LDAP: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) |
Sirmax (обсуждение | вклад) |
||
| Строка 62: | Строка 62: | ||
==Check configuration== |
==Check configuration== |
||
2 steps to check configuration: |
2 steps to check configuration: |
||
| − | * chack with slapcat which shows data directly from files even if OpenLDAP server process is not running. |
+ | * chack with <B>slapcat</B> which shows data directly from files even if OpenLDAP server process is not running. |
| − | * Check with ldapsearch, which operate as ldap client. |
+ | * Check with <B>ldapsearch</B>, which operate as ldap client. |
| + | ===slapcat=== |
||
<PRE> |
<PRE> |
||
slapcat |
slapcat |
||
| Строка 103: | Строка 104: | ||
* dn: cn=admin,dc=demo (admin user) |
* dn: cn=admin,dc=demo (admin user) |
||
| + | ===ldapsearch=== |
||
| − | <BR> |
||
Check admin passwod (connection to LDAP with ldapsearch): |
Check admin passwod (connection to LDAP with ldapsearch): |
||
* user: <B>cn=admin,dc=demo</B> |
* user: <B>cn=admin,dc=demo</B> |
||
| − | * search base (:where to search from") <B>dc=demo</ |
+ | * search base (:where to search from") <B>dc=demo</B> |
<PRE> |
<PRE> |
||
ldapsearch -D "cn=admin,dc=demo" -w r00tme -b "dc=demo"</PRE> |
ldapsearch -D "cn=admin,dc=demo" -w r00tme -b "dc=demo"</PRE> |
||
Версия 12:43, 24 марта 2016
LDAP
Нужна минимальная инсталляция LDAP для интеграции CD/CD инструментов - gerrit и jenkins
Assumptions
- Server IP: 192.168.56.102
- Server Name: cicd
- Root DN: demo
- Any password (for all users): r00tme
- OS: Ubunti 14.04
Подготовка
- add key
mkdir -p /root/.ssh /root/.ssh/authorized_keys
Установка пакетов:
sudo apt-get update sudo apt-get install slapd ldap-utils phpldapadmin mc vim strace tcpdump tcpflow
После установки
Check for running processes:
ps -auxfw <SKIP> openldap 3945 0.0 0.2 194060 8276 ? Ssl 11:24 0:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d root 5073 0.0 0.7 241084 22484 ? Ss 11:24 0:00 /usr/sbin/apache2 -k start www-data 5076 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start www-data 5077 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start www-data 5078 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start www-data 5079 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start www-data 5080 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start
Настройка
dpkg-reconfigure slapd
Configure Password: r00tme
Configure root DN: demo for this demo.
Check configuration
2 steps to check configuration:
- chack with slapcat which shows data directly from files even if OpenLDAP server process is not running.
- Check with ldapsearch, which operate as ldap client.
slapcat
slapcat
Result:
dn: dc=demo objectClass: top objectClass: dcObject objectClass: organization o: demo dc: demo structuralObjectClass: organization entryUUID: 2dd35bc8-85f2-1035-8d51-1b798eec3e6d creatorsName: cn=admin,dc=demo createTimestamp: 20160324095443Z entryCSN: 20160324095443.807089Z#000000#000#000000 modifiersName: cn=admin,dc=demo modifyTimestamp: 20160324095443Z dn: cn=admin,dc=demo objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs= structuralObjectClass: organizationalRole entryUUID: 2dd3e822-85f2-1035-8d52-1b798eec3e6d creatorsName: cn=admin,dc=demo createTimestamp: 20160324095443Z entryCSN: 20160324095443.810666Z#000000#000#000000 modifiersName: cn=admin,dc=demo modifyTimestamp: 20160324095443Z
As you can see we have
- dn: dc=demo (root object)
- dn: cn=admin,dc=demo (admin user)
ldapsearch
Check admin passwod (connection to LDAP with ldapsearch):
- user: cn=admin,dc=demo
- search base (:where to search from") dc=demo
ldapsearch -D "cn=admin,dc=demo" -w r00tme -b "dc=demo"
Result:
dn: dc=demo objectClass: top objectClass: dcObject objectClass: organization o: demo dc: demo # admin, demo dn: cn=admin,dc=demo objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs= search: 2 result: 0 Success
<So now we have OpenLDAP server with/B>
PHP LdapAdmin
Configuration
In file /etc/phpldapadmin/config.php change 2 lines:
$servers->setValue('server','base',array('dc=demo'));
$servers->setValue('login','bind_id','cn=admin,dc=demo');
This changes are configured phpldapadmin to use correct root dn and default user.
Check
open in browser http://192.168.56.102/phpldapadmin/
Links
Jenkins
TBD
Manage Jenkins -> Configure Global Security --> LDAP
