User Tools
установка_и_настройка_openldap
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
установка_и_настройка_openldap [2022/05/17 12:39] val |
установка_и_настройка_openldap [2022/10/03 07:25] (current) val [Отключение анонимного доступа] |
||
|---|---|---|---|
| Line 10: | Line 10: | ||
| Administrative password: secret | Administrative password: secret | ||
| - | |||
| - | root@server:~# less /etc/default/slapd | ||
| root@server:~# ldapsearch -x -b "dc=corpX,dc=un" | root@server:~# ldapsearch -x -b "dc=corpX,dc=un" | ||
| Line 17: | Line 15: | ||
| ===== Отключение анонимного доступа ===== | ===== Отключение анонимного доступа ===== | ||
| + | |||
| + | * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] | ||
| + | |||
| + | <code> | ||
| + | # ldapsearch -x -b"dc=corpX,dc=un" -H ldap://server -D "cn=admin,dc=corpX,dc=un" -w secret | ||
| + | </code> | ||
| ===== Включение TLS ===== | ===== Включение TLS ===== | ||
| * [[https://ubuntu.com/server/docs/service-ldap-with-tls|LDAP & TLS]] | * [[https://ubuntu.com/server/docs/service-ldap-with-tls|LDAP & TLS]] | ||
| + | * [[Пакет OpenSSL#Создание центра сертификации]] | ||
| + | <code> | ||
| + | # chmod 0640 /etc/ldap/key.pem | ||
| + | |||
| + | # chgrp openldap /etc/ldap/key.pem | ||
| + | |||
| + | # cat certinfo.ldif | ||
| + | </code><code> | ||
| + | dn: cn=config | ||
| + | add: olcTLSCACertificateFile | ||
| + | olcTLSCACertificateFile: /etc/ldap/ca.pem | ||
| + | - | ||
| + | add: olcTLSCertificateFile | ||
| + | olcTLSCertificateFile: /etc/ldap/cert.pem | ||
| + | - | ||
| + | add: olcTLSCertificateKeyFile | ||
| + | olcTLSCertificateKeyFile: /etc/ldap/key.pem | ||
| + | </code><code> | ||
| + | # ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif | ||
| + | |||
| + | root@server:~# cat /etc/default/slapd | ||
| + | </code><code> | ||
| + | ... | ||
| + | SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" | ||
| + | ... | ||
| + | </code><code> | ||
| + | # systemctl restart slapd.service | ||
| + | </code> | ||
| ===== Дополнительные материалы ===== | ===== Дополнительные материалы ===== | ||
установка_и_настройка_openldap.1652780345.txt.gz · Last modified: 2022/05/17 12:39 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
