junaid18183 · November 28, 2018 13:29
diff --git a/sssd_on_redhat.sh b/sssd_on_redhat.sh
 #https://mapr.com/support/s/article/How-to-configure-LDAP-client-by-using-SSSD-for-authentication-on-CentOS?language=en_US
 #https://gist.github.com/mazgi/3dbfe99fb2b3e8d1e50b
 #http://www.ateam-oracle.com/part-3-of-4-sssd-linux-authentication-implementation-step-by-step-guideline/


 yum install openldap  openldap-clients sssd sssd-client
 cp /etc/openldap/ldap.conf /etc/openldap/ldap.conf.orig
 > /etc/openldap/ldap.conf
 cat << EOF > /etc/openldap/ldap.conf
 BASE dc=example,dc=com
 URI ldap://ldap.forumsys.com:389
 tls_reqcert naver
 nss_initgroups backlink
 binddn cn=read-only-admin,dc=example,dc=com
 bindpw password
 EOF

 grep -vE '^\s*($|#)' /etc/openldap/ldap.conf

 authconfig --update --enablesssd --enablesssdauth

 echo "No need to take backup of /etc/nsswitch.conf as it contains the files sss"
 grep -vE '^\s*($|#)' /etc/nsswitch.conf

 echo "No need to take backup of /etc/pam.d/system-auth as it contains the pam_sss.so"
 grep -vE '^\s*($|#)' /etc/pam.d/system-auth

 echo "No need to take backup of /etc/pam.d/password-auth as it contains the pam_sss.so"
 grep -vE '^\s*($|#)' /etc/pam.d/password-auth

 ldapsearch -LLL -H ldap://ldap.forumsys.com:389 -D "cn=read-only-admin,dc=example,dc=com" -x -w 'password'  -b 'dc=example,dc=com'

 touch /etc/sssd/sssd.conf
 chmod 0600 /etc/sssd/sssd.conf

 cat << EOF > /etc/sssd/sssd.conf
 [sssd]
 config_file_version = 2
 reconnection_retries = 3
 sbus_timeout = 30
 services = nss, pam, autofs
 domains = ijuned.com
 [nss]
 reconnection_retries = 3
 debug_level = 9
 [nss]
 reconnection_retries = 3
 debug_level = 9
 [domain/ijuned.com]
 description = ijuned.com
 debug_level = 9
 enumerate = true
 min_id = 1000
 id_provider = ldap
 auth_provider = ldap
 ldap_schema = rfc2307bis
 ad_server = ldap.forumsys.com
 ldap_search_base = dc=example,dc=com
 ldap_uri = ldap://ldap.forumsys.com:389
 ldap_default_bind_dn = cn=read-only-admin,dc=example,dc=com
 ldap_default_authtok_type = password
 ldap_default_authtok = password
 ldap_tls_reqcert = never
 ldap_id_use_start_tls = false
 ldap_tls_cacertdir = /etc/openldap/certs
 fallback_homedir = /home/%d/%u
 default_shell = /bin/bash
 ldap_user_object_class = organizationalPerson
 ldap_user_uid_number = uidNumber
 ldap_user_gid_number = gidNumber
 ldap_group_object_class = groupOfUniqueNames
 EOF

 grep -vE '^\s*($|#)' /etc/sssd/sssd.conf

 systemctl stop sssd
 sss_cache -E
 rm -f /var/lib/sss/db/*
 rm -rf /var/log/sssd/*

 systemctl start sssd
 systemctl status sssd
 tail /var/log/sssd/*.log
 echo "The below command id tesla should work"
 id tesla 
 getent passwd tesla
	#https://mapr.com/support/s/article/How-to-configure-LDAP-client-by-using-SSSD-for-authentication-on-CentOS?language=en_US
	#https://gist.github.com/mazgi/3dbfe99fb2b3e8d1e50b
	#http://www.ateam-oracle.com/part-3-of-4-sssd-linux-authentication-implementation-step-by-step-guideline/


	yum install openldap openldap-clients sssd sssd-client
	cp /etc/openldap/ldap.conf /etc/openldap/ldap.conf.orig
	> /etc/openldap/ldap.conf
	cat << EOF > /etc/openldap/ldap.conf
	BASE dc=example,dc=com
	URI ldap://ldap.forumsys.com:389
	tls_reqcert naver
	nss_initgroups backlink
	binddn cn=read-only-admin,dc=example,dc=com
	bindpw password
	EOF

	grep -vE '^\s*($\|#)' /etc/openldap/ldap.conf

	authconfig --update --enablesssd --enablesssdauth

	echo "No need to take backup of /etc/nsswitch.conf as it contains the files sss"
	grep -vE '^\s*($\|#)' /etc/nsswitch.conf

	echo "No need to take backup of /etc/pam.d/system-auth as it contains the pam_sss.so"
	grep -vE '^\s*($\|#)' /etc/pam.d/system-auth

	echo "No need to take backup of /etc/pam.d/password-auth as it contains the pam_sss.so"
	grep -vE '^\s*($\|#)' /etc/pam.d/password-auth

	ldapsearch -LLL -H ldap://ldap.forumsys.com:389 -D "cn=read-only-admin,dc=example,dc=com" -x -w 'password' -b 'dc=example,dc=com'

	touch /etc/sssd/sssd.conf
	chmod 0600 /etc/sssd/sssd.conf

	cat << EOF > /etc/sssd/sssd.conf
	[sssd]
	config_file_version = 2
	reconnection_retries = 3
	sbus_timeout = 30
	services = nss, pam, autofs
	domains = ijuned.com
	[nss]
	reconnection_retries = 3
	debug_level = 9
	[nss]
	reconnection_retries = 3
	debug_level = 9
	[domain/ijuned.com]
	description = ijuned.com
	debug_level = 9
	enumerate = true
	min_id = 1000
	id_provider = ldap
	auth_provider = ldap
	ldap_schema = rfc2307bis
	ad_server = ldap.forumsys.com
	ldap_search_base = dc=example,dc=com
	ldap_uri = ldap://ldap.forumsys.com:389
	ldap_default_bind_dn = cn=read-only-admin,dc=example,dc=com
	ldap_default_authtok_type = password
	ldap_default_authtok = password
	ldap_tls_reqcert = never
	ldap_id_use_start_tls = false
	ldap_tls_cacertdir = /etc/openldap/certs
	fallback_homedir = /home/%d/%u
	default_shell = /bin/bash
	ldap_user_object_class = organizationalPerson
	ldap_user_uid_number = uidNumber
	ldap_user_gid_number = gidNumber
	ldap_group_object_class = groupOfUniqueNames
	EOF

	grep -vE '^\s*($\|#)' /etc/sssd/sssd.conf

	systemctl stop sssd
	sss_cache -E
	rm -f /var/lib/sss/db/*
	rm -rf /var/log/sssd/*

	systemctl start sssd
	systemctl status sssd
	tail /var/log/sssd/*.log
	echo "The below command id tesla should work"
	id tesla
	getent passwd tesla