LDAP: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) (Новая страница: «Категория:LDAP Категория:Linux =LDAP= Заметки») |
Sirmax (обсуждение | вклад) |
||
| (не показано 36 промежуточных версий этого же участника) | |||
| Строка 1: | Строка 1: | ||
[[Категория:LDAP]] |
[[Категория:LDAP]] |
||
[[Категория:Linux]] |
[[Категория:Linux]] |
||
| + | [[Категория:CICD]] |
||
| + | |||
=LDAP= |
=LDAP= |
||
| + | Главная страница: |
||
| − | Заметки |
||
| + | * http://wiki.sirmax.noname.com.ua/index.php/CI_CD_1_day |
||
| + | |||
| + | |||
| + | Нужна минимальная инсталляция LDAP для интеграции CD/CD инструментов - gerrit и jenkins |
||
| + | * Коротко о том что такое DN, CN ... http://wiki.sirmax.noname.com.ua/index.php/LDAP_general_info |
||
| + | ==Assumptions== |
||
| + | |||
| + | * Server IP: <B>192.168.56.102</B> |
||
| + | * Server Name: <B>cicd</B> |
||
| + | * Root DN: <B>demo</B> |
||
| + | * Any password (for all users): <B>r00tme</B> |
||
| + | * OS: <B>Ubunti 14.04</B> |
||
| + | |||
| + | ==Подготовка== |
||
| + | * add key |
||
| + | <PRE> |
||
| + | mkdir -p /root/.ssh |
||
| + | /root/.ssh/authorized_keys |
||
| + | </PRE> |
||
| + | Установка пакетов: |
||
| + | <PRE> |
||
| + | sudo apt-get update |
||
| + | sudo apt-get install slapd ldap-utils phpldapadmin mc vim strace tcpdump tcpflow |
||
| + | </PRE> |
||
| + | |||
| + | ==После установки== |
||
| + | Check for running processes: |
||
| + | <PRE> |
||
| + | ps -auxfw |
||
| + | |||
| + | <SKIP> |
||
| + | |||
| + | openldap 3945 0.0 0.2 194060 8276 ? Ssl 11:24 0:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d |
||
| + | root 5073 0.0 0.7 241084 22484 ? Ss 11:24 0:00 /usr/sbin/apache2 -k start |
||
| + | www-data 5076 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start |
||
| + | www-data 5077 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start |
||
| + | www-data 5078 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start |
||
| + | www-data 5079 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start |
||
| + | www-data 5080 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start |
||
| + | </PRE> |
||
| + | |||
| + | ==Настройка== |
||
| + | <PRE> |
||
| + | dpkg-reconfigure slapd |
||
| + | </PRE> |
||
| + | |||
| + | Configure Password: <B>r00tme</B> |
||
| + | <BR> |
||
| + | [[Изображение:Ldap1.png|600px]] |
||
| + | <BR> |
||
| + | |||
| + | Configure root DN: <B>demo</B> for this demo. |
||
| + | <BR> |
||
| + | [[Изображение:Ldap2.png|600px]] |
||
| + | |||
| + | ==Check configuration== |
||
| + | 2 steps to check configuration: |
||
| + | * chack with <B>slapcat</B> which shows data directly from files even if OpenLDAP server process is not running. |
||
| + | * Check with <B>ldapsearch</B>, which operate as ldap client. |
||
| + | |||
| + | ===slapcat=== |
||
| + | <PRE> |
||
| + | slapcat |
||
| + | </PRE> |
||
| + | Result: |
||
| + | <PRE> |
||
| + | dn: dc=demo |
||
| + | objectClass: top |
||
| + | objectClass: dcObject |
||
| + | objectClass: organization |
||
| + | o: demo |
||
| + | dc: demo |
||
| + | structuralObjectClass: organization |
||
| + | entryUUID: 2dd35bc8-85f2-1035-8d51-1b798eec3e6d |
||
| + | creatorsName: cn=admin,dc=demo |
||
| + | createTimestamp: 20160324095443Z |
||
| + | entryCSN: 20160324095443.807089Z#000000#000#000000 |
||
| + | modifiersName: cn=admin,dc=demo |
||
| + | modifyTimestamp: 20160324095443Z |
||
| + | |||
| + | dn: cn=admin,dc=demo |
||
| + | objectClass: simpleSecurityObject |
||
| + | objectClass: organizationalRole |
||
| + | cn: admin |
||
| + | description: LDAP administrator |
||
| + | userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs= |
||
| + | structuralObjectClass: organizationalRole |
||
| + | entryUUID: 2dd3e822-85f2-1035-8d52-1b798eec3e6d |
||
| + | creatorsName: cn=admin,dc=demo |
||
| + | createTimestamp: 20160324095443Z |
||
| + | entryCSN: 20160324095443.810666Z#000000#000#000000 |
||
| + | modifiersName: cn=admin,dc=demo |
||
| + | modifyTimestamp: 20160324095443Z |
||
| + | </PRE> |
||
| + | <BR> |
||
| + | As you can see we have |
||
| + | * dn: dc=demo (root object) |
||
| + | * dn: cn=admin,dc=demo (admin user) |
||
| + | |||
| + | ===ldapsearch=== |
||
| + | Check admin passwod (connection to LDAP with ldapsearch): |
||
| + | * user: <B>cn=admin,dc=demo</B> |
||
| + | * search base (:where to search from") <B>dc=demo</B> |
||
| + | <PRE> |
||
| + | ldapsearch -D "cn=admin,dc=demo" -w r00tme -b "dc=demo"</PRE> |
||
| + | Result: |
||
| + | <PRE> |
||
| + | dn: dc=demo |
||
| + | objectClass: top |
||
| + | objectClass: dcObject |
||
| + | objectClass: organization |
||
| + | o: demo |
||
| + | dc: demo |
||
| + | |||
| + | # admin, demo |
||
| + | dn: cn=admin,dc=demo |
||
| + | objectClass: simpleSecurityObject |
||
| + | objectClass: organizationalRole |
||
| + | cn: admin |
||
| + | description: LDAP administrator |
||
| + | userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs= |
||
| + | |||
| + | search: 2 |
||
| + | result: 0 Success |
||
| + | </PRE> |
||
| + | |||
| + | <B>So now we have OpenLDAP server with</B> |
||
| + | |||
| + | =PHP LdapAdmin= |
||
| + | ==Configuration== |
||
| + | In file <B> /etc/phpldapadmin/config.php</B> change 2 lines: |
||
| + | <PRE> |
||
| + | $servers->setValue('server','base',array('dc=demo')); |
||
| + | $servers->setValue('login','bind_id','cn=admin,dc=demo'); |
||
| + | </PRE> |
||
| + | This changes are configured phpldapadmin to use correct root dn and default user. |
||
| + | |||
| + | ==Check== |
||
| + | * Open in browser http://192.168.56.102/phpldapadmin/ |
||
| + | <BR> |
||
| + | [[Изображение:Ldap3.png|600px]] |
||
| + | <BR> |
||
| + | |||
| + | Log-in with credentials |
||
| + | * Login name: <B>cn=amin, dc=demo</B> |
||
| + | * Password: <B>r00tme</B> |
||
| + | <BR> |
||
| + | [[Изображение:Ldap5.png|600px]] |
||
| + | <BR> |
||
| + | |||
| + | See LDAP tree with 2 objects: |
||
| + | * root dc=demo |
||
| + | * admin user |
||
| + | |||
| + | <BR> |
||
| + | [[Изображение:Ldap4.png|600px]] |
||
| + | <BR> |
||
| + | |||
| + | =Links= |
||
| + | * http://mnorin.com/ldap-ustanovka-i-nastrojka-ldap-servera.html |
||
| + | |||
| + | =Ссылки= |
||
| + | * http://mnorin.com/ldap-ustanovka-i-nastrojka-ldap-servera.html |
||
Текущая версия на 14:41, 17 августа 2016
LDAP
Главная страница:
Нужна минимальная инсталляция LDAP для интеграции CD/CD инструментов - gerrit и jenkins
- Коротко о том что такое DN, CN ... http://wiki.sirmax.noname.com.ua/index.php/LDAP_general_info
Assumptions
- Server IP: 192.168.56.102
- Server Name: cicd
- Root DN: demo
- Any password (for all users): r00tme
- OS: Ubunti 14.04
Подготовка
- add key
mkdir -p /root/.ssh /root/.ssh/authorized_keys
Установка пакетов:
sudo apt-get update sudo apt-get install slapd ldap-utils phpldapadmin mc vim strace tcpdump tcpflow
После установки
Check for running processes:
ps -auxfw <SKIP> openldap 3945 0.0 0.2 194060 8276 ? Ssl 11:24 0:00 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d root 5073 0.0 0.7 241084 22484 ? Ss 11:24 0:00 /usr/sbin/apache2 -k start www-data 5076 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start www-data 5077 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start www-data 5078 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start www-data 5079 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start www-data 5080 0.0 0.2 241108 7324 ? S 11:24 0:00 \_ /usr/sbin/apache2 -k start
Настройка
dpkg-reconfigure slapd
Configure Password: r00tme
Configure root DN: demo for this demo.
Check configuration
2 steps to check configuration:
- chack with slapcat which shows data directly from files even if OpenLDAP server process is not running.
- Check with ldapsearch, which operate as ldap client.
slapcat
slapcat
Result:
dn: dc=demo objectClass: top objectClass: dcObject objectClass: organization o: demo dc: demo structuralObjectClass: organization entryUUID: 2dd35bc8-85f2-1035-8d51-1b798eec3e6d creatorsName: cn=admin,dc=demo createTimestamp: 20160324095443Z entryCSN: 20160324095443.807089Z#000000#000#000000 modifiersName: cn=admin,dc=demo modifyTimestamp: 20160324095443Z dn: cn=admin,dc=demo objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs= structuralObjectClass: organizationalRole entryUUID: 2dd3e822-85f2-1035-8d52-1b798eec3e6d creatorsName: cn=admin,dc=demo createTimestamp: 20160324095443Z entryCSN: 20160324095443.810666Z#000000#000#000000 modifiersName: cn=admin,dc=demo modifyTimestamp: 20160324095443Z
As you can see we have
- dn: dc=demo (root object)
- dn: cn=admin,dc=demo (admin user)
ldapsearch
Check admin passwod (connection to LDAP with ldapsearch):
- user: cn=admin,dc=demo
- search base (:where to search from") dc=demo
ldapsearch -D "cn=admin,dc=demo" -w r00tme -b "dc=demo"
Result:
dn: dc=demo objectClass: top objectClass: dcObject objectClass: organization o: demo dc: demo # admin, demo dn: cn=admin,dc=demo objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9akxUN0FaVGN2OGg4d0FPcHNQWHJPWG8wL3VleXJIaWs= search: 2 result: 0 Success
So now we have OpenLDAP server with
PHP LdapAdmin
Configuration
In file /etc/phpldapadmin/config.php change 2 lines:
$servers->setValue('server','base',array('dc=demo'));
$servers->setValue('login','bind_id','cn=admin,dc=demo');
This changes are configured phpldapadmin to use correct root dn and default user.
Check
- Open in browser http://192.168.56.102/phpldapadmin/
Log-in with credentials
- Login name: cn=amin, dc=demo
- Password: r00tme
See LDAP tree with 2 objects:
- root dc=demo
- admin user
