Otu esi etinye ihe nkesa OpenLDAP maka nkwenye etiti
Akwụkwọ ikike ịnweta akwụkwọ ndekọ dị arọ (LDAP na nkenke) bụ ọkọlọtọ ụlọ ọrụ, dị fechaa, usoro ụkpụrụ eji eme ihe maka ịnweta ọrụ ndekọ. Ọrụ ndekọ aha bụ akụrụngwa ozi ekekọrịtara maka ịnweta, ijikwa, ịhazi na imelite ihe ndị a na-eme kwa ụbọchị na akụrụngwa netwọkụ, dị ka ndị ọrụ, otu, ngwaọrụ, adreesị ozi-e, nọmba ekwentị, mpịakọta na ọtụtụ ihe ndị ọzọ.
Ụdị ozi LDAP dabere na ndenye. Ntinye n'ime ndekọ aha LDAP na-anọchite anya otu nkeji ma ọ bụ ozi ma bụrụ nke a na-akpọ aha pụrụ iche (DN) mara ya. Nke ọ bụla n'ime njirimara ntinye nwere ụdị na otu ụkpụrụ ma ọ bụ karịa.
Njirimara bụ mpempe ozi jikọtara na ntinye. Ụdị ndị a na-abụkarị ụdọ mnemonic, dị ka cn maka aha nkịtị, ma ọ bụ mail maka adreesị ozi-e. A na-ekenye àgwà ọ bụla otu ụkpụrụ ma ọ bụ karịa nke mejupụtara na ndepụta nke kewara oghere.
Ihe na-esonụ bụ ihe atụ nke otu esi ahazi ozi na ndekọ LDAP.
N'isiokwu a, anyị ga-egosi otu esi etinye ma hazie ihe nkesa OpenLDAP maka nkwenye etiti na Ubuntu 16.04/18.04 na CentOS 7.
Kwụpụ 1: Ịwụnye sava LDAP
1. Mmalite mbụ site na ịwụnye OpenLDAP, mmejuputa isi mmalite nke LDAP yana ụfọdụ ngwa njikwa LDAP ọdịnala site na iji iwu ndị a.
# yum install openldap openldap-servers #CentOS 7 $ sudo apt install slapd ldap-utils #Ubuntu 16.04/18.04
Na Ubuntu, n'oge nrụnye ngwugwu, a ga-akpali gị itinye paswọọdụ maka ntinye nchịkwa na ndekọ LDAP gị, tọọ paswọọdụ echekwara wee kwado ya.
Mgbe echichi zuru ezu, ị nwere ike ịmalite ọrụ dị ka akọwara na-esote.
2. Na CentOS 7, mee iwu ndị a ka ịmalite daemon nkesa openldap, mee ya ka ọ malite na-akpaghị aka na oge buut wee lelee ma ọ na-agba ọsọ (na Ubuntu ọrụ kwesịrị ịmalite ịmalite n'okpuru systemd, ị nwere ike ịlele naanị. ọnọdụ ya):
$ sudo systemctl start slapd $ sudo systemctl enable slapd $ sudo systemctl status slapd
3. Na-esote, kwe ka arịrịọ LDAP daemon nkesa site na firewall dị ka egosiri.
# firewall-cmd --add-service=ldap #CentOS 7 $ sudo ufw allow ldap #Ubuntu 16.04/18.04
Kwụpụ 2: Na-ahazi sava LDAP
Mara: A naghị atụ aro ka iji aka dezie nhazi LDAP, ịkwesịrị ịgbakwunye nhazi na faịlụ wee jiri ldapadd ma ọ bụ ldapmodify iwu iji bunye ha na ndekọ LDAP dị ka egosiri n'okpuru.
4. Ugbu a mepụta onye ọrụ nchịkwa OpenLDAP wee kenye paswọọdụ maka onye ọrụ ahụ. N'iwu dị n'okpuru ebe a, a na-emepụta uru na-abaghị uru maka paswọọdụ enyere, rịba ama ya, ị ga-eji ya na faịlụ nhazi LDAP.
$ slappasswd
5. Mgbe ahụ mepụta faịlụ LDIF (ldaprootpasswd.ldif) nke a na-eji tinye ntinye na ndekọ LDAP.
$ sudo vim ldaprootpasswd.ldif
Tinye ihe ndị a n'ime ya:
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}PASSWORD_CREATED
na-akọwa njirimara-uru ụzọ abụọ dị n'elu:
- olcDatabase: na-egosi aha nchekwa data akọwapụtara nke ọma na enwere ike ịhụ ya n'ime /etc/openldap/slapd.d/cn=config.
- cn=config: na-egosi nhọrọ nhazi ụwa.
- PASSWORD: bụ eriri hashed enwetara mgbe ị na-eke onye ọrụ nchịkwa.
6. Ọzọ, gbakwunye ntinye LDAP kwekọrọ site na ịkọwapụta URI na-ezo aka na sava ldap na faịlụ dị n'elu.
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ldaprootpasswd.ldif
Kwụpụ 3: Na-ahazi ọdụ data LDAP
7. Ugbu a detuo faịlụ nhazi nchekwa data sample maka slapd n'ime/var/lib/ldap directory, ma tọọ ikike ziri ezi na faịlụ ahụ.
$ sudo cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG $ sudo chown -R ldap:ldap /var/lib/ldap/DB_CONFIG $ sudo systemctl restart slapd
8. Ọzọ, bubata ụfọdụ LDAP schemas site na /etc/openldap/schema directory dị ka ndị a.
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif $ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif $ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
9. Ugbu a tinye ngalaba gị na nchekwa data LDAP wee mepụta faịlụ a na-akpọ ldapdomain.ldif maka ngalaba gị.
$ sudo vim ldapdomain.ldif
Tinye ọdịnaya ndị a n'ime ya (dochie ihe atụ na ngalaba gị yana PASSWORD jiri uru hashed enwetara na mbụ):
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
read by dn.base="cn=Manager,dc=example,dc=com" read by * none
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=example,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}PASSWORD
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn="cn=Manager,dc=example,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=example,dc=com" write by * read
10. Mgbe ahụ tinye nhazi dị n'elu na nchekwa data LDAP na iwu na-esonụ.
$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f ldapdomain.ldif
11. N'ime usoro a, anyị kwesịrị ịgbakwunye ụfọdụ ndenye na ndekọ LDAP anyị. Mepụta faịlụ ọzọ akpọrọ baseldapdomain.ldif nwere ọdịnaya ndị a.
dn: dc=example,dc=com objectClass: top objectClass: dcObject objectclass: organization o: example com dc: example dn: cn=Manager,dc=example,dc=com objectClass: organizationalRole cn: Manager description: Directory Manager dn: ou=People,dc=example,dc=com objectClass: organizationalUnit ou: People dn: ou=Group,dc=example,dc=com objectClass: organizationalUnit ou: Group
Chekwaa faịlụ ahụ wee tinye ndenye na ndekọ LDAP.
$ sudo ldapadd -Y EXTERNAL -x -D cn=Manager,dc=example,dc=com -W -f baseldapdomain.ldif
12. Nzọụkwụ ọzọ bụ ịmepụta onye ọrụ LDAP dịka ọmụmaatụ, tecmint, ma tọọ paswọọdụ maka onye ọrụ a dị ka ndị a.
$ sudo useradd tecmint $ sudo passwd tecmint
13. Mgbe ahụ mepụta nkọwa maka otu LDAP na faịlụ a na-akpọ ldapgroup.ldif nwere ọdịnaya ndị a.
dn: cn=Manager,ou=Group,dc=example,dc=com objectClass: top objectClass: posixGroup gidNumber: 1005
Na nhazi dị n'elu, gidNumber bụ GID na /etc/group maka tecmint wee tinye ya na ndekọ OpenLDAP.
$ sudo ldapadd -Y EXTERNAL -x -W -D "cn=Manager,dc=example,dc=com" -f ldapgroup.ldif
14. Ọzọ, mepụta faịlụ LDIF ọzọ a na-akpọ ldapuser.ldif ma gbakwunye nkọwa maka tecmint onye ọrụ.
dn: uid=tecmint,ou=People,dc=example,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: tecmint
uid: tecmint
uidNumber: 1005
gidNumber: 1005
homeDirectory: /home/tecmint
userPassword: {SSHA}PASSWORD_HERE
loginShell: /bin/bash
gecos: tecmint
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
wee bunye nhazi ahụ na ndekọ LDAP.
$ ldapadd -Y EXTERNAL -x -D cn=Manager,dc=example,dc=com -W -f ldapuser.ldif
Ozugbo ịtọlitela ihe nkesa etiti maka nyocha, akụkụ ikpeazụ bụ ime ka onye ahịa nwee ike iji LDAP chọpụta dịka akọwara na ntuziaka a:
- Otu esi ahazi onye ahịa LDAP iji jikọọ nkwenye mpụga
Maka ozi ndị ọzọ, hụ akwụkwọ kwesịrị ekwesị sitere na ntuziaka sava OpenLDAP.
OpenLDAP bụ mmejuputa LDAP mepere emepe na Linux. N'isiokwu a, anyị egosila otu esi etinye ma hazie ihe nkesa OpenLDAP maka nkwenye etiti, na Ubuntu 16.04/18.04 na CentOS 7. Ọ bụrụ na ị nwere ajụjụ ma ọ bụ echiche ị ga-ekekọrịta, egbula oge ịbịarute anyị site na ụdị nkọwa n'okpuru.