This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
установка_и_настройка_openldap [2012/07/12 14:09] val |
установка_и_настройка_openldap [2022/05/17 12:39] val |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Установка и настройка OpenLDAP ====== | ====== Установка и настройка OpenLDAP ====== | ||
- | [[http://grudina.info/articles/linux/nastroyka-servera-openldap.html]] | + | ===== Debian/Ubuntu ===== |
- | ===== Установка, настройка и запуск ldap сервера ===== | + | * [[https://help.ubuntu.com/14.04/serverguide/openldap-server.html|Сервер OpenLDAP]] |
+ | * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] | ||
+ | |||
+ | <code> | ||
+ | root@server:~# apt install slapd ldap-utils | ||
+ | |||
+ | Administrative password: secret | ||
+ | |||
+ | root@server:~# less /etc/default/slapd | ||
+ | |||
+ | root@server:~# ldapsearch -x -b "dc=corpX,dc=un" | ||
+ | </code> | ||
+ | |||
+ | ===== Отключение анонимного доступа ===== | ||
+ | |||
+ | ===== Включение TLS ===== | ||
+ | |||
+ | * [[https://ubuntu.com/server/docs/service-ldap-with-tls|LDAP & TLS]] | ||
+ | |||
+ | |||
+ | ===== Дополнительные материалы ===== | ||
==== FreeBSD ==== | ==== FreeBSD ==== | ||
<code> | <code> | ||
- | [server:~] # pkg_add -r openldap24-server | + | [server:~] # pkg install openldap-server |
[server:~] # cat /usr/local/etc/openldap/slapd.conf | [server:~] # cat /usr/local/etc/openldap/slapd.conf | ||
Line 14: | Line 34: | ||
include /usr/local/etc/openldap/schema/core.schema | include /usr/local/etc/openldap/schema/core.schema | ||
include /usr/local/etc/openldap/schema/cosine.schema | include /usr/local/etc/openldap/schema/cosine.schema | ||
+ | include /usr/local/etc/openldap/schema/inetorgperson.schema | ||
include /usr/local/etc/openldap/schema/nis.schema | include /usr/local/etc/openldap/schema/nis.schema | ||
+ | ... | ||
+ | moduleload back_mdb | ||
... | ... | ||
suffix "dc=corpX,dc=un" | suffix "dc=corpX,dc=un" | ||
Line 25: | Line 48: | ||
slapd_enable="YES" | slapd_enable="YES" | ||
</code><code> | </code><code> | ||
- | [server:~] # /usr/local/etc/rc.d/slapd start | + | [server:~] # service slapd start |
- | + | ||
- | [server:~] # rehash | + | |
</code> | </code> | ||
- | ==== CentOS ==== | ||
- | <code> | ||
- | [root@server ~]# yum install openldap-servers openldap-clients | ||
- | Далее как в FreeBSD /etc/openldap/slapd.conf | ||
- | </code> | ||
- | |||
- | |||
- | |||
- | ==== Ubuntu (10.04) ==== | ||
- | http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html | ||
- | <code> | ||
- | root@server:~# apt-get install slapd ldap-utils | ||
- | |||
- | root@server:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif | ||
- | root@server:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif | ||
- | |||
- | root@server:~# cat config.ldif | ||
- | </code><code> | ||
- | # Load dynamic backend modules | ||
- | dn: cn=module,cn=config | ||
- | objectClass: olcModuleList | ||
- | cn: module | ||
- | olcModulepath: /usr/lib/ldap | ||
- | olcModuleload: back_hdb | ||
- | |||
- | # Database settings | ||
- | dn: olcDatabase=hdb,cn=config | ||
- | objectClass: olcDatabaseConfig | ||
- | objectClass: olcHdbConfig | ||
- | olcDatabase: {1}hdb | ||
- | olcSuffix: dc=corpX,dc=un | ||
- | olcDbDirectory: /var/lib/ldap | ||
- | olcRootDN: cn=admin,dc=corpX,dc=un | ||
- | olcRootPW: secret | ||
- | olcDbIndex: objectClass eq | ||
- | olcLastMod: TRUE | ||
- | olcAccess: to attrs=userPassword by dn="cn=admin,dc=corpX,dc=un" write by anonymous auth by self write by * none | ||
- | olcAccess: to attrs=shadowLastChange by self write by * read | ||
- | olcAccess: to dn.base="" by * read | ||
- | olcAccess: to * by dn="cn=admin,dc=corpX,dc=un" write by * read | ||
- | </code><code> | ||
- | root@server:~# ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif | ||
- | </code> | ||