LDAP: различия между версиями

Материал из noname.com.ua
Перейти к навигацииПерейти к поиску
 
(не показаны 34 промежуточные версии этого же участника)
Строка 1: Строка 1:
 
[[Категория:LDAP]]
 
[[Категория:LDAP]]
 
[[Категория:Linux]]
 
[[Категория:Linux]]
  +
[[Категория:CICD]]
  +
   
 
=LDAP=
 
=LDAP=
  +
Главная страница:
Заметки
 
  +
* http://wiki.sirmax.noname.com.ua/index.php/CI_CD_1_day
   
* sudo apt-get install slapd ldap-utils
 
* sudo apt-get install phpldapadmin
 
   
  +
Нужна минимальная инсталляция LDAP для интеграции CD/CD инструментов - gerrit и jenkins
  +
* Коротко о том что такое DN, CN ... http://wiki.sirmax.noname.com.ua/index.php/LDAP_general_info
  +
==Assumptions==
  +
  +
* Server IP: <B>192.168.56.102</B>
  +
* Server Name: <B>cicd</B>
  +
* Root DN: <B>demo</B>
  +
* Any password (for all users): <B>r00tme</B>
  +
* OS: <B>Ubunti 14.04</B>
  +
  +
==Подготовка==
  +
* add key
  +
<PRE>
  +
mkdir -p /root/.ssh
  +
/root/.ssh/authorized_keys
  +
</PRE>
  +
Установка пакетов:
  +
<PRE>
  +
sudo apt-get update
  +
sudo apt-get install slapd ldap-utils phpldapadmin mc vim strace tcpdump tcpflow
  +
</PRE>
  +
  +
==После установки==
  +
Check for running processes:
  +
<PRE>
  +
ps -auxfw
  +
  +
<SKIP>
  +
  +
openldap 3945 0.0 0.2 194060 8276 ? Ssl 11:24 0:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
  +
root 5073 0.0 0.7 241084 22484 ? Ss 11:24 0:00 /usr/sbin/apache2 -k start
  +
www-data 5076 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start
  +
www-data 5077 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start
  +
www-data 5078 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start
  +
www-data 5079 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start
  +
www-data 5080 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start
  +
</PRE>
  +
  +
==Настройка==
  +
<PRE>
  +
dpkg-reconfigure slapd
  +
</PRE>
  +
  +
Configure Password: <B>r00tme</B>
  +
<BR>
  +
[[Изображение:Ldap1.png|600px]]
  +
<BR>
  +
  +
Configure root DN: <B>demo</B> for this demo.
  +
<BR>
  +
[[Изображение:Ldap2.png|600px]]
  +
  +
==Check configuration==
  +
2 steps to check configuration:
  +
* chack with <B>slapcat</B> which shows data directly from files even if OpenLDAP server process is not running.
  +
* Check with <B>ldapsearch</B>, which operate as ldap client.
  +
  +
===slapcat===
 
<PRE>
 
<PRE>
 
slapcat
 
slapcat
  +
</PRE>
56f012d9 ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config.ldif"
 
  +
Result:
dn: dc=demo,dc=com
 
  +
<PRE>
  +
dn: dc=demo
 
objectClass: top
 
objectClass: top
 
objectClass: dcObject
 
objectClass: dcObject
Строка 18: Строка 79:
 
dc: demo
 
dc: demo
 
structuralObjectClass: organization
 
structuralObjectClass: organization
entryUUID: f046b510-83c2-1035-8829-29ac45b577b5
+
entryUUID: 2dd35bc8-85f2-1035-8d51-1b798eec3e6d
creatorsName: cn=admin,dc=demo,dc=com
+
creatorsName: cn=admin,dc=demo
createTimestamp: 20160321151131Z
+
createTimestamp: 20160324095443Z
entryCSN: 20160321151131.872452Z#000000#000#000000
+
entryCSN: 20160324095443.807089Z#000000#000#000000
modifiersName: cn=admin,dc=demo,dc=com
+
modifiersName: cn=admin,dc=demo
modifyTimestamp: 20160321151131Z
+
modifyTimestamp: 20160324095443Z
   
dn: cn=admin,dc=demo,dc=com
+
dn: cn=admin,dc=demo
 
objectClass: simpleSecurityObject
 
objectClass: simpleSecurityObject
 
objectClass: organizationalRole
 
objectClass: organizationalRole
 
cn: admin
 
cn: admin
 
description: LDAP administrator
 
description: LDAP administrator
userPassword:: e1NTSEF9cjVNc0tEUUkyRmlMNzRmYmYra1BLcENwY2xOZGw3eDA=
+
userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs=
 
structuralObjectClass: organizationalRole
 
structuralObjectClass: organizationalRole
entryUUID: f0474e9e-83c2-1035-882a-29ac45b577b5
+
entryUUID: 2dd3e822-85f2-1035-8d52-1b798eec3e6d
creatorsName: cn=admin,dc=demo,dc=com
+
creatorsName: cn=admin,dc=demo
createTimestamp: 20160321151131Z
+
createTimestamp: 20160324095443Z
entryCSN: 20160321151131.876381Z#000000#000#000000
+
entryCSN: 20160324095443.810666Z#000000#000#000000
modifiersName: cn=admin,dc=demo,dc=com
+
modifiersName: cn=admin,dc=demo
modifyTimestamp: 20160321151131Z
+
modifyTimestamp: 20160324095443Z
 
</PRE>
 
</PRE>
  +
<BR>
  +
As you can see we have
  +
* dn: dc=demo (root object)
  +
* dn: cn=admin,dc=demo (admin user)
  +
  +
===ldapsearch===
  +
Check admin passwod (connection to LDAP with ldapsearch):
  +
* user: <B>cn=admin,dc=demo</B>
  +
* search base (:where to search from") <B>dc=demo</B>
 
<PRE>
 
<PRE>
ldapsearch -D "cn=admin,dc=demo,dc=com" -w r00tme
+
ldapsearch -D "cn=admin,dc=demo" -w r00tme -b "dc=demo"</PRE>
  +
Result:
# extended LDIF
 
  +
<PRE>
#
 
  +
dn: dc=demo
# LDAPv3
 
  +
objectClass: top
# base <> (default) with scope subtree
 
  +
objectClass: dcObject
# filter: (objectclass=*)
 
  +
objectClass: organization
# requesting: ALL
 
  +
o: demo
#
 
  +
dc: demo
  +
  +
# admin, demo
  +
dn: cn=admin,dc=demo
  +
objectClass: simpleSecurityObject
  +
objectClass: organizationalRole
  +
cn: admin
  +
description: LDAP administrator
  +
userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs=
   
# search result
 
 
search: 2
 
search: 2
result: 32 No such object
+
result: 0 Success
  +
</PRE>
   
  +
<B>So now we have OpenLDAP server with</B>
# numResponses: 1
 
  +
  +
=PHP LdapAdmin=
  +
==Configuration==
  +
In file <B> /etc/phpldapadmin/config.php</B> change 2 lines:
  +
<PRE>
  +
$servers->setValue('server','base',array('dc=demo'));
  +
$servers->setValue('login','bind_id','cn=admin,dc=demo');
 
</PRE>
 
</PRE>
  +
This changes are configured phpldapadmin to use correct root dn and default user.
  +
  +
==Check==
  +
* Open in browser http://192.168.56.102/phpldapadmin/
  +
<BR>
  +
[[Изображение:Ldap3.png|600px]]
  +
<BR>
  +
  +
Log-in with credentials
  +
* Login name: <B>cn=amin, dc=demo</B>
  +
* Password: <B>r00tme</B>
  +
<BR>
  +
[[Изображение:Ldap5.png|600px]]
  +
<BR>
  +
  +
See LDAP tree with 2 objects:
  +
* root dc=demo
  +
* admin user
  +
  +
<BR>
  +
[[Изображение:Ldap4.png|600px]]
  +
<BR>
  +
  +
=Links=
  +
* http://mnorin.com/ldap-ustanovka-i-nastrojka-ldap-servera.html
  +
  +
=Ссылки=
  +
* http://mnorin.com/ldap-ustanovka-i-nastrojka-ldap-servera.html

Текущая версия на 13:41, 17 августа 2016


LDAP

Главная страница:


Нужна минимальная инсталляция LDAP для интеграции CD/CD инструментов - gerrit и jenkins

Assumptions

  • Server IP: 192.168.56.102
  • Server Name: cicd
  • Root DN: demo
  • Any password (for all users): r00tme
  • OS: Ubunti 14.04

Подготовка

  • add key
mkdir -p /root/.ssh
/root/.ssh/authorized_keys

Установка пакетов:

sudo apt-get update
sudo apt-get install slapd ldap-utils phpldapadmin mc vim strace tcpdump tcpflow 

После установки

Check for running processes:

ps -auxfw

<SKIP>

openldap  3945  0.0  0.2 194060  8276 ?        Ssl  11:24   0:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
root      5073  0.0  0.7 241084 22484 ?        Ss   11:24   0:00 /usr/sbin/apache2 -k start
www-data  5076  0.0  0.2 241108  7324 ?        S    11:24   0:00  \_ /usr/sbin/apache2 -k start
www-data  5077  0.0  0.2 241108  7324 ?        S    11:24   0:00  \_ /usr/sbin/apache2 -k start
www-data  5078  0.0  0.2 241108  7324 ?        S    11:24   0:00  \_ /usr/sbin/apache2 -k start
www-data  5079  0.0  0.2 241108  7324 ?        S    11:24   0:00  \_ /usr/sbin/apache2 -k start
www-data  5080  0.0  0.2 241108  7324 ?        S    11:24   0:00  \_ /usr/sbin/apache2 -k start

Настройка

dpkg-reconfigure slapd

Configure Password: r00tme
Ldap1.png

Configure root DN: demo for this demo.
Ldap2.png

Check configuration

2 steps to check configuration:

  • chack with slapcat which shows data directly from files even if OpenLDAP server process is not running.
  • Check with ldapsearch, which operate as ldap client.

slapcat

slapcat

Result:

dn: dc=demo
objectClass: top
objectClass: dcObject
objectClass: organization
o: demo
dc: demo
structuralObjectClass: organization
entryUUID: 2dd35bc8-85f2-1035-8d51-1b798eec3e6d
creatorsName: cn=admin,dc=demo
createTimestamp: 20160324095443Z
entryCSN: 20160324095443.807089Z#000000#000#000000
modifiersName: cn=admin,dc=demo
modifyTimestamp: 20160324095443Z

dn: cn=admin,dc=demo
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs=
structuralObjectClass: organizationalRole
entryUUID: 2dd3e822-85f2-1035-8d52-1b798eec3e6d
creatorsName: cn=admin,dc=demo
createTimestamp: 20160324095443Z
entryCSN: 20160324095443.810666Z#000000#000#000000
modifiersName: cn=admin,dc=demo
modifyTimestamp: 20160324095443Z


As you can see we have

  • dn: dc=demo (root object)
  • dn: cn=admin,dc=demo (admin user)

ldapsearch

Check admin passwod (connection to LDAP with ldapsearch):

  • user: cn=admin,dc=demo
  • search base (:where to search from") dc=demo
ldapsearch -D "cn=admin,dc=demo" -w r00tme -b "dc=demo"

Result:

dn: dc=demo
objectClass: top
objectClass: dcObject
objectClass: organization
o: demo
dc: demo

# admin, demo
dn: cn=admin,dc=demo
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs=

search: 2
result: 0 Success

So now we have OpenLDAP server with

PHP LdapAdmin

Configuration

In file /etc/phpldapadmin/config.php change 2 lines:

$servers->setValue('server','base',array('dc=demo'));
$servers->setValue('login','bind_id','cn=admin,dc=demo');

This changes are configured phpldapadmin to use correct root dn and default user.

Check


Ldap3.png

Log-in with credentials

  • Login name: cn=amin, dc=demo
  • Password: r00tme


Ldap5.png

See LDAP tree with 2 objects:

  • root dc=demo
  • admin user


Ldap4.png

Links

Ссылки