User Tools
установка_и_настройка_openldap
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
установка_и_настройка_openldap [2016/09/29 15:55] val [Ubuntu] |
установка_и_настройка_openldap [2022/10/03 07:25] val [Отключение анонимного доступа] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Установка и настройка OpenLDAP ====== | ====== Установка и настройка OpenLDAP ====== | ||
| - | ===== Ubuntu ===== | + | ===== Debian/Ubuntu ===== |
| * [[https://help.ubuntu.com/14.04/serverguide/openldap-server.html|Сервер OpenLDAP]] | * [[https://help.ubuntu.com/14.04/serverguide/openldap-server.html|Сервер OpenLDAP]] | ||
| + | * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] | ||
| <code> | <code> | ||
| Line 13: | Line 14: | ||
| </code> | </code> | ||
| - | ===== FreeBSD ===== | + | ===== Отключение анонимного доступа ===== |
| + | |||
| + | * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] | ||
| + | |||
| + | <code> | ||
| + | # ldapsearch -x -b"dc=corpX,dc=un" -H ldap://server -D "cn=admin,dc=corpX,dc=un" -w secret "uid=user1" | ||
| + | </code> | ||
| + | |||
| + | ===== Включение TLS ===== | ||
| + | |||
| + | * [[https://ubuntu.com/server/docs/service-ldap-with-tls|LDAP & TLS]] | ||
| + | * [[Пакет OpenSSL#Создание центра сертификации]] | ||
| + | |||
| + | <code> | ||
| + | # chmod 0640 /etc/ldap/key.pem | ||
| + | |||
| + | # chgrp openldap /etc/ldap/key.pem | ||
| + | |||
| + | # cat certinfo.ldif | ||
| + | </code><code> | ||
| + | dn: cn=config | ||
| + | add: olcTLSCACertificateFile | ||
| + | olcTLSCACertificateFile: /etc/ldap/ca.pem | ||
| + | - | ||
| + | add: olcTLSCertificateFile | ||
| + | olcTLSCertificateFile: /etc/ldap/cert.pem | ||
| + | - | ||
| + | add: olcTLSCertificateKeyFile | ||
| + | olcTLSCertificateKeyFile: /etc/ldap/key.pem | ||
| + | </code><code> | ||
| + | # ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif | ||
| + | |||
| + | root@server:~# cat /etc/default/slapd | ||
| + | </code><code> | ||
| + | ... | ||
| + | SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" | ||
| + | ... | ||
| + | </code><code> | ||
| + | # systemctl restart slapd.service | ||
| + | </code> | ||
| + | |||
| + | ===== Дополнительные материалы ===== | ||
| + | |||
| + | ==== FreeBSD ==== | ||
| <code> | <code> | ||
| [server:~] # pkg install openldap-server | [server:~] # pkg install openldap-server | ||
установка_и_настройка_openldap.txt · Last modified: 2022/10/03 07:25 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
