1

getent passwd getent group

LDAP Configuration

alias ldapsearch='ldapsearch -D "cn=admin,dc=fuel" -w r00tme'
alias ldapmodify='ldapmodify -D "cn=admin,dc=fuel" -w r00tme'

slapcat

dn: dc=fuel
objectClass: top
objectClass: dcObject
objectClass: organization
o: fuel_org
dc: fuel
structuralObjectClass: organization
entryUUID: 9e2a168a-a714-1035-9f39-4b3bdb074971
creatorsName: cn=admin,dc=fuel
createTimestamp: 20160505135423Z
entryCSN: 20160505135423.540761Z#000000#000#000000
modifiersName: cn=admin,dc=fuel
modifyTimestamp: 20160505135423Z

dn: cn=admin,dc=fuel
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9dndjQVZSdnlXWHhyT05LTmpZQVIyMlpmMnFocmg4eWs=
structuralObjectClass: organizationalRole
entryUUID: 9e2a9772-a714-1035-9f3a-4b3bdb074971
creatorsName: cn=admin,dc=fuel
createTimestamp: 20160505135423Z
entryCSN: 20160505135423.544062Z#000000#000#000000
modifiersName: cn=admin,dc=fuel
modifyTimestamp: 20160505135423Z

Добавить организацию Обратить внимание - dn: dc=example_organization,dc=fuel - порядок важен. dc В КОТОРЫЙ добавляется должен быть последним.

# example.org
dn: dc=example_organization,dc=fuel
dc: example_organization
o: Example Organization
objectClass: dcObject
objectClass: organization

Сокращения

alias ldapadd='ldapadd -D "cn=admin,dc=fuel" -w r00tme'
alias ldapmodify='ldapmodify -D "cn=admin,dc=fuel" -w r00tme'
alias ldapsearch='ldapsearch -D "cn=admin,dc=fuel" -w r00tme'

ldapadd < org
adding new entry "dc=example_organization,dc=fuel"

# Manager
dn: cn=Manager,dc=example_organization,dc=fuel
cn: Manager
description: LDAP administrator
objectClass: organizationalRole
objectClass: top
roleOccupant: dc=example_organization,dc=fuel

# People
dn: ou=People,dc=example_organization,dc=fuel
ou: People
objectClass: top
objectClass: organizationalUnit

# Groups
dn: ou=Group,dc=example_organization,dc=fuel
ou: Group
objectClass: top
objectClass: organizationalUnit

dn: uid=sirmax,ou=People,dc=example_organization,dc=fuel
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: sirmax
cn: Max Mazur
sn: Mazur
givenName: Mazur
title: test user
telephoneNumber: +38 067 341 80 70
mobile: +38 067 341 80 70
postalAddress: AddressLine1$AddressLine2$AddressLine3
userPassword: {SSHA}pNCOaigx9LpjZp80yG4lDd/LPI2sZj7K
labeledURI: http://wiki.sirmax.noname.com.ua/
loginShell: /bin/bash
uidNumber: 9999
gidNumber: 9999
homeDirectory: /home/sirmax/
description: This is an example user

Пароль криптуется с помощью slappasswd

Проверить (\ - отключить алиас) (настройки безопасности - отдельная тема, http://www.openldap.org/doc/admin24/access-control.html )

\ldapsearch -x -b 'dc=example_organization,dc=fuel' '(objectclass=*)'

 \ldapsearch -D "uid=sirmax,ou=People,dc=example_organization,dc=fuel" -w r00tme -b 'dc=example_organization,dc=fuel' '(uid=sirmax)'

dn: cn=sirmax,ou=Group,dc=example_organization,dc=fuel
changetype: add
cn: fuel users
objectClass: posixGroup
gidNumber: 9999
description: Fuel Users
memberUid: sirmax

dn: cn=fuel_users,ou=Group,dc=example_organization,dc=fuel
changetype: add
cn: fuel users
objectClass: posixGroup
gidNumber: 109999
description: Fuel Users
memberUid: sirmax

Ссылки

• ВВедение в PAM https://www.ibm.com/developerworks/ru/library/l-pam/

• http://www.mironovs.com/os/unix-os/debian-autentifikatsiya-i-avtorizatsiya-polzovateley-s-pomoschyu-ldap.html

PAM

• https://www.opennet.ru/base/net/pam_linux.txt.html

PAM vs NSS

• http://serverfault.com/questions/538383/understand-pam-and-nss

http://serverfault.com/questions/538383/understand-pam-and-nss

http://skeletor.org.ua/?p=464