This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
авторизация_с_использованием_ldap_сервера [2019/07/09 09:12] val [Microsoft Active Directory] |
авторизация_с_использованием_ldap_сервера [2022/10/18 17:09] val [Настройка библиотеки nsswitch] |
||
---|---|---|---|
Line 2: | Line 2: | ||
===== Установка LDAP клиента ===== | ===== Установка LDAP клиента ===== | ||
+ | |||
+ | * !!! Не требуется для nss_ldap, удобен для отладки | ||
==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
+ | |||
<code> | <code> | ||
root@gate:~# apt install ldap-utils | root@gate:~# apt install ldap-utils | ||
Line 30: | Line 33: | ||
gate# LDAPTLS_REQCERT=never ldapsearch -x -D "cn=Administrator,cn=Users,dc=corpX,dc=un" -w 'Pa$$w0rd' -H ldaps://server.corpX.un -b "dc=corpX,dc=un" "sAMAccountName=user1" | gate# LDAPTLS_REQCERT=never ldapsearch -x -D "cn=Administrator,cn=Users,dc=corpX,dc=un" -w 'Pa$$w0rd' -H ldaps://server.corpX.un -b "dc=corpX,dc=un" "sAMAccountName=user1" | ||
+ | |||
+ | или с Kerberos GSSAPI аутентификацией | ||
+ | |||
+ | gate# apt install libsasl2-modules-gssapi-mit | ||
+ | gate# kinit Administrator | ||
+ | gate# ldapsearch -h server -b "dc=corpX,dc=un" "sAMAccountName=user1" | ||
</code><code> | </code><code> | ||
... | ... | ||
Line 47: | Line 56: | ||
</code> | </code> | ||
===== Установка библиотеки nss ldap ===== | ===== Установка библиотеки nss ldap ===== | ||
- | |||
- | ==== FreeBSD ==== | ||
- | <code> | ||
- | [gate:~] # pkg install nss_ldap | ||
- | |||
- | [gate:~] # cat /usr/local/etc/nss_ldap.conf | ||
- | </code> | ||
==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
<code> | <code> | ||
- | root@gate:~# apt install libnss-ldap | + | root@gate:~# DEBIAN_FRONTEND=noninteractive apt install libnss-ldap |
</code><code> | </code><code> | ||
... | ... | ||
Line 66: | Line 68: | ||
debian# cat /etc/libnss-ldap.conf | debian# cat /etc/libnss-ldap.conf | ||
+ | </code> | ||
+ | |||
+ | ==== FreeBSD ==== | ||
+ | <code> | ||
+ | [gate:~] # pkg install nss_ldap | ||
+ | |||
+ | [gate:~] # cat /usr/local/etc/nss_ldap.conf | ||
</code> | </code> | ||
Line 72: | Line 81: | ||
==== OpenLDAP ==== | ==== OpenLDAP ==== | ||
<code> | <code> | ||
- | host server | + | uri ldap://server |
base dc=corpX,dc=un | base dc=corpX,dc=un | ||
- | nss_base_passwd ou=users,dc=corpX,dc=un?one | + | nss_base_passwd ou=People, |
- | nss_base_group ou=groups,dc=corpX,dc=un?one | + | nss_base_group ou=Group, |
</code> | </code> | ||
Line 145: | Line 154: | ||
</code><code> | </code><code> | ||
... | ... | ||
- | passwd: files ldap | + | passwd: files systemd ldap |
- | group: files ldap | + | group: files systemd ldap |
shadow: files ldap | shadow: files ldap | ||
... | ... | ||
Line 152: | Line 161: | ||
debian# service nscd restart && service nscd reload | debian# service nscd restart && service nscd reload | ||
- | # getent passwd | + | # getent passwd user1 |
# id user1 | # id user1 | ||
Line 159: | Line 168: | ||
===== Установка сертификатов ===== | ===== Установка сертификатов ===== | ||
- | ==== FreeBSD ==== | + | * [[Пакет OpenSSL#Импорт сертификата центра сертификации]] |
- | <code> | + | |
- | # setenv LDAPTLS_REQCERT never | + | |
- | или | + | |
- | # pkg install ca_root_nss | + | |
- | # setenv LDAPTLS_CACERT /usr/local/etc/ssl/cert.pem | + | |
- | </code> | + | |
- | ==== Linux ==== | + | |
<code> | <code> | ||
# export LDAPTLS_REQCERT=never | # export LDAPTLS_REQCERT=never | ||
</code> | </code> |