akirayou/ubuntu22_ldap.sh

## ubuntu22_ldap.sh
#!/bin/sh
export DEBIAN_FRONTEND=noninteractive
apt update || exit 1
apt -y install libnss-ldapd libpam-ldapd ldap-utils || exit 1

echo '
uid nslcd
gid nslcd
uri ldap://[QNAP(LDAPサーバ)のIPアドレス]/
base dc=some,dc=domain,dc=jp←QNAPの設定からコピー
binddn cn=admin,dc=some,dc=domain,dc=jp←QNAPの設定からコピー
bindpw [QNAPで設定したLDAPのパスワード]
# SSL options #TLSの設定は省略してる、必要に応じて
#ssl off
#tls_reqcert never
#tls_cacertfile /etc/ssl/certs/ca-certificates.crt
' >/etc/nslcd.conf
chwon root:nslcd /etc/nslcd.conf
chmod 640 /etc/nslcd.conf

echo '
passwd:         files systemd ldap
group:          files systemd ldap
shadow:         files ldap
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
' >/etc/nsswitch.conf

echo '
Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
        required                        pam_mkhomedir.so umask=0022 skel=/etc/skel
'> /usr/share/pam-configs/my_mkhomedir

echo '
Name: activate /etc/security/group.conf
Default: yes
Priority: 900
Auth-Type: Primary
Auth:
        required                        pam_group.so use_first_pass
'>/usr/share/pam-configs/my_groups

pam-auth-update
systemctl restart nslcd
systemctl restart nscd

#QNAPの特定グループ(SOME_LDAP_GROUP)をdockerユーザグループにも入れる場合は、
#以下を参考に記述
#echo "*;*;%SOME_LDAP_GROUP;Al0000-24000;docker" >/etc/security/group.conf
	#!/bin/sh
	export DEBIAN_FRONTEND=noninteractive
	apt update \|\| exit 1
	apt -y install libnss-ldapd libpam-ldapd ldap-utils \|\| exit 1

	echo '
	uid nslcd
	gid nslcd
	uri ldap://[QNAP(LDAPサーバ)のIPアドレス]/
	base dc=some,dc=domain,dc=jp←QNAPの設定からコピー
	binddn cn=admin,dc=some,dc=domain,dc=jp←QNAPの設定からコピー
	bindpw [QNAPで設定したLDAPのパスワード]
	# SSL options #TLSの設定は省略してる、必要に応じて
	#ssl off
	#tls_reqcert never
	#tls_cacertfile /etc/ssl/certs/ca-certificates.crt
	' >/etc/nslcd.conf
	chwon root:nslcd /etc/nslcd.conf
	chmod 640 /etc/nslcd.conf

	echo '
	passwd: files systemd ldap
	group: files systemd ldap
	shadow: files ldap
	gshadow: files

	hosts: files dns
	networks: files

	protocols: db files
	services: db files
	ethers: db files
	rpc: db files

	netgroup: nis
	' >/etc/nsswitch.conf

	echo '
	Name: activate mkhomedir
	Default: yes
	Priority: 900
	Session-Type: Additional
	Session:
	required pam_mkhomedir.so umask=0022 skel=/etc/skel
	'> /usr/share/pam-configs/my_mkhomedir

	echo '
	Name: activate /etc/security/group.conf
	Default: yes
	Priority: 900
	Auth-Type: Primary
	Auth:
	required pam_group.so use_first_pass
	'>/usr/share/pam-configs/my_groups

	pam-auth-update
	systemctl restart nslcd
	systemctl restart nscd

	#QNAPの特定グループ(SOME_LDAP_GROUP)をdockerユーザグループにも入れる場合は、
	#以下を参考に記述
	#echo ";;%SOME_LDAP_GROUP;Al0000-24000;docker" >/etc/security/group.conf