User Tools
авторизация_с_использованием_ldap_сервера
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
авторизация_с_использованием_ldap_сервера [2019/01/24 14:57] val [Microsoft Active Directory] |
авторизация_с_использованием_ldap_сервера [2022/10/18 17:09] val [Настройка библиотеки nsswitch] |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== Установка LDAP клиента ===== | ===== Установка LDAP клиента ===== | ||
| - | ==== FreeBSD ==== | + | * !!! Не требуется для nss_ldap, удобен для отладки |
| - | <code> | + | |
| - | [gate:~] # pkg install openldap-client | + | |
| - | </code> | + | |
| ==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
| + | |||
| <code> | <code> | ||
| root@gate:~# apt install ldap-utils | root@gate:~# apt install ldap-utils | ||
| + | </code> | ||
| + | |||
| + | ==== FreeBSD ==== | ||
| + | <code> | ||
| + | [gate:~] # pkg install openldap-client | ||
| </code> | </code> | ||
| Line 17: | Line 20: | ||
| ==== OpenLDAP ==== | ==== OpenLDAP ==== | ||
| <code> | <code> | ||
| - | gate# ldapsearch -x -b"dc=corpX,dc=un" -h server "uid=user1" | + | gate# ldapsearch -x -b"dc=corpX,dc=un" -H ldap://server "uid=user1" |
| </code> | </code> | ||
| Line 29: | Line 32: | ||
| или через ldaps: | или через ldaps: | ||
| - | gate# LDAPTLS_REQCERT=never ldapsearch -x -D "cn=Administrator,cn=Users,dc=corpX,dc=un" -W -H ldaps://server -b "dc=corpX,dc=un" "sAMAccountName=user1" | + | gate# LDAPTLS_REQCERT=never ldapsearch -x -D "cn=Administrator,cn=Users,dc=corpX,dc=un" -w 'Pa$$w0rd' -H ldaps://server.corpX.un -b "dc=corpX,dc=un" "sAMAccountName=user1" |
| + | |||
| + | или с Kerberos GSSAPI аутентификацией | ||
| + | |||
| + | gate# apt install libsasl2-modules-gssapi-mit | ||
| + | gate# kinit Administrator | ||
| + | gate# ldapsearch -h server -b "dc=corpX,dc=un" "sAMAccountName=user1" | ||
| </code><code> | </code><code> | ||
| ... | ... | ||
| + | msSFU30NisDomain: corpX | ||
| uidNumber: 10001 | uidNumber: 10001 | ||
| gidNumber: 10001 | gidNumber: 10001 | ||
| Line 41: | Line 51: | ||
| </code><code> | </code><code> | ||
| ... | ... | ||
| + | msSFU30NisDomain: corpX | ||
| gidNumber: 10001 | gidNumber: 10001 | ||
| - | ... | ||
| - | </code><code> | ||
| - | # ldapsearch -x -D "cn=Administrator,cn=Users,dc=corpX,dc=un" -W -h server -b "dc=corpX,dc=un" "sAMAccountName=group1" | ||
| - | </code><code> | ||
| - | ... | ||
| - | gidNumber: 15001 | ||
| - | memberUid: user2 | ||
| - | memberUid: user1 | ||
| ... | ... | ||
| </code> | </code> | ||
| ===== Установка библиотеки nss ldap ===== | ===== Установка библиотеки nss ldap ===== | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [gate:~] # pkg install nss_ldap | ||
| - | |||
| - | [gate:~] # cat /usr/local/etc/nss_ldap.conf | ||
| - | </code> | ||
| ==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
| <code> | <code> | ||
| - | root@gate:~# apt install libnss-ldap | + | root@gate:~# DEBIAN_FRONTEND=noninteractive apt install libnss-ldap |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 72: | Line 68: | ||
| debian# cat /etc/libnss-ldap.conf | debian# cat /etc/libnss-ldap.conf | ||
| + | </code> | ||
| + | |||
| + | ==== FreeBSD ==== | ||
| + | <code> | ||
| + | [gate:~] # pkg install nss_ldap | ||
| + | |||
| + | [gate:~] # cat /usr/local/etc/nss_ldap.conf | ||
| </code> | </code> | ||
| Line 78: | Line 81: | ||
| ==== OpenLDAP ==== | ==== OpenLDAP ==== | ||
| <code> | <code> | ||
| - | host server | + | uri ldap://server |
| base dc=corpX,dc=un | base dc=corpX,dc=un | ||
| - | nss_base_passwd ou=users,dc=corpX,dc=un?one | + | nss_base_passwd ou=People, |
| - | nss_base_group ou=groups,dc=corpX,dc=un?one | + | nss_base_group ou=Group, |
| </code> | </code> | ||
| Line 108: | Line 111: | ||
| </code> | </code> | ||
| - | === 2008/Samba4 === | + | === 2008 === |
| <code> | <code> | ||
| host server | host server | ||
| - | |||
| - | # uri ldaps://server/ | ||
| - | # tls_checkpeer no | ||
| base dc=corpX,dc=un | base dc=corpX,dc=un | ||
| Line 129: | Line 129: | ||
| </code> | </code> | ||
| - | === 2016 === | + | === 2016/Samba4 === |
| <code> | <code> | ||
| host server | host server | ||
| + | |||
| + | # uri ldaps://server.corpX.un/ | ||
| + | # tls_checkpeer no | ||
| base dc=corpX,dc=un | base dc=corpX,dc=un | ||
| Line 151: | Line 154: | ||
| </code><code> | </code><code> | ||
| ... | ... | ||
| - | passwd: files ldap | + | passwd: files systemd ldap |
| - | group: files ldap | + | group: files systemd ldap |
| - | #shadow: files ldap # for linux | + | shadow: files ldap |
| - | #gshadow: files ldap # for linux, may be no need? | + | |
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | debian# service nscd restart | + | debian# service nscd restart && service nscd reload |
| - | debian# service nscd reload | + | # getent passwd user1 |
| - | + | ||
| - | # getent passwd | + | |
| # id user1 | # id user1 | ||
| Line 168: | Line 168: | ||
| ===== Установка сертификатов ===== | ===== Установка сертификатов ===== | ||
| - | ==== FreeBSD ==== | + | * [[Пакет OpenSSL#Импорт сертификата центра сертификации]] |
| - | <code> | + | |
| - | # setenv LDAPTLS_REQCERT never | + | |
| - | или | + | |
| - | # pkg install ca_root_nss | + | |
| - | # setenv LDAPTLS_CACERT /usr/local/etc/ssl/cert.pem | + | |
| - | </code> | + | |
| - | ==== Linux ==== | + | |
| <code> | <code> | ||
| # export LDAPTLS_REQCERT=never | # export LDAPTLS_REQCERT=never | ||
| </code> | </code> | ||
авторизация_с_использованием_ldap_сервера.txt · Last modified: 2024/01/26 13:06 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
