Prerequisites, Assumptions, and Requirements
For this setup, we need:
• an existing OpenLDAP server with SSL enabled and using the RFC2307 schema for users and groups
• a client host where we will install the necessary tools and login as an user from the LDAP server
Software Installation
Install the following packages:
sudo apt i n s t a l l s s s d −l d a p ldap−u t i l s
SSSD Configuration
Create the /etc/sssd/sssd.conf configuration file, with permissions
0600 and ownership
root:root, and this
content:
[ s s s d ]
c o n f i g _ f i l e _ v e r s i o n = 2
domains = example . com
[ domain / example . com ]
i d _ p r o v i d e r = l d a p
a u t h _ p r o vi d e r = l d a p
l d a p _ u r i = l d a p : / / l d a p 0 1 . example . com
c a c h e _ c r e d e n t i a l s = True
ldap_search_base = dc=example , dc=com
Make sure to start the
sssd service:
sudo s y s t e m c t l s t a r t s s s d . s e r v i c e
Note
sssd will use
START_TLS by default for authentication requests against the LDAP server (the
auth_provider), but not for the
id_provider. If you want to also enable
START_TLS for the
id_provider, specify ldap_id_use_start_tls = true.
Do'stlaringiz bilan baham: 
