User Tools

Site Tools


установка_и_настройка_openldap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
установка_и_настройка_openldap [2013/05/22 13:50]
127.0.0.1 внешнее изменение
установка_и_настройка_openldap [2022/10/03 07:25] (current)
val [Отключение анонимного доступа]
Line 1: Line 1:
 ====== Установка и настройка OpenLDAP ====== ====== Установка и настройка OpenLDAP ======
  
-[[http://​grudina.info/​articles/​linux/​nastroyka-servera-openldap.html]]+===== Debian/Ubuntu =====
  
-===== Установка, настройка и запуск ldap сервера =====+  * [[https://​help.ubuntu.com/​14.04/​serverguide/​openldap-server.html|Сервер OpenLDAP]] 
 +  * [[https://​serverfault.com/​questions/​63916/​how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] 
 + 
 +<​code>​ 
 +root@server:​~#​ apt install slapd ldap-utils 
 + 
 +Administrative password: secret 
 + 
 +root@server:​~#​ ldapsearch -x -b "dc=corpX,dc=un" 
 +</​code>​ 
 + 
 +===== Отключение ​анонимного доступа ===== 
 + 
 +  * [[https://​serverfault.com/​questions/​63916/​how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] 
 + 
 +<​code>​ 
 +# ldapsearch -x -b"​dc=corpX,dc=un" -H ldap://​server -D "​cn=admin,​dc=corpX,​dc=un"​ -w secret 
 +</​code>​ 
 + 
 +===== Включение TLS ===== 
 + 
 +  * [[https://​ubuntu.com/​server/​docs/​service-ldap-with-tls|LDAP & TLS]] 
 +  * [[Пакет OpenSSL#Создание центра сертификации]] 
 + 
 +<​code>​ 
 +# chmod 0640 /etc/ldap/key.pem 
 + 
 +# chgrp openldap /​etc/​ldap/​key.pem 
 + 
 +# cat certinfo.ldif 
 +</​code><​code>​ 
 +dn: cn=config 
 +add: olcTLSCACertificateFile 
 +olcTLSCACertificateFile:​ /​etc/​ldap/​ca.pem 
 +
 +add: olcTLSCertificateFile 
 +olcTLSCertificateFile:​ /​etc/​ldap/​cert.pem 
 +
 +add: olcTLSCertificateKeyFile 
 +olcTLSCertificateKeyFile:​ /​etc/​ldap/​key.pem 
 +</​code><​code>​ 
 +# ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif 
 + 
 +root@server:​~#​ cat /​etc/​default/​slapd 
 +</​code><​code>​ 
 +... 
 +SLAPD_SERVICES="​ldap://​127.0.0.1:​389/​ ldaps:/// ldapi:///"​ 
 +... 
 +</​code><​code>​ 
 +# systemctl restart slapd.service 
 +</​code>​ 
 + 
 +===== Дополнительные материалы =====
  
 ==== FreeBSD ==== ==== FreeBSD ====
 <​code>​ <​code>​
-[server:~] # pkg_add -r openldap24-server+[server:~] # pkg install openldap-server
  
 [server:~] # cat /​usr/​local/​etc/​openldap/​slapd.conf [server:~] # cat /​usr/​local/​etc/​openldap/​slapd.conf
Line 14: Line 66:
 include ​        /​usr/​local/​etc/​openldap/​schema/​core.schema include ​        /​usr/​local/​etc/​openldap/​schema/​core.schema
 include ​        /​usr/​local/​etc/​openldap/​schema/​cosine.schema include ​        /​usr/​local/​etc/​openldap/​schema/​cosine.schema
 +include ​        /​usr/​local/​etc/​openldap/​schema/​inetorgperson.schema
 include ​        /​usr/​local/​etc/​openldap/​schema/​nis.schema include ​        /​usr/​local/​etc/​openldap/​schema/​nis.schema
 +...
 +moduleload ​     back_mdb
 ... ...
 suffix ​               "​dc=corpX,​dc=un"​ suffix ​               "​dc=corpX,​dc=un"​
Line 25: Line 80:
 slapd_enable="​YES"​ slapd_enable="​YES"​
 </​code><​code>​ </​code><​code>​
-[server:~] # /​usr/​local/​etc/​rc.d/​slapd start +[server:~] # service ​slapd start
- +
-[server:~] # rehash +
-</​code>​ +
- +
-==== CentOS ==== +
-<​code>​ +
-[root@server ~]# yum install openldap-servers openldap-clients +
- +
-Далее как в FreeBSD /​etc/​openldap/​slapd.conf+
 </​code>​ </​code>​
  
  
- 
-==== Ubuntu (12.04) ==== 
-[[https://​help.ubuntu.com/​12.04/​serverguide/​openldap-server.html]] 
- 
-<​code>​ 
-root@server:​~#​ apt-get install slapd ldap-utils 
- 
-Administrative password: secret 
- 
-root@server:​~#​ ldapsearch -x -LLL -H ldap:/// -b dc=corpX,​dc=un dn 
-</​code>​ 
- 
-==== Ubuntu (10.04) ==== 
-[[http://​doc.ubuntu.com/​ubuntu/​serverguide/​C/​openldap-server.html]] 
- 
-<​code>​ 
-root@server:​~#​ apt-get install slapd ldap-utils 
- 
-root@server:​~#​ ldapadd -Y EXTERNAL -H ldapi:/// -f /​etc/​ldap/​schema/​cosine.ldif 
-root@server:​~#​ ldapadd -Y EXTERNAL -H ldapi:/// -f /​etc/​ldap/​schema/​nis.ldif 
- 
-root@server:​~#​ cat config.ldif 
-</​code><​code>​ 
-# Load dynamic backend modules 
-dn: cn=module,​cn=config 
-objectClass:​ olcModuleList 
-cn: module 
-olcModulepath:​ /​usr/​lib/​ldap 
-olcModuleload:​ back_hdb 
- 
-# Database settings 
-dn: olcDatabase=hdb,​cn=config 
-objectClass:​ olcDatabaseConfig 
-objectClass:​ olcHdbConfig 
-olcDatabase:​ {1}hdb 
-olcSuffix: dc=corpX,​dc=un 
-olcDbDirectory:​ /​var/​lib/​ldap 
-olcRootDN: cn=admin,​dc=corpX,​dc=un 
-olcRootPW: secret 
-olcDbIndex: objectClass eq 
-olcLastMod: TRUE 
-olcAccess: to attrs=userPassword by dn="​cn=admin,​dc=corpX,​dc=un"​ write by anonymous auth by self write by * none 
-olcAccess: to attrs=shadowLastChange by self write by * read 
-olcAccess: to dn.base=""​ by * read 
-olcAccess: to * by dn="​cn=admin,​dc=corpX,​dc=un"​ write by * read 
-</​code><​code>​ 
-root@server:​~#​ ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif 
-</​code>​ 
  
  
установка_и_настройка_openldap.1369216248.txt.gz · Last modified: 2013/06/05 08:31 (external edit)