User Tools
ldap_авторизация_в_microsoft_ad
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
ldap_авторизация_в_microsoft_ad [2010/09/15 12:27] val |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== LDAP авторизация в Microsoft AD ====== | ||
| - | ===== Получение информации о пользователе в AD по протоколу LDAP ===== | ||
| - | <code> | ||
| - | gate# ldapsearch -x -h server -b "dc=corpX,dc=un" -D "cn=Administrator,cn=Users,dc=corpX,dc=un" -W "sAMAccountName=user1" | ||
| - | </code> | ||
| - | |||
| - | ===== Модификация схемы AD ===== | ||
| - | |||
| - | Устанавливаем NIS server из пакета SFU | ||
| - | |||
| - | Опции инсталяции: | ||
| - | <code> | ||
| - | Custom: | ||
| - | Server for NIS | ||
| - | </code> | ||
| - | Добавляем группу "guser1" | ||
| - | |||
| - | Устанавливаем ее UNIX свойство | ||
| - | <code> | ||
| - | gid: 10001 | ||
| - | </code> | ||
| - | |||
| - | Добавляем UNIX атрибуты пользователю "user1" | ||
| - | <code> | ||
| - | uid: 10001 | ||
| - | группа по умолчанию: guser1 | ||
| - | home dir: /home/user1 | ||
| - | </code> | ||
| - | |||
| - | ===== Удаляем учетные записи user1 и user2 из системы и все его файлы (домашний каталог, почту) ===== | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [gate:~] # rmuser user1 | ||
| - | |||
| - | [gate:~] # rmuser user2 | ||
| - | </code> | ||
| - | ==== Ubuntu ==== | ||
| - | <code> | ||
| - | root@gate:~# userdel user1 | ||
| - | |||
| - | root@gate:~# userdel user2 | ||
| - | </code> | ||
| - | |||
| - | ==== FreeBSD/Ubuntu ==== | ||
| - | <code> | ||
| - | gate# id user1 | ||
| - | id: user1: No such user | ||
| - | </code> | ||
| - | |||
| - | ===== Настройка nss ldap на использование AD ===== | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [gate:~] # pkg_add -r nss_ldap | ||
| - | |||
| - | [gate:~] # cat /usr/local/etc/nss_ldap.conf | ||
| - | </code> | ||
| - | |||
| - | ==== Ubuntu ==== | ||
| - | <code> | ||
| - | root@gate:~# apt-get install libnss-ldap | ||
| - | Ответы по умолчанию | ||
| - | |||
| - | root@gate:~# cat /etc/ldap.conf | ||
| - | </code> | ||
| - | |||
| - | ==== FreeBSD/Ubuntu ==== | ||
| - | <code> | ||
| - | host server | ||
| - | base dc=corpX,dc=un | ||
| - | binddn cn=Administrator,cn=Users,dc=corpX,dc=un | ||
| - | bindpw password | ||
| - | scope sub | ||
| - | nss_base_passwd cn=Users,dc=corpX,dc=un?one | ||
| - | nss_base_group cn=Users,dc=corpX,dc=un?one | ||
| - | nss_map_objectClass posixAccount User | ||
| - | nss_map_attribute uid msSFU30Name | ||
| - | nss_map_attribute uniqueMember msSFU30PosixMember | ||
| - | nss_map_attribute homeDirectory msSFU30HomeDirectory | ||
| - | nss_map_objectClass posixGroup Group | ||
| - | nss_map_attribute gidNumber msSFU30GidNumber | ||
| - | nss_map_attribute uidNumber msSFU30UidNumber | ||
| - | nss_map_attribute loginShell msSFU30LoginShell | ||
| - | </code> | ||
| - | |||
| - | ===== Настройка nsswitch на использование ldap ===== | ||
| - | <code> | ||
| - | gate# cat /etc/nsswitch.conf | ||
| - | ... | ||
| - | group: files ldap | ||
| - | passwd: files ldap | ||
| - | shadow: files ldap #для linux | ||
| - | ... | ||
| - | </code> | ||
ldap_авторизация_в_microsoft_ad.1284539251.txt.gz · Last modified: 2013/05/22 13:50 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
