This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
установка_и_настройка_openldap [2015/03/10 11:12] val |
установка_и_настройка_openldap [2022/10/03 07:25] (current) val [Отключение анонимного доступа] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Установка и настройка OpenLDAP ====== | ====== Установка и настройка OpenLDAP ====== | ||
- | [[http://grudina.info/articles/linux/nastroyka-servera-openldap.html]] | + | ===== Debian/Ubuntu ===== |
+ | |||
+ | * [[https://help.ubuntu.com/14.04/serverguide/openldap-server.html|Сервер OpenLDAP]] | ||
+ | * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] | ||
- | ===== FreeBSD ===== | ||
<code> | <code> | ||
- | [server:~] # pkg install openldap-server | + | root@server:~# apt install slapd ldap-utils |
- | [server:~] # pkg_add -r openldap24-server | + | Administrative password: secret |
+ | |||
+ | root@server:~# ldapsearch -x -b "dc=corpX,dc=un" | ||
+ | </code> | ||
+ | |||
+ | ===== Отключение анонимного доступа ===== | ||
+ | |||
+ | * [[https://serverfault.com/questions/63916/how-to-disable-anonymous-access-on-ldap|How to disable anonymous access on LDAP]] | ||
+ | |||
+ | <code> | ||
+ | # ldapsearch -x -b"dc=corpX,dc=un" -H ldap://server -D "cn=admin,dc=corpX,dc=un" -w secret | ||
+ | </code> | ||
+ | |||
+ | ===== Включение TLS ===== | ||
+ | |||
+ | * [[https://ubuntu.com/server/docs/service-ldap-with-tls|LDAP & TLS]] | ||
+ | * [[Пакет OpenSSL#Создание центра сертификации]] | ||
+ | |||
+ | <code> | ||
+ | # chmod 0640 /etc/ldap/key.pem | ||
+ | |||
+ | # chgrp openldap /etc/ldap/key.pem | ||
+ | |||
+ | # cat certinfo.ldif | ||
+ | </code><code> | ||
+ | dn: cn=config | ||
+ | add: olcTLSCACertificateFile | ||
+ | olcTLSCACertificateFile: /etc/ldap/ca.pem | ||
+ | - | ||
+ | add: olcTLSCertificateFile | ||
+ | olcTLSCertificateFile: /etc/ldap/cert.pem | ||
+ | - | ||
+ | add: olcTLSCertificateKeyFile | ||
+ | olcTLSCertificateKeyFile: /etc/ldap/key.pem | ||
+ | </code><code> | ||
+ | # ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif | ||
+ | |||
+ | root@server:~# cat /etc/default/slapd | ||
+ | </code><code> | ||
+ | ... | ||
+ | SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///" | ||
+ | ... | ||
+ | </code><code> | ||
+ | # systemctl restart slapd.service | ||
+ | </code> | ||
+ | |||
+ | ===== Дополнительные материалы ===== | ||
+ | |||
+ | ==== FreeBSD ==== | ||
+ | <code> | ||
+ | [server:~] # pkg install openldap-server | ||
[server:~] # cat /usr/local/etc/openldap/slapd.conf | [server:~] # cat /usr/local/etc/openldap/slapd.conf | ||
Line 14: | Line 66: | ||
include /usr/local/etc/openldap/schema/core.schema | include /usr/local/etc/openldap/schema/core.schema | ||
include /usr/local/etc/openldap/schema/cosine.schema | include /usr/local/etc/openldap/schema/cosine.schema | ||
+ | include /usr/local/etc/openldap/schema/inetorgperson.schema | ||
include /usr/local/etc/openldap/schema/nis.schema | include /usr/local/etc/openldap/schema/nis.schema | ||
... | ... | ||
Line 27: | Line 80: | ||
slapd_enable="YES" | slapd_enable="YES" | ||
</code><code> | </code><code> | ||
- | [server:~] # /usr/local/etc/rc.d/slapd start | + | [server:~] # service slapd start |
- | + | ||
- | [server:~] # rehash | + | |
</code> | </code> | ||
- | ===== Ubuntu (12.04) ===== | ||
- | [[https://help.ubuntu.com/12.04/serverguide/openldap-server.html]] | ||
- | <code> | ||
- | root@server:~# apt-get install slapd ldap-utils | ||
- | |||
- | Administrative password: secret | ||
- | |||
- | root@server:~# ldapsearch -x -LLL -H ldap:/// -b dc=corpX,dc=un dn | ||
- | </code> | ||
- | |||
- | ===== CentOS ===== | ||
- | <code> | ||
- | [root@server ~]# yum install openldap-servers openldap-clients | ||
- | |||
- | Далее как в FreeBSD /etc/openldap/slapd.conf | ||
- | </code> | ||