Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
установка_и_настройка_openldap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
установка_и_настройка_openldap [2013/06/05 08:31]
val 		установка_и_настройка_openldap [2022/05/17 13:14]
val
Line 1: Line 1:
 ====== Установка и настройка OpenLDAP ====== ====== Установка и настройка OpenLDAP ======
  
-[[http://​grudina.info/​articles/​linux/​nastroyka-servera-openldap.html]]+===== Debian/Ubuntu =====
  
-===== FreeBSD ​=====+  * [[https://​help.ubuntu.com/​14.04/​serverguide/​openldap-server.html|Сервер OpenLDAP]] 
 +  * [[https://​serverfault.com/​questions/​63916/​how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] 
 + 
 +<​code>​ 
 +root@server:​~#​ apt install slapd ldap-utils 
 + 
 +Administrative password: secret 
 + 
 +root@server:​~#​ ldapsearch -x -b "dc=corpX,dc=un" 
 +</​code>​ 
 + 
 +===== Отключение анонимного доступа ===== 
 + 
 +  * [[https://​serverfault.com/​questions/​63916/​how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] 
 + 
 +===== Включение TLS ===== 
 + 
 +  * [[https://​ubuntu.com/​server/​docs/​service-ldap-with-tls|LDAP & TLS]] 
 +  * [[Пакет OpenSSL#​Создание центра сертификации]] 
 + 
 +<​code>​ 
 +# chmod 0640 /​etc/​ldap/​key.pem 
 + 
 +# chgrp openldap /​etc/​ldap/​key.pem 
 + 
 +# cat certinfo.ldif 
 +</​code><​code>​ 
 +dn: cn=config 
 +add: olcTLSCACertificateFile 
 +olcTLSCACertificateFile:​ /​etc/​ldap/​ca.pem 
 +
 +add: olcTLSCertificateFile 
 +olcTLSCertificateFile:​ /​etc/​ldap/​cert.pem 
 +
 +add: olcTLSCertificateKeyFile 
 +olcTLSCertificateKeyFile:​ /​etc/​ldap/​key.pem 
 +</​code><​code>​ 
 +# ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif 
 + 
 +root@server:​~#​ cat /​etc/​default/​slapd 
 +</​code><​code>​ 
 +... 
 +SLAPD_SERVICES="​ldap://​127.0.0.1:​389/​ ldaps:/// ldapi:///"​ 
 +... 
 +</​code><​code>​ 
 +# systemctl restart slapd.service 
 +</​code>​ 
 + 
 +===== Дополнительные материалы ===== 
 + 
 +==== FreeBSD ​====
 <​code>​ <​code>​
-[server:~] # pkg_add -r openldap24-server+[server:~] # pkg install openldap-server
  
 [server:~] # cat /​usr/​local/​etc/​openldap/​slapd.conf [server:~] # cat /​usr/​local/​etc/​openldap/​slapd.conf
Line 12: Line 62:
 include ​        /​usr/​local/​etc/​openldap/​schema/​core.schema include ​        /​usr/​local/​etc/​openldap/​schema/​core.schema
 include ​        /​usr/​local/​etc/​openldap/​schema/​cosine.schema include ​        /​usr/​local/​etc/​openldap/​schema/​cosine.schema
 +include ​        /​usr/​local/​etc/​openldap/​schema/​inetorgperson.schema
 include ​        /​usr/​local/​etc/​openldap/​schema/​nis.schema include ​        /​usr/​local/​etc/​openldap/​schema/​nis.schema
 +...
 +moduleload ​     back_mdb
 ... ...
 suffix ​               "​dc=corpX,​dc=un"​ suffix ​               "​dc=corpX,​dc=un"​
Line 23: Line 76:
 slapd_enable="​YES"​ slapd_enable="​YES"​
 </​code><​code>​ </​code><​code>​
-[server:~] # /​usr/​local/​etc/​rc.d/​slapd start +[server:~] # service ​slapd start
- +
-[server:~] # rehash+
 </​code>​ </​code>​
  
-===== Ubuntu (12.04) ===== 
-[[https://​help.ubuntu.com/​12.04/​serverguide/​openldap-server.html]] 
  
-<​code>​ 
-root@server:​~#​ apt-get install slapd ldap-utils 
- 
-Administrative password: secret 
- 
-root@server:​~#​ ldapsearch -x -LLL -H ldap:/// -b dc=corpX,​dc=un dn 
-</​code>​ 
- 
-===== CentOS ===== 
-<​code>​ 
-[root@server ~]# yum install openldap-servers openldap-clients 
- 
-Далее как в FreeBSD /​etc/​openldap/​slapd.conf 
-</​code>​ 
  
  
установка_и_настройка_openldap.txt · Last modified: 2022/10/03 07:25 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki