LDAP: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) |
Sirmax (обсуждение | вклад) |
||
(не показаны 23 промежуточные версии этого же участника) | |||
Строка 1: | Строка 1: | ||
− | [[Категория:LDAP]] |
||
− | [[Категория:Linux]] |
||
− | |||
[[Категория:LDAP]] |
[[Категория:LDAP]] |
||
[[Категория:Linux]] |
[[Категория:Linux]] |
||
[[Категория:CICD]] |
[[Категория:CICD]] |
||
+ | |||
+ | |||
=LDAP= |
=LDAP= |
||
+ | Главная страница: |
||
+ | * http://wiki.sirmax.noname.com.ua/index.php/CI_CD_1_day |
||
+ | |||
+ | |||
Нужна минимальная инсталляция LDAP для интеграции CD/CD инструментов - gerrit и jenkins |
Нужна минимальная инсталляция LDAP для интеграции CD/CD инструментов - gerrit и jenkins |
||
+ | * Коротко о том что такое DN, CN ... http://wiki.sirmax.noname.com.ua/index.php/LDAP_general_info |
||
− | <BR> |
||
+ | ==Assumptions== |
||
− | OS: Ubunti 14.04 |
||
+ | |||
+ | * Server IP: <B>192.168.56.102</B> |
||
+ | * Server Name: <B>cicd</B> |
||
+ | * Root DN: <B>demo</B> |
||
+ | * Any password (for all users): <B>r00tme</B> |
||
+ | * OS: <B>Ubunti 14.04</B> |
||
==Подготовка== |
==Подготовка== |
||
Строка 43: | Строка 52: | ||
</PRE> |
</PRE> |
||
− | Password: |
+ | Configure Password: <B>r00tme</B> |
<BR> |
<BR> |
||
[[Изображение:Ldap1.png|600px]] |
[[Изображение:Ldap1.png|600px]] |
||
<BR> |
<BR> |
||
+ | Configure root DN: <B>demo</B> for this demo. |
||
+ | <BR> |
||
+ | [[Изображение:Ldap2.png|600px]] |
||
+ | ==Check configuration== |
||
+ | 2 steps to check configuration: |
||
+ | * chack with <B>slapcat</B> which shows data directly from files even if OpenLDAP server process is not running. |
||
+ | * Check with <B>ldapsearch</B>, which operate as ldap client. |
||
+ | |||
+ | ===slapcat=== |
||
<PRE> |
<PRE> |
||
slapcat |
slapcat |
||
+ | </PRE> |
||
− | 56f3b96c ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config.ldif" |
||
+ | Result: |
||
+ | <PRE> |
||
dn: dc=demo |
dn: dc=demo |
||
objectClass: top |
objectClass: top |
||
Строка 80: | Строка 100: | ||
modifyTimestamp: 20160324095443Z |
modifyTimestamp: 20160324095443Z |
||
</PRE> |
</PRE> |
||
+ | <BR> |
||
+ | As you can see we have |
||
+ | * dn: dc=demo (root object) |
||
+ | * dn: cn=admin,dc=demo (admin user) |
||
+ | ===ldapsearch=== |
||
− | |||
+ | Check admin passwod (connection to LDAP with ldapsearch): |
||
− | |||
+ | * user: <B>cn=admin,dc=demo</B> |
||
+ | * search base (:where to search from") <B>dc=demo</B> |
||
<PRE> |
<PRE> |
||
− | ldapsearch -D "cn=admin,dc=demo |
+ | ldapsearch -D "cn=admin,dc=demo" -w r00tme -b "dc=demo"</PRE> |
+ | Result: |
||
− | </PRE> |
||
<PRE> |
<PRE> |
||
+ | dn: dc=demo |
||
− | # extended LDIF |
||
+ | objectClass: top |
||
− | # |
||
+ | objectClass: dcObject |
||
− | # LDAPv3 |
||
+ | objectClass: organization |
||
− | # base <> (default) with scope subtree |
||
+ | o: demo |
||
− | # filter: (objectclass=*) |
||
+ | dc: demo |
||
− | # requesting: ALL |
||
+ | |||
− | # |
||
+ | # admin, demo |
||
+ | dn: cn=admin,dc=demo |
||
+ | objectClass: simpleSecurityObject |
||
+ | objectClass: organizationalRole |
||
+ | cn: admin |
||
+ | description: LDAP administrator |
||
+ | userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs= |
||
− | # search result |
||
search: 2 |
search: 2 |
||
− | result: |
+ | result: 0 Success |
− | # numResponses: 1 |
||
</PRE> |
</PRE> |
||
+ | <B>So now we have OpenLDAP server with</B> |
||
− | ==Jenkins== |
||
− | * https://wiki.jenkins-ci.org/display/JENKINS/Standard+Security+Setup |
||
+ | =PHP LdapAdmin= |
||
+ | ==Configuration== |
||
+ | In file <B> /etc/phpldapadmin/config.php</B> change 2 lines: |
||
+ | <PRE> |
||
+ | $servers->setValue('server','base',array('dc=demo')); |
||
+ | $servers->setValue('login','bind_id','cn=admin,dc=demo'); |
||
+ | </PRE> |
||
+ | This changes are configured phpldapadmin to use correct root dn and default user. |
||
+ | |||
+ | ==Check== |
||
+ | * Open in browser http://192.168.56.102/phpldapadmin/ |
||
+ | <BR> |
||
+ | [[Изображение:Ldap3.png|600px]] |
||
+ | <BR> |
||
+ | |||
+ | Log-in with credentials |
||
+ | * Login name: <B>cn=amin, dc=demo</B> |
||
+ | * Password: <B>r00tme</B> |
||
+ | <BR> |
||
+ | [[Изображение:Ldap5.png|600px]] |
||
+ | <BR> |
||
+ | |||
+ | See LDAP tree with 2 objects: |
||
+ | * root dc=demo |
||
+ | * admin user |
||
+ | |||
+ | <BR> |
||
+ | [[Изображение:Ldap4.png|600px]] |
||
+ | <BR> |
||
+ | =Links= |
||
− | Manage Jenkins -> Configure Global Security --> LDAP |
||
+ | * http://mnorin.com/ldap-ustanovka-i-nastrojka-ldap-servera.html |
||
=Ссылки= |
=Ссылки= |
Текущая версия на 13:41, 17 августа 2016
LDAP
Главная страница:
Нужна минимальная инсталляция LDAP для интеграции CD/CD инструментов - gerrit и jenkins
- Коротко о том что такое DN, CN ... http://wiki.sirmax.noname.com.ua/index.php/LDAP_general_info
Assumptions
- Server IP: 192.168.56.102
- Server Name: cicd
- Root DN: demo
- Any password (for all users): r00tme
- OS: Ubunti 14.04
Подготовка
- add key
mkdir -p /root/.ssh /root/.ssh/authorized_keys
Установка пакетов:
sudo apt-get update sudo apt-get install slapd ldap-utils phpldapadmin mc vim strace tcpdump tcpflow
После установки
Check for running processes:
ps -auxfw <SKIP> openldap 3945 0.0 0.2 194060 8276 ? Ssl 11:24 0:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d root 5073 0.0 0.7 241084 22484 ? Ss 11:24 0:00 /usr/sbin/apache2 -k start www-data 5076 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start www-data 5077 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start www-data 5078 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start www-data 5079 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start www-data 5080 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start
Настройка
dpkg-reconfigure slapd
Configure root DN: demo for this demo.
Check configuration
2 steps to check configuration:
- chack with slapcat which shows data directly from files even if OpenLDAP server process is not running.
- Check with ldapsearch, which operate as ldap client.
slapcat
slapcat
Result:
dn: dc=demo objectClass: top objectClass: dcObject objectClass: organization o: demo dc: demo structuralObjectClass: organization entryUUID: 2dd35bc8-85f2-1035-8d51-1b798eec3e6d creatorsName: cn=admin,dc=demo createTimestamp: 20160324095443Z entryCSN: 20160324095443.807089Z#000000#000#000000 modifiersName: cn=admin,dc=demo modifyTimestamp: 20160324095443Z dn: cn=admin,dc=demo objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs= structuralObjectClass: organizationalRole entryUUID: 2dd3e822-85f2-1035-8d52-1b798eec3e6d creatorsName: cn=admin,dc=demo createTimestamp: 20160324095443Z entryCSN: 20160324095443.810666Z#000000#000#000000 modifiersName: cn=admin,dc=demo modifyTimestamp: 20160324095443Z
As you can see we have
- dn: dc=demo (root object)
- dn: cn=admin,dc=demo (admin user)
ldapsearch
Check admin passwod (connection to LDAP with ldapsearch):
- user: cn=admin,dc=demo
- search base (:where to search from") dc=demo
ldapsearch -D "cn=admin,dc=demo" -w r00tme -b "dc=demo"
Result:
dn: dc=demo objectClass: top objectClass: dcObject objectClass: organization o: demo dc: demo # admin, demo dn: cn=admin,dc=demo objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs= search: 2 result: 0 Success
So now we have OpenLDAP server with
PHP LdapAdmin
Configuration
In file /etc/phpldapadmin/config.php change 2 lines:
$servers->setValue('server','base',array('dc=demo')); $servers->setValue('login','bind_id','cn=admin,dc=demo');
This changes are configured phpldapadmin to use correct root dn and default user.
Check
- Open in browser http://192.168.56.102/phpldapadmin/
Log-in with credentials
- Login name: cn=amin, dc=demo
- Password: r00tme
See LDAP tree with 2 objects:
- root dc=demo
- admin user