====== Установка и настройка OpenLDAP ====== ===== Debian/Ubuntu ===== * [[https://help.ubuntu.com/14.04/serverguide/openldap-server.html|Сервер OpenLDAP]] * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] root@server:~# apt install slapd ldap-utils Administrative password: secret root@server:~# ldapsearch -x -b "dc=corpX,dc=un" ===== Отключение анонимного доступа ===== * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] # ldapsearch -x -b"dc=corpX,dc=un" -H ldap://server -D "cn=admin,dc=corpX,dc=un" -w secret ===== Включение TLS ===== * [[https://ubuntu.com/server/docs/service-ldap-with-tls|LDAP & TLS]] * [[Пакет OpenSSL#Создание центра сертификации]] # chmod 0640 /etc/ldap/key.pem # chgrp openldap /etc/ldap/key.pem # cat certinfo.ldif dn: cn=config add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/ca.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/cert.pem - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/key.pem # ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif root@server:~# cat /etc/default/slapd ... SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" ... # systemctl restart slapd.service ===== Дополнительные материалы ===== ==== FreeBSD ==== [server:~] # pkg install openldap-server [server:~] # cat /usr/local/etc/openldap/slapd.conf ... include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema ... moduleload back_mdb ... suffix "dc=corpX,dc=un" rootdn "cn=admin,dc=corpX,dc=un" ... [server:~] # cat /etc/rc.conf ... slapd_enable="YES" [server:~] # service slapd start