User Tools
установка_и_настройка_openldap
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
установка_и_настройка_openldap [2015/09/07 11:43] val [FreeBSD] |
установка_и_настройка_openldap [2022/10/03 07:25] val [Отключение анонимного доступа] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Установка и настройка OpenLDAP ====== | ====== Установка и настройка OpenLDAP ====== | ||
| - | ===== Ubuntu ===== | + | ===== Debian/Ubuntu ===== |
| * [[https://help.ubuntu.com/14.04/serverguide/openldap-server.html|Сервер OpenLDAP]] | * [[https://help.ubuntu.com/14.04/serverguide/openldap-server.html|Сервер OpenLDAP]] | ||
| + | * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] | ||
| <code> | <code> | ||
| - | root@server:~# apt-get install slapd ldap-utils | + | root@server:~# apt install slapd ldap-utils |
| Administrative password: secret | Administrative password: secret | ||
| - | root@server:~# ldapsearch -x -LLL -H ldap:/// -b dc=corpX,dc=un dn | + | root@server:~# ldapsearch -x -b "dc=corpX,dc=un" |
| </code> | </code> | ||
| - | ===== FreeBSD ===== | + | ===== Отключение анонимного доступа ===== |
| + | |||
| + | * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] | ||
| <code> | <code> | ||
| - | [server:~] # pkg install openldap-server | + | # ldapsearch -x -b"dc=corpX,dc=un" -H ldap://server -D "cn=admin,dc=corpX,dc=un" -w secret "uid=user1" |
| + | </code> | ||
| - | [server:~] # pkg_add -r openldap24-server | + | ===== Включение TLS ===== |
| + | |||
| + | * [[https://ubuntu.com/server/docs/service-ldap-with-tls|LDAP & TLS]] | ||
| + | * [[Пакет OpenSSL#Создание центра сертификации]] | ||
| + | |||
| + | <code> | ||
| + | # chmod 0640 /etc/ldap/key.pem | ||
| + | |||
| + | # chgrp openldap /etc/ldap/key.pem | ||
| + | |||
| + | # cat certinfo.ldif | ||
| + | </code><code> | ||
| + | dn: cn=config | ||
| + | add: olcTLSCACertificateFile | ||
| + | olcTLSCACertificateFile: /etc/ldap/ca.pem | ||
| + | - | ||
| + | add: olcTLSCertificateFile | ||
| + | olcTLSCertificateFile: /etc/ldap/cert.pem | ||
| + | - | ||
| + | add: olcTLSCertificateKeyFile | ||
| + | olcTLSCertificateKeyFile: /etc/ldap/key.pem | ||
| + | </code><code> | ||
| + | # ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif | ||
| + | |||
| + | root@server:~# cat /etc/default/slapd | ||
| + | </code><code> | ||
| + | ... | ||
| + | SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" | ||
| + | ... | ||
| + | </code><code> | ||
| + | # systemctl restart slapd.service | ||
| + | </code> | ||
| + | |||
| + | ===== Дополнительные материалы ===== | ||
| + | |||
| + | ==== FreeBSD ==== | ||
| + | <code> | ||
| + | [server:~] # pkg install openldap-server | ||
| [server:~] # cat /usr/local/etc/openldap/slapd.conf | [server:~] # cat /usr/local/etc/openldap/slapd.conf | ||
| Line 38: | Line 80: | ||
| slapd_enable="YES" | slapd_enable="YES" | ||
| </code><code> | </code><code> | ||
| - | [server:~] # /usr/local/etc/rc.d/slapd start | + | [server:~] # service slapd start |
| - | + | ||
| - | [server:~] # rehash | + | |
| </code> | </code> | ||
установка_и_настройка_openldap.txt · Last modified: 2022/10/03 07:25 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
