Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
установка_и_настройка_openldap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
установка_и_настройка_openldap [2013/05/22 13:50]
127.0.0.1 внешнее изменение 		установка_и_настройка_openldap [2022/10/03 07:25]
val [Отключение анонимного доступа]
Line 1: Line 1:
 ====== Установка и настройка OpenLDAP ====== ====== Установка и настройка OpenLDAP ======
  
-[[http://​grudina.info/​articles/​linux/​nastroyka-servera-openldap.html]]+===== Debian/Ubuntu =====
  
-===== Установка, настройка и запуск ldap сервера =====+  * [[https://​help.ubuntu.com/​14.04/​serverguide/​openldap-server.html|Сервер OpenLDAP]] 
 +  * [[https://​serverfault.com/​questions/​63916/​how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] 
 + 
 +<​code>​ 
 +root@server:​~#​ apt install slapd ldap-utils 
 + 
 +Administrative password: secret 
 + 
 +root@server:​~#​ ldapsearch -x -b "dc=corpX,dc=un" 
 +</​code>​ 
 + 
 +===== Отключение ​анонимного доступа ===== 
 + 
 +  * [[https://​serverfault.com/​questions/​63916/​how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] 
 + 
 +<​code>​ 
 +# ldapsearch -x -b"​dc=corpX,dc=un" -H ldap://​server -D "​cn=admin,​dc=corpX,​dc=un"​ -w secret "​uid=user1"​ 
 +</​code>​ 
 + 
 +===== Включение TLS ===== 
 + 
 +  * [[https://​ubuntu.com/​server/​docs/​service-ldap-with-tls|LDAP & TLS]] 
 +  * [[Пакет OpenSSL#Создание центра сертификации]] 
 + 
 +<​code>​ 
 +# chmod 0640 /etc/ldap/key.pem 
 + 
 +# chgrp openldap /​etc/​ldap/​key.pem 
 + 
 +# cat certinfo.ldif 
 +</​code><​code>​ 
 +dn: cn=config 
 +add: olcTLSCACertificateFile 
 +olcTLSCACertificateFile:​ /​etc/​ldap/​ca.pem 
 +
 +add: olcTLSCertificateFile 
 +olcTLSCertificateFile:​ /​etc/​ldap/​cert.pem 
 +
 +add: olcTLSCertificateKeyFile 
 +olcTLSCertificateKeyFile:​ /​etc/​ldap/​key.pem 
 +</​code><​code>​ 
 +# ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif 
 + 
 +root@server:​~#​ cat /​etc/​default/​slapd 
 +</​code><​code>​ 
 +... 
 +SLAPD_SERVICES="​ldap://​127.0.0.1:​389/​ ldaps:/// ldapi:///"​ 
 +... 
 +</​code><​code>​ 
 +# systemctl restart slapd.service 
 +</​code>​ 
 + 
 +===== Дополнительные материалы =====
  
 ==== FreeBSD ==== ==== FreeBSD ====
 <​code>​ <​code>​
-[server:~] # pkg_add -r openldap24-server+[server:~] # pkg install openldap-server
  
 [server:~] # cat /​usr/​local/​etc/​openldap/​slapd.conf [server:~] # cat /​usr/​local/​etc/​openldap/​slapd.conf
Line 14: Line 66:
 include ​        /​usr/​local/​etc/​openldap/​schema/​core.schema include ​        /​usr/​local/​etc/​openldap/​schema/​core.schema
 include ​        /​usr/​local/​etc/​openldap/​schema/​cosine.schema include ​        /​usr/​local/​etc/​openldap/​schema/​cosine.schema
 +include ​        /​usr/​local/​etc/​openldap/​schema/​inetorgperson.schema
 include ​        /​usr/​local/​etc/​openldap/​schema/​nis.schema include ​        /​usr/​local/​etc/​openldap/​schema/​nis.schema
 +...
 +moduleload ​     back_mdb
 ... ...
 suffix ​               "​dc=corpX,​dc=un"​ suffix ​               "​dc=corpX,​dc=un"​
Line 25: Line 80:
 slapd_enable="​YES"​ slapd_enable="​YES"​
 </​code><​code>​ </​code><​code>​
-[server:~] # /​usr/​local/​etc/​rc.d/​slapd start +[server:~] # service ​slapd start
- +
-[server:~] # rehash +
-</​code>​ +
- +
-==== CentOS ==== +
-<​code>​ +
-[root@server ~]# yum install openldap-servers openldap-clients +
- +
-Далее как в FreeBSD /​etc/​openldap/​slapd.conf+
 </​code>​ </​code>​
  
  
- 
-==== Ubuntu (12.04) ==== 
-[[https://​help.ubuntu.com/​12.04/​serverguide/​openldap-server.html]] 
- 
-<​code>​ 
-root@server:​~#​ apt-get install slapd ldap-utils 
- 
-Administrative password: secret 
- 
-root@server:​~#​ ldapsearch -x -LLL -H ldap:/// -b dc=corpX,​dc=un dn 
-</​code>​ 
- 
-==== Ubuntu (10.04) ==== 
-[[http://​doc.ubuntu.com/​ubuntu/​serverguide/​C/​openldap-server.html]] 
- 
-<​code>​ 
-root@server:​~#​ apt-get install slapd ldap-utils 
- 
-root@server:​~#​ ldapadd -Y EXTERNAL -H ldapi:/// -f /​etc/​ldap/​schema/​cosine.ldif 
-root@server:​~#​ ldapadd -Y EXTERNAL -H ldapi:/// -f /​etc/​ldap/​schema/​nis.ldif 
- 
-root@server:​~#​ cat config.ldif 
-</​code><​code>​ 
-# Load dynamic backend modules 
-dn: cn=module,​cn=config 
-objectClass:​ olcModuleList 
-cn: module 
-olcModulepath:​ /​usr/​lib/​ldap 
-olcModuleload:​ back_hdb 
- 
-# Database settings 
-dn: olcDatabase=hdb,​cn=config 
-objectClass:​ olcDatabaseConfig 
-objectClass:​ olcHdbConfig 
-olcDatabase:​ {1}hdb 
-olcSuffix: dc=corpX,​dc=un 
-olcDbDirectory:​ /​var/​lib/​ldap 
-olcRootDN: cn=admin,​dc=corpX,​dc=un 
-olcRootPW: secret 
-olcDbIndex: objectClass eq 
-olcLastMod: TRUE 
-olcAccess: to attrs=userPassword by dn="​cn=admin,​dc=corpX,​dc=un"​ write by anonymous auth by self write by * none 
-olcAccess: to attrs=shadowLastChange by self write by * read 
-olcAccess: to dn.base=""​ by * read 
-olcAccess: to * by dn="​cn=admin,​dc=corpX,​dc=un"​ write by * read 
-</​code><​code>​ 
-root@server:​~#​ ldapadd -Y EXTERNAL -H ldapi:/// -f config.ldif 
-</​code>​ 
  
  
установка_и_настройка_openldap.txt · Last modified: 2022/10/03 07:25 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki