хранение_учетных_записей_kerberos_kdc_в_ldap

Хранение учетных записей KERBEROS KDC в LDAP

https://help.ubuntu.com/10.04/serverguide/C/kerberos-ldap.html

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/kerberos.schema


[dbdefaults]
        ldap_kerberos_container_dn = dc=corpX,dc=un

[realms]
        CORPX.UN = {
                kdc = localhost
                admin_server = localhost
                default_domain = corpX.un
                database_module = openldap_ldapconf
        }

[dbmodules]
        openldap_ldapconf = {
                db_library = kldap
                ldap_kdc_dn = "cn=admin,dc=corpX,dc=un"
                ldap_kadmind_dn = "cn=admin,dc=corpX,dc=un"
                ldap_service_password_file = /etc/krb5kdc/service.keyfile
                ldap_servers = ldap://localhost
                ldap_conns_per_server = 5
        }


kdb5_ldap_util -D  cn=admin,dc=corpX,dc=un create -subtrees dc=corpX,dc=un -r CORPX.UN -s -H ldap://localhost

kdb5_ldap_util -D  cn=admin,dc=corpX,dc=un stashsrvpw -f /etc/krb5kdc/service.keyfile cn=admin,dc=corpX,dc=un


addprinc -x dn="uid=user1,ou=users,dc=corpX,dc=un" user1


root@server.corpX.un:~# cat hosts.ldif 
dn: cn=gatehost,ou=groups,dc=corpX,dc=un
objectClass: posixGroup
cn: gatehost
gidnumber: 15001

dn: uid=gatehost,ou=users,dc=corpX,dc=un
objectClass: account
objectClass: posixAccount
uid: gatehost
cn: gatehost from LDAP
loginshell: /bin/sh
uidnumber: 15001
gidnumber: 15001
homedirectory: /home/gatehost
gecos: gatehost from LDAP
userpassword: *


addprinc -x dn="uid=gatehost,ou=users,dc=corpX,dc=un" -randkey host/gate.corpX.un
хранение_учетных_записей_kerberos_kdc_в_ldap.txt · Last modified: 2013/05/22 13:50 (external edit)