User Tools

Site Tools


установка_и_настройка_openldap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
установка_и_настройка_openldap [2015/08/24 16:08]
val
установка_и_настройка_openldap [2022/10/03 07:25] (current)
val [Отключение анонимного доступа]
Line 1: Line 1:
 ====== Установка и настройка OpenLDAP ====== ====== Установка и настройка OpenLDAP ======
  
-===== Ubuntu ===== +===== Debian/Ubuntu ===== 
-[[https://​help.ubuntu.com/​12.04/​serverguide/​openldap-server.html]]+ 
 +  * [[https://​help.ubuntu.com/​14.04/​serverguide/​openldap-server.html|Сервер OpenLDAP]] 
 +  * [[https://​serverfault.com/​questions/​63916/​how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]]
  
 <​code>​ <​code>​
-root@server:​~#​ apt-get install slapd ldap-utils+root@server:​~#​ apt install slapd ldap-utils
  
 Administrative password: secret Administrative password: secret
  
-root@server:​~#​ ldapsearch -x -LLL -H ldap:/// ​-b dc=corpX,​dc=un ​dn+root@server:​~#​ ldapsearch -x -b "dc=corpX,​dc=un"
 </​code>​ </​code>​
  
-===== FreeBSD ​=====+===== Отключение анонимного доступа ​===== 
 + 
 +  * [[https://​serverfault.com/​questions/​63916/​how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] 
 <​code>​ <​code>​
-[server:​~] ​pkg install openldap-server+ldapsearch ​-x -b"​dc=corpX,​dc=un"​ -H ldap://server ​-D "​cn=admin,​dc=corpX,​dc=un"​ -w secret 
 +</​code>​
  
-[server:~] # pkg_add -r openldap24-server+===== Включение TLS ===== 
 + 
 +  * [[https://​ubuntu.com/​server/​docs/​service-ldap-with-tls|LDAP & TLS]] 
 +  * [[Пакет OpenSSL#​Создание центра сертификации]] 
 + 
 +<​code>​ 
 +# chmod 0640 /​etc/​ldap/​key.pem 
 + 
 +# chgrp openldap /​etc/​ldap/​key.pem 
 + 
 +# cat certinfo.ldif 
 +</​code><​code>​ 
 +dn: cn=config 
 +add: olcTLSCACertificateFile 
 +olcTLSCACertificateFile:​ /​etc/​ldap/​ca.pem 
 +
 +add: olcTLSCertificateFile 
 +olcTLSCertificateFile:​ /​etc/​ldap/​cert.pem 
 +
 +add: olcTLSCertificateKeyFile 
 +olcTLSCertificateKeyFile:​ /​etc/​ldap/​key.pem 
 +</​code><​code>​ 
 +# ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif 
 + 
 +root@server:​~#​ cat /​etc/​default/​slapd 
 +</​code><​code>​ 
 +... 
 +SLAPD_SERVICES="​ldap://​127.0.0.1:​389/​ ldaps:/// ldapi:///"​ 
 +... 
 +</​code><​code>​ 
 +# systemctl restart slapd.service 
 +</​code>​ 
 + 
 +===== Дополнительные материалы ===== 
 + 
 +==== FreeBSD ==== 
 +<​code>​ 
 +[server:~] # pkg install openldap-server
  
 [server:~] # cat /​usr/​local/​etc/​openldap/​slapd.conf [server:~] # cat /​usr/​local/​etc/​openldap/​slapd.conf
Line 23: Line 66:
 include ​        /​usr/​local/​etc/​openldap/​schema/​core.schema include ​        /​usr/​local/​etc/​openldap/​schema/​core.schema
 include ​        /​usr/​local/​etc/​openldap/​schema/​cosine.schema include ​        /​usr/​local/​etc/​openldap/​schema/​cosine.schema
 +include ​        /​usr/​local/​etc/​openldap/​schema/​inetorgperson.schema
 include ​        /​usr/​local/​etc/​openldap/​schema/​nis.schema include ​        /​usr/​local/​etc/​openldap/​schema/​nis.schema
 ... ...
Line 36: Line 80:
 slapd_enable="​YES"​ slapd_enable="​YES"​
 </​code><​code>​ </​code><​code>​
-[server:~] # /​usr/​local/​etc/​rc.d/​slapd start +[server:~] # service ​slapd start
- +
-[server:~] # rehash+
 </​code>​ </​code>​
  
установка_и_настройка_openldap.1440421681.txt.gz · Last modified: 2015/08/24 16:08 by val