldap.example.com/,ldap://ldap2.example.com/ \ --ldapbasedn=dc=example,dc=com --update Then make sure: /etc/openldap/ldap.conf TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt TLS_REQCERT demand And in /etc/nslcd.conf: ssl start_tls tls_cacertfile /etc/pki/tls/certs/ca-bundle.crt tls_reqcert never So that you get a certificate not a empty directory.
