LDAP: различия между версиями

Материал из noname.com.ua
Перейти к навигацииПерейти к поиску
 
(не показано 29 промежуточных версий этого же участника)
Строка 1: Строка 1:
[[Категория:LDAP]]
  
[[Категория:Linux]]
  
 
 
[[Категория:LDAP]]
  
[[Категория:LDAP]]
 
[[Категория:Linux]]
  
[[Категория:Linux]]
 
[[Категория:CICD]]
  
[[Категория:CICD]]
  +
  +
 
=LDAP=
  
=LDAP=
  +
Главная страница:
  +
* http://wiki.sirmax.noname.com.ua/index.php/CI_CD_1_day
  +
  +
 
Нужна минимальная инсталляция LDAP для интеграции CD/CD инструментов - gerrit и jenkins
  
Нужна минимальная инсталляция LDAP для интеграции CD/CD инструментов - gerrit и jenkins
  +
* Коротко о том что такое DN, CN ... http://wiki.sirmax.noname.com.ua/index.php/LDAP_general_info
<BR>
  
  +
==Assumptions==
OS: Ubunti 14.04
  
  +
  +
* Server IP: <B>192.168.56.102</B>
  +
* Server Name: <B>cicd</B>
  +
* Root DN: <B>demo</B>
  +
* Any password (for all users): <B>r00tme</B>
  +
* OS: <B>Ubunti 14.04</B>
   
 
==Подготовка==
  
==Подготовка==
Строка 23: Строка 32:
   
 
==После установки==
  
==После установки==
  +
Check for running processes:
 
<PRE>
  
<PRE>
  +
ps -auxfw
  +
  +
<SKIP>
  +
 
openldap 3945 0.0 0.2 194060 8276 ? Ssl 11:24 0:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
  
openldap 3945 0.0 0.2 194060 8276 ? Ssl 11:24 0:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
 
root 5073 0.0 0.7 241084 22484 ? Ss 11:24 0:00 /usr/sbin/apache2 -k start
  
root 5073 0.0 0.7 241084 22484 ? Ss 11:24 0:00 /usr/sbin/apache2 -k start
Строка 34: Строка 48:
   
 
==Настройка==
  
==Настройка==
  +
<PRE>
  +
dpkg-reconfigure slapd
  +
</PRE>
  +
  +
Configure Password: <B>r00tme</B>
  +
<BR>
  +
[[Изображение:Ldap1.png|600px]]
  +
<BR>
  +
  +
Configure root DN: <B>demo</B> for this demo.
  +
<BR>
  +
[[Изображение:Ldap2.png|600px]]
  +
  +
==Check configuration==
  +
2 steps to check configuration:
  +
* chack with <B>slapcat</B> which shows data directly from files even if OpenLDAP server process is not running.
  +
* Check with <B>ldapsearch</B>, which operate as ldap client.
  +
  +
===slapcat===
 
<PRE>
  
<PRE>
 
slapcat
  
slapcat
  +
</PRE>
56f012d9 ldif_read_file: checksum error on "/etc/ldap/slapd.d/cn=config.ldif"
  
  +
Result:
dn: dc=demo,dc=com
  
  +
<PRE>
  +
dn: dc=demo
 
objectClass: top
  
objectClass: top
 
objectClass: dcObject
  
objectClass: dcObject
Строка 44: Строка 79:
 
dc: demo
  
dc: demo
 
structuralObjectClass: organization
  
structuralObjectClass: organization
entryUUID: f046b510-83c2-1035-8829-29ac45b577b5
 +
entryUUID: 2dd35bc8-85f2-1035-8d51-1b798eec3e6d
creatorsName: cn=admin,dc=demo,dc=com
 +
creatorsName: cn=admin,dc=demo
createTimestamp: 20160321151131Z
 +
createTimestamp: 20160324095443Z
entryCSN: 20160321151131.872452Z#000000#000#000000
 +
entryCSN: 20160324095443.807089Z#000000#000#000000
modifiersName: cn=admin,dc=demo,dc=com
 +
modifiersName: cn=admin,dc=demo
modifyTimestamp: 20160321151131Z
 +
modifyTimestamp: 20160324095443Z
   
dn: cn=admin,dc=demo,dc=com
 +
dn: cn=admin,dc=demo
 
objectClass: simpleSecurityObject
  
objectClass: simpleSecurityObject
 
objectClass: organizationalRole
  
objectClass: organizationalRole
 
cn: admin
  
cn: admin
 
description: LDAP administrator
  
description: LDAP administrator
userPassword:: e1NTSEF9cjVNc0tEUUkyRmlMNzRmYmYra1BLcENwY2xOZGw3eDA=
 +
userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs=
 
structuralObjectClass: organizationalRole
  
structuralObjectClass: organizationalRole
entryUUID: f0474e9e-83c2-1035-882a-29ac45b577b5
 +
entryUUID: 2dd3e822-85f2-1035-8d52-1b798eec3e6d
creatorsName: cn=admin,dc=demo,dc=com
 +
creatorsName: cn=admin,dc=demo
createTimestamp: 20160321151131Z
 +
createTimestamp: 20160324095443Z
entryCSN: 20160321151131.876381Z#000000#000#000000
 +
entryCSN: 20160324095443.810666Z#000000#000#000000
modifiersName: cn=admin,dc=demo,dc=com
 +
modifiersName: cn=admin,dc=demo
modifyTimestamp: 20160321151131Z
 +
modifyTimestamp: 20160324095443Z
 
</PRE>
  
</PRE>
  +
<BR>
  +
As you can see we have
  +
* dn: dc=demo (root object)
  +
* dn: cn=admin,dc=demo (admin user)
  +
  +
===ldapsearch===
  +
Check admin passwod (connection to LDAP with ldapsearch):
  +
* user: <B>cn=admin,dc=demo</B>
  +
* search base (:where to search from") <B>dc=demo</B>
 
<PRE>
  
<PRE>
ldapsearch -D "cn=admin,dc=demo,dc=com" -w r00tme
 +
ldapsearch -D "cn=admin,dc=demo" -w r00tme -b "dc=demo"</PRE>
  +
Result:
# extended LDIF
  
  +
<PRE>
#
  
  +
dn: dc=demo
# LDAPv3
  
  +
objectClass: top
# base <> (default) with scope subtree
  
  +
objectClass: dcObject
# filter: (objectclass=*)
  
  +
objectClass: organization
# requesting: ALL
  
  +
o: demo
#
  
  +
dc: demo
   
  +
# admin, demo
# search result
  
  +
dn: cn=admin,dc=demo
search: 2
  
  +
objectClass: simpleSecurityObject
result: 32 No such object
  
  +
objectClass: organizationalRole
  +
cn: admin
  +
description: LDAP administrator
  +
userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs=
   
  +
search: 2
# numResponses: 1
  
  +
result: 0 Success
 
</PRE>
  
</PRE>
   
  +
<B>So now we have OpenLDAP server with</B>
   
  +
=PHP LdapAdmin=
  +
==Configuration==
  +
In file <B> /etc/phpldapadmin/config.php</B> change 2 lines:
  +
<PRE>
  +
$servers->setValue('server','base',array('dc=demo'));
  +
$servers->setValue('login','bind_id','cn=admin,dc=demo');
  +
</PRE>
  +
This changes are configured phpldapadmin to use correct root dn and default user.
   
  +
==Check==
  +
* Open in browser http://192.168.56.102/phpldapadmin/
  +
<BR>
  +
[[Изображение:Ldap3.png|600px]]
  +
<BR>
   
  +
Log-in with credentials
==Jenkins==
  
  +
* Login name: <B>cn=amin, dc=demo</B>
* https://wiki.jenkins-ci.org/display/JENKINS/Standard+Security+Setup
  
  +
* Password: <B>r00tme</B>
  +
<BR>
  +
[[Изображение:Ldap5.png|600px]]
  +
<BR>
   
  +
See LDAP tree with 2 objects:
  +
* root dc=demo
  +
* admin user
  +
  +
<BR>
  +
[[Изображение:Ldap4.png|600px]]
  +
<BR>
   
  +
=Links=
Manage Jenkins -> Configure Global Security --> LDAP
  
  +
* http://mnorin.com/ldap-ustanovka-i-nastrojka-ldap-servera.html
   
 
=Ссылки=
  
=Ссылки=

Текущая версия на 13:41, 17 августа 2016


LDAP

Главная страница:


Нужна минимальная инсталляция LDAP для интеграции CD/CD инструментов - gerrit и jenkins

Assumptions

  • Server IP: 192.168.56.102
  • Server Name: cicd
  • Root DN: demo
  • Any password (for all users): r00tme
  • OS: Ubunti 14.04

Подготовка

  • add key
mkdir -p /root/.ssh
/root/.ssh/authorized_keys

Установка пакетов: 

sudo apt-get update
sudo apt-get install slapd ldap-utils phpldapadmin mc vim strace tcpdump tcpflow

После установки

Check for running processes: 

ps -auxfw

<SKIP>

openldap  3945  0.0  0.2 194060  8276 ?        Ssl  11:24   0:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
root      5073  0.0  0.7 241084 22484 ?        Ss   11:24   0:00 /usr/sbin/apache2 -k start
www-data  5076  0.0  0.2 241108  7324 ?        S    11:24   0:00  \_ /usr/sbin/apache2 -k start
www-data  5077  0.0  0.2 241108  7324 ?        S    11:24   0:00  \_ /usr/sbin/apache2 -k start
www-data  5078  0.0  0.2 241108  7324 ?        S    11:24   0:00  \_ /usr/sbin/apache2 -k start
www-data  5079  0.0  0.2 241108  7324 ?        S    11:24   0:00  \_ /usr/sbin/apache2 -k start
www-data  5080  0.0  0.2 241108  7324 ?        S    11:24   0:00  \_ /usr/sbin/apache2 -k start

Настройка

dpkg-reconfigure slapd

Configure Password: r00tme
Ldap1.png

Configure root DN: demo for this demo.
Ldap2.png

Check configuration

2 steps to check configuration:

  • chack with slapcat which shows data directly from files even if OpenLDAP server process is not running.
  • Check with ldapsearch, which operate as ldap client.

slapcat

slapcat

Result: 

dn: dc=demo
objectClass: top
objectClass: dcObject
objectClass: organization
o: demo
dc: demo
structuralObjectClass: organization
entryUUID: 2dd35bc8-85f2-1035-8d51-1b798eec3e6d
creatorsName: cn=admin,dc=demo
createTimestamp: 20160324095443Z
entryCSN: 20160324095443.807089Z#000000#000#000000
modifiersName: cn=admin,dc=demo
modifyTimestamp: 20160324095443Z

dn: cn=admin,dc=demo
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs=
structuralObjectClass: organizationalRole
entryUUID: 2dd3e822-85f2-1035-8d52-1b798eec3e6d
creatorsName: cn=admin,dc=demo
createTimestamp: 20160324095443Z
entryCSN: 20160324095443.810666Z#000000#000#000000
modifiersName: cn=admin,dc=demo
modifyTimestamp: 20160324095443Z


As you can see we have

  • dn: dc=demo (root object)
  • dn: cn=admin,dc=demo (admin user)

ldapsearch

Check admin passwod (connection to LDAP with ldapsearch):

  • user: cn=admin,dc=demo
  • search base (:where to search from") dc=demo
ldapsearch -D "cn=admin,dc=demo" -w r00tme -b "dc=demo"

Result: 

dn: dc=demo
objectClass: top
objectClass: dcObject
objectClass: organization
o: demo
dc: demo

# admin, demo
dn: cn=admin,dc=demo
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs=

search: 2
result: 0 Success

So now we have OpenLDAP server with

PHP LdapAdmin

Configuration

In file /etc/phpldapadmin/config.php change 2 lines: 

$servers->setValue('server','base',array('dc=demo'));
$servers->setValue('login','bind_id','cn=admin,dc=demo');

This changes are configured phpldapadmin to use correct root dn and default user.

Check


Ldap3.png

Log-in with credentials

  • Login name: cn=amin, dc=demo
  • Password: r00tme


Ldap5.png

See LDAP tree with 2 objects:

  • root dc=demo
  • admin user


Ldap4.png

Links

Ссылки

Источник — https://noname.com.ua/mediawiki/index.php?title=LDAP&oldid=7898