User Tools
установка_и_настройка_openldap
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
установка_и_настройка_openldap [2022/05/17 12:13] val |
установка_и_настройка_openldap [2025/05/16 11:37] (current) val [Debian/Ubuntu] |
||
|---|---|---|---|
| Line 7: | Line 7: | ||
| <code> | <code> | ||
| - | root@server:~# apt install slapd ldap-utils | + | server# apt install slapd ldap-utils |
| Administrative password: secret | Administrative password: secret | ||
| - | root@server:~# less /etc/default/slapd | + | server# ldapsearch -x -b "dc=corpX,dc=un" |
| + | </code> | ||
| - | root@server:~# ldapsearch -x -b "dc=corpX,dc=un" | + | ===== Отключение анонимного доступа ===== |
| + | |||
| + | * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] | ||
| + | |||
| + | <code> | ||
| + | # ldapsearch -x -b"dc=corpX,dc=un" -H ldap://server -D "cn=admin,dc=corpX,dc=un" -w secret | ||
| </code> | </code> | ||
| - | ===== FreeBSD ===== | + | ===== Включение TLS ===== |
| + | |||
| + | * [[https://ubuntu.com/server/docs/service-ldap-with-tls|LDAP & TLS]] | ||
| + | * [[Пакет OpenSSL#Создание центра сертификации]] | ||
| + | |||
| + | <code> | ||
| + | # chmod 0640 /etc/ldap/key.pem | ||
| + | |||
| + | # chgrp openldap /etc/ldap/key.pem | ||
| + | |||
| + | # cat certinfo.ldif | ||
| + | </code><code> | ||
| + | dn: cn=config | ||
| + | add: olcTLSCACertificateFile | ||
| + | olcTLSCACertificateFile: /etc/ldap/ca.pem | ||
| + | - | ||
| + | add: olcTLSCertificateFile | ||
| + | olcTLSCertificateFile: /etc/ldap/cert.pem | ||
| + | - | ||
| + | add: olcTLSCertificateKeyFile | ||
| + | olcTLSCertificateKeyFile: /etc/ldap/key.pem | ||
| + | </code><code> | ||
| + | # ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif | ||
| + | |||
| + | root@server:~# cat /etc/default/slapd | ||
| + | </code><code> | ||
| + | ... | ||
| + | SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" | ||
| + | ... | ||
| + | </code><code> | ||
| + | # systemctl restart slapd.service | ||
| + | </code> | ||
| + | |||
| + | ===== Дополнительные материалы ===== | ||
| + | |||
| + | ==== FreeBSD ==== | ||
| <code> | <code> | ||
| [server:~] # pkg install openldap-server | [server:~] # pkg install openldap-server | ||
установка_и_настройка_openldap.1652778821.txt.gz · Last modified: 2022/05/17 12:13 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
