User Tools
установка_и_настройка_openldap
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
установка_и_настройка_openldap [2012/07/12 14:02] val |
установка_и_настройка_openldap [2022/10/03 07:25] val [Отключение анонимного доступа] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Установка и настройка OpenLDAP ====== | ====== Установка и настройка OpenLDAP ====== | ||
| - | [[http://grudina.info/articles/linux/nastroyka-servera-openldap.html]] | + | ===== Debian/Ubuntu ===== |
| - | ===== Установка, настройка и запуск ldap сервера ===== | + | * [[https://help.ubuntu.com/14.04/serverguide/openldap-server.html|Сервер OpenLDAP]] |
| + | * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] | ||
| - | ==== FreeBSD ==== | ||
| <code> | <code> | ||
| - | [server:~] # pkg_add -r openldap24-server | + | root@server:~# apt install slapd ldap-utils |
| - | [server:~] # cat /usr/local/etc/openldap/slapd.conf | + | Administrative password: secret |
| - | ... | + | |
| - | include /usr/local/etc/openldap/schema/core.schema | + | |
| - | include /usr/local/etc/openldap/schema/cosine.schema | + | |
| - | include /usr/local/etc/openldap/schema/nis.schema | + | |
| - | ... | + | |
| - | suffix "dc=corpX,dc=un" | + | |
| - | rootdn "cn=admin,dc=corpX,dc=un" | + | |
| - | ... | + | |
| - | [server:~] # cat /etc/rc.conf | + | root@server:~# ldapsearch -x -b "dc=corpX,dc=un" |
| - | ... | + | </code> |
| - | slapd_enable="YES" | + | |
| - | ... | + | |
| - | [server:~] # /usr/local/etc/rc.d/slapd start | + | ===== Отключение анонимного доступа ===== |
| - | [server:~] # rehash | + | * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] |
| - | </code> | + | |
| - | ==== CentOS ==== | ||
| <code> | <code> | ||
| - | [root@server ~]# yum install openldap-servers openldap-clients | + | # ldapsearch -x -b"dc=corpX,dc=un" -H ldap://server -D "cn=admin,dc=corpX,dc=un" -w secret |
| - | + | ||
| - | Далее как в FreeBSD /etc/openldap/slapd.conf | + | |
| </code> | </code> | ||
| + | ===== Включение TLS ===== | ||
| + | * [[https://ubuntu.com/server/docs/service-ldap-with-tls|LDAP & TLS]] | ||
| + | * [[Пакет OpenSSL#Создание центра сертификации]] | ||
| - | ==== Ubuntu (10.04) ==== | ||
| - | http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html | ||
| <code> | <code> | ||
| - | root@server:~# apt-get install slapd ldap-utils | + | # chmod 0640 /etc/ldap/key.pem |
| - | root@server:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif | + | # chgrp openldap /etc/ldap/key.pem |
| - | root@server:~# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif | + | |
| - | root@server:~# cat config.ldif | + | # cat certinfo.ldif |
| </code><code> | </code><code> | ||
| - | # Load dynamic backend modules | + | dn: cn=config |
| - | dn: cn=module,cn=config | + | add: olcTLSCACertificateFile |
| - | objectClass: olcModuleList | + | olcTLSCACertificateFile: /etc/ldap/ca.pem |
| - | cn: module | + | - |
| - | olcModulepath: /usr/lib/ldap | + | add: olcTLSCertificateFile |
| - | olcModuleload: back_hdb | + | olcTLSCertificateFile: /etc/ldap/cert.pem |
| + | - | ||
| + | add: olcTLSCertificateKeyFile | ||
| + | olcTLSCertificateKeyFile: /etc/ldap/key.pem | ||
| + | </code><code> | ||
| + | # ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif | ||
| - | # Database settings | + | root@server:~# cat /etc/default/slapd |
| - | dn: olcDatabase=hdb,cn=config | + | |
| - | objectClass: olcDatabaseConfig | + | |
| - | objectClass: olcHdbConfig | + | |
| - | olcDatabase: {1}hdb | + | |
| - | olcSuffix: dc=corpX,dc=un | + | |
| - | olcDbDirectory: /var/lib/ldap | + | |
| - | olcRootDN: cn=admin,dc=corpX,dc=un | + | |
| - | olcRootPW: secret | + | |
| - | olcDbIndex: objectClass eq | + | |
| - | olcLastMod: TRUE | + | |
| - | olcAccess: to attrs=userPassword by dn="cn=admin,dc=corpX,dc=un" write by anonymous auth by self write by * none | + | |
| - | olcAccess: to attrs=shadowLastChange by self write by * read | + | |
| - | olcAccess: to dn.base="" by * read | + | |
| - | olcAccess: to * by dn="cn=admin,dc=corpX,dc=un" write by * read | + | |
| </code><code> | </code><code> | ||
| - | root@server:~# ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif | + | ... |
| + | SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" | ||
| + | ... | ||
| + | </code><code> | ||
| + | # systemctl restart slapd.service | ||
| </code> | </code> | ||
| + | |||
| + | ===== Дополнительные материалы ===== | ||
| + | |||
| + | ==== FreeBSD ==== | ||
| + | <code> | ||
| + | [server:~] # pkg install openldap-server | ||
| + | |||
| + | [server:~] # cat /usr/local/etc/openldap/slapd.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | include /usr/local/etc/openldap/schema/core.schema | ||
| + | include /usr/local/etc/openldap/schema/cosine.schema | ||
| + | include /usr/local/etc/openldap/schema/inetorgperson.schema | ||
| + | include /usr/local/etc/openldap/schema/nis.schema | ||
| + | ... | ||
| + | moduleload back_mdb | ||
| + | ... | ||
| + | suffix "dc=corpX,dc=un" | ||
| + | rootdn "cn=admin,dc=corpX,dc=un" | ||
| + | ... | ||
| + | </code><code> | ||
| + | [server:~] # cat /etc/rc.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | slapd_enable="YES" | ||
| + | </code><code> | ||
| + | [server:~] # service slapd start | ||
| + | </code> | ||
| + | |||
| + | |||
установка_и_настройка_openldap.txt · Last modified: 2022/10/03 07:25 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
