Arch Linux のクライアント設定

/etc/openldap/ldap.conf

BASE dc=example,dc=com
URI ldap://server
# pacman -S nss-pam-ldapd

/etc/nslcd.conf

uri ldap://server/
base dc=example,dc=com
/etc/nsswitch.conf

passwd: files ldap
group: files ldap
shadow: files ldap
/etc/pam.d/system-auth

#%PAM-1.0

auth      sufficient pam_ldap.so
auth      required  pam_unix.so     try_first_pass nullok
auth      optional  pam_permit.so
auth      required  pam_env.so

auth      sufficient pam_ldap.so
account   required  pam_unix.so
account   optional  pam_permit.so
account   required  pam_time.so

auth      sufficient pam_ldap.so
password  required  pam_unix.so     try_first_pass nullok sha512 shadow
password  optional  pam_permit.so

session   required  pam_limits.so
session   required  pam_unix.so
auth      sufficient pam_ldap.so
session   optional  pam_permit.so
/etc/pam.d/sshd

# Create home directory automatically.
session    required     pam_mkhomedir.so skel=/etc/skel/ umask=0022
# systemctl start nslcd

確認の方法

$ ssh user@localhost

# journalctl --since "5 min ago"

Create home folders at login

/etc/pam.d/system-login
session required pam_mkhomedir.so skel=/etc/skel umask=0022

/etc/pam.d/su-l
session required pam_mkhomedir.so skel=/etc/skel umask=0022

/etc/pam.d/sudo
auth sufficient pam_ldap.so
Return

Dec/18/2015 AM 08:15