自作クラスタ計算機:openldapを使ったldapサーバの基本設定
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| 自作クラスタ計算機:openldapを使ったldapサーバの基本設定 [2026/05/13 12:18] – [計算ノードでの作業] koudai | 自作クラスタ計算機:openldapを使ったldapサーバの基本設定 [2026/05/13 19:46] (current) – [ユーザーの削除] koudai | ||
|---|---|---|---|
| Line 188: | Line 188: | ||
| + | ===== ユーザーの削除 ===== | ||
| + | < | ||
| + | $ ldapdelete -x -W -D " | ||
| + | $ ldapdelete -x -W -D " | ||
| + | </ | ||
| ====== 計算ノードでの作業 ====== | ====== 計算ノードでの作業 ====== | ||
| + | |||
| + | < | ||
| + | $ apt install libnss-ldapd libpam-ldapd ldap-utils | ||
| + | </ | ||
| + | |||
| + | * LDAP server URI: ldap:// | ||
| + | * LDAP server search base: dc=cluster, | ||
| + | * Name services to configure: passwd, group, shadow, hosts (スペースキーでチェックを入れられます) | ||
| + | |||
| + | ユーザーがいるか確認 | ||
| + | |||
| + | < | ||
| + | $ getent passwd taro | ||
| + | taro: | ||
| + | </ | ||
| + | |||
| + | |||
| + | 参考 | ||
| + | |||
| + | |||
| + | https:// | ||
| + | |||
| + | https:// | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ====== SSSD ====== | ||
| + | |||
| 必要なパッケージのインストール | 必要なパッケージのインストール | ||
| Line 287: | Line 322: | ||
| $ su - taro | $ su - taro | ||
| </ | </ | ||
| + | |||
| + | |||
| + | |||
| + | === memo === | ||
| + | |||
| + | < | ||
| + | # | ||
| + | # / | ||
| + | # | ||
| + | # This file is included from other service-specific PAM config files, | ||
| + | # and should contain a list of the authorization modules that define | ||
| + | # the central access policy for use on the system. | ||
| + | # only deny service to users whose accounts are expired in / | ||
| + | # | ||
| + | # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | ||
| + | # To take advantage of this, it is recommended that you configure any | ||
| + | # local modules either before or after the default block, and use | ||
| + | # pam-auth-update to manage selection of other modules. | ||
| + | # pam-auth-update(8) for details. | ||
| + | # | ||
| + | |||
| + | # here are the per-package modules (the " | ||
| + | account [success=ok new_authtok_reqd=done default=ignore] pam_ldap.so | ||
| + | account required pam_unix.so | ||
| + | # here's the fallback if no module succeeds | ||
| + | account requisite pam_deny.so | ||
| + | # prime the stack with a positive return value if there isn't one already; | ||
| + | # this avoids us returning an error just because nothing sets a success code | ||
| + | # since the modules above will each just jump around | ||
| + | account required pam_permit.so | ||
| + | # and here are more per-package modules (the " | ||
| + | account [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad] pam_ldap.so minimum_uid=1000 | ||
| + | # end of pam-auth-update config | ||
| + | |||
| + | </ | ||
自作クラスタ計算機/openldapを使ったldapサーバの基本設定.1778642328.txt.gz · Last modified: 2026/05/13 12:18 by koudai