Ọrụ ndekọ na LDAP [4]: ​​OpenLDAP (I)

Ndewo ndị enyi !. Ka anyị gbadaa azụmaahịa, dịka anyị na-akwado mgbe niile, gụọ akụkọ atọ gara aga na usoro ahụ:

DNS, DHCP na NTP bụ ọrụ dị oke mkpa dị mkpa maka ndekọ anyị dị mfe dabere na OpenLDAP nwa afọ, na-arụ ọrụ nke ọma na Debian 6.0 "Afanyekwa", ma ọ bụ na Ubuntu 12.04 LTS "Pangolin ziri ezi".

Ihe Nlereanya:

Lan: 10.10.10.0/24
Dominio: amigos.cu
Servidor: mildap.amigos.cu
Sistema Operativo Servidor: Debian 6 "Squeeze
Dirección IP del servidor: 10.10.10.15
Cliente 1: debian7.amigos.cu
Cliente 2: raring.amigos.cu
Cliente 3: suse13.amigos.cu
Cliente 4: seven.amigos.cu

Na Nkebi nke mbụ anyị ga-ahụ:

  • OpenLDAP nwụnye (2.4.23-7.3)
  • Nlele mgbe echichi
  • Indices na-gaa na akaụntụ
  • Iwu Njikwa Nweta data
  • Ọgbọ nke TLS Asambodo na piakota

mgbe na Nkebi nke abụọ anyị ga-aga n'ihu na:

  • Nyocha njirimara nke mpaghara
  • Mepee nchekwa data
  • Jikwaa nchekwa data site na iji njikwa njikwa
  • Na nchikota rue ugbua ...

OpenLDAP nwụnye (2.4.23-7.3)

A na-etinye ihe nkesa OpenLDAP site na iji ngwugwu ụra. Anyị ga-etinyere ngwugwu ldap-arịa, nke n’enye anyi ufodu akuku ndi ahia, tinyekwara ihe ndi eji emeghe ihe n’ime ha.

: ~ # aptitude wụnye slapd ldap-utils

N'oge echichi usoro nkwanye Ọ ga-ajụ anyị maka paswọọdụ nke onye nchịkwa ma ọ bụ onye ọrụ «admin«. A na-etinyekwa ọtụtụ ịdabere na ya; onye okike na-eke mmeghe; a na-emepụta nhazi ihe nkesa izizi yana ndekọ LDAP.

Na ụdị mbụ nke OpenLDAP, nhazi daemon ụra emere kpamkpam site na faịlị ahụ / wdg / ldap/slapd.conf. Na mbipute nke anyị na-eji ma emesịa, a na-eme nhazi ahụ n'otu ihe ahụ ụra, na maka ebumnuche a DIT «Osisi Akwụkwọ Ozi»Ma ọ bụ Akwụkwọ Ozi Ozi, iche iche.

Usoro nhazi a maara dika RTC «Real Time nhazi»Real Time nhazi, ma ọ bụ dị ka usoro cn = nhazi, na-enye anyị ohere ịhazi nke ahụ ụra na-enweghị ịchọrọ ịmalitegharị ọrụ ahụ.

Nhazi nchekwa data nwere mkpokọta faịlụ ederede na usoro LDIF «Usoro Mgbanwe data LDAP»Usoro LDAP maka Data Exchange, nke dị na folda ahụ /etc/ldap/slapd.d.

Inweta echiche nke nzukọ folda ahụ slapd, ka anyị gbaa ọsọ:

: ~ # ls -lR /etc/ldap/slapd.d/
/etc/ldap/slapd.d/: ngụkọta 8 drwxr-x --- 3 openldap openldap 4096 Feb 16 11:08 cn = config -rw ------- 1 openldap openldap 407 Feb 16 11:08 cn = config.ldif /etc/ldap/slapd.d/cn=config: total 28 -rw ------- 1 openldap openldap 383 Feb 16 11:08 cn = modul {0} .ldif drwxr-x --- 2 openldap openldap 4096 Feb 16 11:08 cn = schema -rw ------- 1 openldap openldap 325 Feb 16 11:08 cn = schema.ldif -rw ------- 1 openldap openldap 343 Feb 16 11:08 olcBackend = {0} hdb.ldif -rw ------- 1 openldap openldap 472 Feb 16 11:08 olcDatabase = {0} config.ldif -rw ------- 1 openldap openldap 586 Feb 16 11:08 olcDatabase = {- 1} frontend.ldif -rw ------- 1 openldap openldap 1012 Feb 16 11:08 olcDatabase = {1} hdb.ldif /etc/ldap/slapd.d/cn = nhazi / cn = schema: ngụkọta 40 -rw ------- 1 openldap openldap 15474 Feb 16 11:08 cn = {0} core.ldif -rw ------- 1 openldap openldap 11308 Feb 16 11:08 cn = {1} cosine.ldif -rw ------- 1 openldap openldap 6438 Feb 16 11:08 cn = {2} nis.ldif -rw ------- 1 openldap openldap 2802 Feb 16 11:08 cn = {3} inetorgperson.ldif

Ọ bụrụ na anyị ele anya na gara aga na-arụpụta a bit, anyị na-ahụ na Backend ejiri na Squeeze bụ ụdị nchekwa data hdb, nke bu ihe di iche na bdb "Berkeley Database", nakwa na ọ bụ nke hierarchical n'ụzọ zuru oke ma na-akwado ka aha nke obere osisi. Iji mụtakwuo banyere omume Azụ nke na-akwado OpenLDAP, gaa na http://es.wikipedia.org/wiki/OpenLDAP.

Anyị na-ahụkwa na ọdụ data dị iche iche dị iche iche, ya bụ, otu raara onwe ya nye nhazi, ọzọ ka Ihu njedebe, na nke ikpeazụ nke bụ nchekwa data hdb kwa se.

N'aka nke ọzọ, ụra arụnyere na ndabara na schematics Core, Ezigbo, April e Onye nnabata.

Nlele mgbe echichi

N'ime ọnụ anyị ji nwayọ na-eme ma na-agụpụta ndapụta. Anyị ga-elele, ọkachasị na iwu nke abụọ, nhazi ahụ ewepụtara site na ịdepụta folda ahụ slapd.

: ~ # ldapsearch -Q -LLL -Y EXTERNAL -H ldapi: /// -b cn = config | Ọzọ: ~ # ldapsearch -Q -LLL -Y EXTERNAL -H ldapi: /// -b cn = config dn
dn: cn = nhazi dn: cn = modul {0}, cn = nhazi dn: cn = schema, cn = config dn: cn = {0} isi, cn = schema, cn = config dn: cn = {1} cosine , cn = schema, cn = nhazi dn: cn = {2} nis, cn = schema, cn = nhazi dn: cn = {3} inetorgperson, cn = schema, cn = nhazi dn: olcBackend = {0} hdb, cn = nhazi dn: olcDatabase = {- 1} ihu, cn = nhazi dn: olcDatabase = {0} nhazi, cn = nhazi dn: olcDatabase = {1} hdb, cn = nhazi

Nkọwa nke mmepụta ọ bụla:

  • cn = nhazi: Global kwa.
  • cn = modul {0}, cn = nhazi: Dynamically kwajuru modul.
  • cn = schema, cn = nhazi: Nwere ike-nzuzo n'ogo nke usoro nkata.
  • cn = {0} isi, cn = schema, cn = nhazi: Na ike-nzuzo nke kernel schematic.
  • cn = {1} cosine, cn = schema, cn = nhazi: Atụmatụ Ezigbo.
  • cn = {2} nis, cn = schema, cn = nhazi: Atụmatụ Nis.
  • cn = {3} inetorgperson, cn = schema, cn = nhazi: Atụmatụ Onye nnabata.
  • olcBackend = {0} hdb, cn = nhazi: Backend ụdị nchekwa data hdb.
  • olcDatabase = {- 1} frontend, cn = nhazi: Ihu njedebe nke nchekwa data na ndabara ndabara maka ọdụ data ndị ọzọ.
  • olcDatabase = {0} config, cn = config: Nhazi nchekwa data nke ụra (cn = nhazi).
  • olcDatabase = {1} hdb, cn = config: Ihe atụ nke nchekwa data (dc = ndị enyi, dc = cu)
: ~ # ldapsearch -x -LLL -H ldap: /// -b dc = ihe atụ, dc = com dn
dn: dc = ndi enyi, dc = cu dn: cn = admin, dc = ndi enyi, dc = cu
  • dc = ndị enyi, dc = cu: DIT Base Directory Ozi Osisi
  • cn = nchịkwa, dc = ndị enyi, dc = cu: Onye nchịkwa (rootDN) nke DIT kwupụtara n'oge nwụnye.

Cheta na: Ndabere isi dc = ndị enyi, dc = cu, o were ya nkwanye n'oge echichi si FQDN site na ihe nkesa mmba.amigos.cu.

Indices na-gaa na akaụntụ

A na-eme ndepụta nke ndenye ahụ iji melite arụmọrụ nke ọchụchọ na DIT, na njirisi nzacha. Nkọwapụta nke anyị ga-atụle bụ opekata mpe ka akwadoro dịka njirimara kwupụtara na ndabara atụmatụ.

Iji dynamically gbanwee gbanwee indexes na nchekwa data, anyị mepụtara faịlụ ederede na usoro LDIF, na emesia anyị tinye ya na nchekwa data. Anyị mepụtara faịlụ ahụ olcDbIndex.ldif ma anyị hapụrụ ya na ọdịnaya ndị a:

: ~ # nano olcDbIndex.ldif
DN: olcDatabase = {1} hdb, cn = config changetype: gbanwee tinye: olcDbIndex olcDbIndex: uidNumber Eq - tinye: olcDbIndex olcDbIndex: gidNumber Eq - tinye: olcDbIndex olcDbIndex: memberUid Eq, olcDbIndex: nbanye Eq, olcDbIndex: loginShell Eq, olcDbIndex: loginShell Eq, olcDbIndex: nbanye - tinye: olcDbIndex olcDbIndex: uid pres, sub, eq - tinye: olcDbIndex olcDbIndex: cn pres, sub, eq - tinye: olcDbIndex olcDbIndex: sn pres, sub, eq - tinye: olcDbIndex olcDbIndex: nyere, - tinye: olcDbIndex olcDbIndex: displayName pres, sub, eq - tinye: olcDbIndex olcDbIndex: ndabere sub - tinye: olcDbIndex olcDbIndex: mail eq, subinitial - tinye: olcDbIndex olcDbIndex: dc eq

Anyị na-agbakwunye indexes na nchekwa data ma lelee mgbanwe:

: ~ # ldapmodify -Y MGBE -H ldapi: /// -f ./olcDbIndex.ldif

: ~ # ldapsearch -Q -LLL -Y EXTERNAL -H ldapi: /// -b \ cn = config '(olcDatabase = {1} hdb)' olcDbIndex

dn: olcDatabase = {1} hdb, cn = config olcDbIndex: objectClass eq olcDbIndex: uidNumber, gidNumber eq olcDbIndex: so na otu olcDbIndex: sn pres, sub, eq olcDbIndex: givenName, ou pres, eq, sub olcDbIndex: displayName pres, sub, eq olcDbIndex: default sub olcDbIndex: mail eq, subinitial olcDbIndex: dc eq

Iwu Njikwa Nweta data

Iwu ndị edobere ka ndị ọrụ wee gụọ, gbanwee, tinye ma hichapụ data dị na ndekọ ndekọ ndekọ aha ha ka ana-akpọ Access Control, ebe anyị ga-akpọ Ndekọ Njikwa Nweta ma ọ bụ «Ndepụta Njikwa ACL»Iji atumatu na hazi iwu.

Knowmara nke ACL ekwuputala ya na ndabara n'oge usoro ntinye nke ụra, anyị igbu:

: ~ # ldapsearch -Q -LLL -Y EXTERNAL -H ldapi: /// -b \
cn = config '(olcDatabase = {1} hdb)' olcAccess

: ~ # ldapsearch -Q -LLL -Y EXTERNAL -H ldapi: /// -b \
cn = config '(olcDatabase = {- 1} frontend)' olcAccess

: ~ # ldapsearch -Q -LLL -Y EXTERNAL -H ldapi: /// -b \
cn = nhazi '(olcDatabase = {0} nhazi)' olcAccess

: ~ # ldapsearch -Q -LLL -Y EXTERNAL -H ldapi: /// -b \
cn = config '(olcAccess = *)' olcAccess olcSuffix

Iwu nke ọ bụla gara aga ga-egosi anyị ACL na ruo ugbu a, anyị ekwupụtala na ndekọ anyị. Kpọmkwem, iwu ikpeazụ na-egosi ha niile, ebe atọ ndị nke mbụ na-enye anyị iwu njikwa nnweta maka ha atọ. DIT abuana ke anyi ụra.

Na isiokwu nke ACL na iji ghara ide ogologo oge, anyị na-akwado ịgụ peeji akwụkwọ ntuziaka Nwoke slapd.access.

Iji ekwe nkwa nnweta ndị ọrụ na ndị ọchịchị iji melite ndenye ha nke nbanye y Geckos, anyị ga-agbakwunye ACL ndị na-esonụ:

## Anyị mepụtara faịlụ olcAccess.ldif ma hapụ ya na ọdịnaya ndị a: ~ # nano olcAccess.ldif
nd * gụọ

## Anyị na-agbakwunye ACL
: ~ # ldapmodify -Y MGBE -H ldapi: /// -f ./olcAccess.ldif

# Anyị na-enyocha mgbanwe ndị ahụ
ldapsearch -Q -LLL -Y EXTERNAL -H ldapi: /// -b \
cn = config '(olcAccess = *)' olcAccess olcSuffix

Ọgbọ nke Asambodo TLS na Piakota

Iji nweta nkwenye echedoro na ihe nkesa OpenLDAP, anyị ga-emerịrị ya site na oge ezoro ezo nke anyị nwere ike nweta site na iji TLS «Nchekwa yergbọ njem »gbọ njem» o Secure Transport Layer.

OpenLDAP nkesa na ndi ahia ya nwere ike iji ya kpuchie TLS inye nchebe gbasara iguzosi ike n'ezi ihe na nzuzo, yana nkwado maka nyocha LDAP echekwara site na usoro ahụ SASL «Nyocha dị mfe na nchekwa nchekwa« Mpụga.

Ihe nkesa OpenLDAP nke oge a na-akwado iji */ Mmalite /* o Start a Secure Transport Layer na / protocolNlekọta: ///, nke bụ ihe mgbe ochie. Ajuju ọ bụla, gaa na * Malite TLS v. ldaps: // * en http://www.openldap.org/faq/data/cache/605.html

Naanị hapụ faịlụ ahụ dịka arụnyere / wdg / ndabere / slapd ya na nkwupụta ahụ SLAPD_SERVICES = »ldap: /// ldapi: / //», iji jiri uzo ezoro ezo n'etiti onye ahịa na ihe nkesa, yana ngwa inyeaka n'onwe ha iji nye OpenLDAP arụnyere na mpaghara.

Usoro a kọwara ebe a, dabere na nchịkọta gnutls-bi y ssl-cert ọ dị irè maka Debian 6 "Squeeze" yana maka Ubuntu Server 12.04. Maka Debian 7 "Wheezy" usoro ọzọ dabere na OpenSSL.

The ọgbọ nke asambodo ke piakota rụrụ dị ka ndị a:

1. - Anyị na-etinye nchịkọta ndị dị mkpa
: ~ # aptitude wụnye gnutls-bin ssl-cert

2.- Anyị mepụtara Key Primary maka Asambodo Asambodo
: ~ # sh -c "certtool --generate-privkey> /etc/ssl/private/cakey.pem"

3.- Anyị mepụtara template iji kọwaa CA (Akwụkwọ Asambodo)
: ~ # nano /etc/ssl/ca.info cn = Ndị enyi Cuban ca cert_signing_key

4.- Anyị na-emepụta CA Self Signed or Self-Signed Certificate maka ndị ahịa
: ~ # certtool -generate-self-signed \ -load-privkey /etc/ssl/private/cakey.pem \ --template /etc/ssl/ca.info \ --outfile / etc / ssl / certs / cacert.pem

5.- Anyị na-n'ịwa a Onwe Key maka Server
: ~ # certtool -generate-privkey \ -bits 1024 \ --outfile /etc/ssl/private/mildap-key.pem

Cheta na: Dochie "mildap"n'aha faịlụ ahụ dị n'elu site na nke nkesa gị. Namkpọ Asambodo na Igodo, ma maka sava ahụ na maka ọrụ na-eji ya, na-enyere anyị aka idobe ihe nke ọma.

6.- Anyị mepụtara faịlụ /etc/ssl/mildap.info na ọdịnaya ndị a:
: ~ # nano /etc/ssl/mildap.info organization = Ndị enyi Cuban cn = mildap.amigos.cu tls_www_server encryption_key signing_key expiration_days = 3650

Cheta na: Na ọdịnaya gara aga anyị na-ekwupụta na asambodo ahụ dị irè maka oge nke afọ 10. A ga-edozi oke oke ka ọdịmma anyị.

7.- Anyị mepụtara Asambodo Server
: ~ # certtool --generate-certificate \ -load-privkey /etc/ssl/private/mildap-key.pem \ -load-ca-certificate /etc/ssl/certs/cacert.pem \ -load- ca-privkey /etc/ssl/private/cakey.pem \ --template /etc/ssl/mildap.info \ --outfile /etc/ssl/certs/mildap-cert.pem

Ruo ugbu a anyị mepụtara faịlụ ndị dị mkpa, naanị anyị ga-agbakwunye na ndekọ ahụ ebe Asambodo nke Aka Onwe-aka cacert.pem; nke Server Asambodo mildap-cert.pem; na Igodo nkeonwe nke Server mildap-igodo.pem. Anyị ga-edozi ikike na onye nwe faịlụ faịlị.

: ~ # nano /etc/ssl/certinfo.ldif
dn: cn = configura tinye: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem - tinye: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/certs/mildap-cert.pem - add: olcTet / nde-key.pem

8.- Anyị gbakwunye: ~ # ldapmodify -Y Mpụga -H ldapi: /// -f /etc/ssl/certinfo.ldif

9.- Anyị na-edozi onye nwe ya na ikikere
: ~ # adduser openldap ssl-cert: ~ # chgrp ssl-cert /etc/ssl/private/mildap-key.pem: ~ # chmod g + r /etc/ssl/private/mildap-key.pem: ~ # chmod ma ọ bụ /etc/ssl/private/mildap-key.pem

Akwụkwọ cacert.pem Ọ bụ nke anyị ga-e copyomi na ndị ahịa ọ bụla. N'ihi na nke a akwụkwọ na-eji na ihe nkesa onwe ya, anyị ga-ekwupụta na ya na faịlụ / wdg / ldap/ldap.conf. Iji mee nke a, anyị gbanwee faịlụ ma hapụ ya na ọdịnaya ndị a:

: ~ # nano /etc/ldap/ldap.conf
BASE dc = enyi, dc = cu URI ldap: //mildap.amigos.cu TLS_CACERT /etc/ssl/certs/cacert.pem

N'ikpeazụ nakwa dị ka nlele, anyị na-amaliteghachi ọrụ ahụ ụra na anyị na-elele mmepụta nke syslog site na ihe nkesa ahụ, iji chọpụta ma ọrụ ahụ amalitegharịrị nke ọma site na iji akwụkwọ ọkwa ekwupụtara ọhụrụ.

: ~ # service slapd Malitegharịa ekwentị
: ~ # ọdụ / var / log / syslog

Ọ bụrụ na ọrụ ahụ amaliteghị n'ụzọ ziri ezi ma ọ bụ na anyị na-ahụ nnukwu njehie na syslog, ka anyị ghara ịda mba. Anyị nwere ike ịgbalị imezi ihe mebiri emebi ma ọ bụ ịmalite. Ọ bụrụ na anyị kpebie ịmalite site na ịwụnye echichi nke ụra, ọ dịghị mkpa ịhazi sava anyị.

Iji hichapụ ihe niile anyị megoro ruo otu ihe ma ọ bụ ihe ọzọ, anyị ga-ewepụ ngwugwu ahụ ụra, wee hichapụ folda ahụ / var / lib / ldap. Anyị ga-ahapụrịrị faịlụ ahụ na ụdị nke ya / wdg / ldap/ldap.conf.

Ọ bụ obere na ihe niile na-arụ ọrụ nke ọma na nnwale mbụ. 🙂

Cheta na nke na-eso nke a anyị ga-ahụ:

  • Nyocha njirimara nke mpaghara
  • Mepee nchekwa data
  • Jikwaa nchekwa data site na iji njikwa njikwa
  • Na nchikota rue ugbua ...

Lee enyi n’oge na-adịghị anya!.


Ọdịnaya nke isiokwu agbaso ụkpụrụ anyị nke ụkpụrụ nduzi. Kpesa mmejọ pịa ebe a.

Ihe 19 kwuru, hapụ nke gị

Hapu okwu gi

Adreesị email gị agaghị bipụtara. Chọrọ ubi na-akara na *

*

*

  1. Rụ ọrụ maka data: Miguel Ángel Gatón
  2. Nzube nke data: Nchịkwa SPAM, njikwa okwu.
  3. Ikike: Nkwenye gị
  4. Nkwurịta okwu nke data: Agaghị agwa ndị ọzọ data ahụ ma ọ bụghị site na iwu.
  5. Nchekwa data: Ebe nchekwa data nke Occentus Networks (EU) kwadoro
  6. Ikike: Oge obula inwere ike igbachi, weghachite ma hichapụ ihe omuma gi.

  1.   Hugo dijo

    Onye nkuzi !!!
    O NWERE IHE D WITH NA TUTO!
    dị mma
    niile hụrụ n'anya nke FORWA maka gị.
    😀

    1.    nri dijo

      Daalụ nke ukwuu, Hugo !!! Chere isiokwu ndi ozo n’isiokwu a.

  2.   nke a bụ aha dijo

    Ndewo

    na-adọrọ mmasị n'usoro isiokwu gị.

    O juru m anya ịgụ nkwupụta a: "Sava OpenLDAP nke oge a na-ahọrọ iji StartTLS ma ọ bụ Bido Layer uregbọ njem echekwara na usoro TLS / SSL ochie, nke na-adịghịzi adị."

    You na-azọrọ na, n'ọnọdụ niile ọbụlagodi na mpụga LDAP, STARTTLS bụ usoro nchekwa dị elu karịa TSL / SSL?

    1.    nri dijo

      Daalụ maka ikwu. Rịba ama na m na-ekwu OpenLDAP. Adịghị m emebiga ihe ókè. Na http://www.openldap.org/faq/data/cache/185.html, i nwere ike ịgụ ihe ndị a:

      Transport Layer Security (TLS) bụ aha ọkọlọtọ maka Secure Socket Layer (SSL). Usoro (ọ gwụla ma tozuru etozu na akara ngosi ụfọdụ) enwere ike ịgbanwee ya.

      StartTLS bụ aha ọkọlọtọ LDAP ọrụ maka ibido TLS / SSL. TLS / SSL bidoro mgbe emechara ọrụ LDAP a nke ọma. Ọ dịghị ọdụ ụgbọ mmiri ọzọ dị mkpa. A na - akpọ ya mgbe ụfọdụ dị ka ọrụ nkwalite TLS, ebe ọ na-akwalite njikọ LDAP nkịtị na nke TLS / SSL chebere.

      ldaps: // na LDAPS na-ezo aka na "LDAP n'elu TLS / SSL" ma ọ bụ "LDAP echekwara". A na-etinye TLS / SSL maka njikọ na ọdụ ụgbọ mmiri ọzọ (ọ bụkarị 636). Agbanyeghị na edebanye aha LDAPS n'ọdụ ụgbọ mmiri (636) maka ojiji a, edozighi usoro nke usoro nnabata TLS / SSL.

      Ozugbo ebidoro gị, enweghị ọdịiche dị n'etiti ldaps: // na StartTLS. Ha na-ekerịta otu nhọrọ nhazi ahụ (ewepu ldaps: // chọrọ nhazi nke onye na-ege ntị dị iche, lee slapd (8) 's -h nhọrọ) wee rụpụta ọrụ nchekwa echebere.
      Cheta na:
      1) ldap: // + StartTLS kwesiri iduga ya n'ọdụ ụgbọ mmiri LDAP nkịtị (ọ na-ejikarị 389), ọ bụghị ldaps: // port.
      2) ldaps: // kwesiri idobe ya n’ọdụ ụgbọ mmiri LDAPS (ọ kachasị 636), ọ bụghị ọdụ ụgbọ LDAP.

      1.    nke a bụ aha dijo

        Ndo, mana amabeghị m ihe kpatara ị ji kwuo na: 1) sava ọgbara ọhụrụ na-ahọrọ STARTTLS na SSL / TLS; 2) STARTTLS bụ oge a, vesos SSL / TLS nke ochie.

        Anọ m na-alụ ọgụ maka ọkara ọnwa na nhazi nke ndị ahịa ozi dị iche iche na-enweta ihe nkesa site na SSL (na-eji ọba akwụkwọ openssl, dị ka ọtụtụ sọftụwia na-anaghị akwụ ụgwọ), yana asambodo CA na / etc / ssl / certs / na ngwa ndị ọzọ. Na ihe m mụtara bụ na: 1) STARTTLS naanị encrypts nnọkọ Nyocha, na ihe ọ bụla ọzọ zigara ezoro ezo; 2) SSL encrypts kpamkpam niile ọdịnaya nke nnọkọ. Ya mere, na agbanyeghị STARTTLS nka na ụzụ karịa SSL; Ọ ga - akara m mma iche echiche nke ọzọ, ebe ọ bụ na ọdịnaya nke nnọkọ gị na - eme njem ezighi ezi na ntanetị.

        Ihe ọzọ dị iche bụ na a na-akwado STARTTLS maka ebumnuche ndị ọzọ nke m na-amaghị: maka ndakọrịta na MSWindows, n'ihi na mmejuputa ahụ kwụsiri ike karị ma ọ bụ ka anwale ya nke ọma ... amaghị m O bu ya kpatara m ji juo gi.

        Site na ntughari aka nke ntuziaka ahu nke i tinyegoro m na azịza gi, ahuru m na ihe di iche na etiti ldap: // na ldaps: // bu ihe di iche na imap: // na imaps: //, ma obu smtp: // na smtps: //: a na-eji ọdụ ụgbọ mmiri dị iche, agbakwunyere ụfọdụ ntinye na faịlụ nhazi, ma a na-edebe akụkụ ndị ọzọ. Mana nke ahụ egosighi ihe ọ bụla gbasara ịhọrọ STARTTLS ma ọ bụ na ọ bụghị.

        Ekele, ma ndo maka azịza ya. Ana m agbali ịmụtakwu obere.

        1.    nri dijo

          Lee, ọ dị oke ụkọ na n'isiokwu m, m na-ekwu maka ọkwa ahụ na-enweghị nkwado dị mkpa. Ná ngwụsị nke usoro ahụ, m ga-etinye njikọ niile na akwụkwọ m weere na ọ dị oke njọ, yana m nyochala iji dee post ahụ. Ana m akwado gị njikọ ndị a:

          https://wiki.debian.org/LDAP/OpenLDAPSetup
          Ntuziaka Ubuntu Server https://code.launchpad.net/serverguide
          OpenLDAP-Ọchịchị http://www.openldap.org/doc/admin24/index.html
          LDAP karịrị SSL / TLS na StartTLS http://tt4cs.wordpress.com/2014/01/18/ldap-over-ssltls-and-starttls/

          Ọzọkwa, m lere anya na akwụkwọ ndị so ya nke arụnyere na ngwugwu ọ bụla.

          Okwu nke nchekwa n'ozuzu ya na ọdịiche dị n'etiti StartTLS na TLS / SSL, dị ezigbo nka ma dị omimi nke na anaghị m ewere onwe m inwe ihe ọmụma dị mkpa iji nye nkọwa dị otú ahụ. Echere m na anyị nwere ike ịga n'ihu na-ekwu okwu site na e-mail.

          Ọzọkwa, enweghị ebe m kwuru na LDAPS: // enweghị ike iji ya. Y’oburu na itule ya odi nchebe, gabazie !!!

          Enweghị m ike inyere gị aka ọzọ ma enwere m ekele maka okwu gị.

        2.    nri dijo

          Ihe doro anya karịa ka ị ga - enweta mgbe ọ bụla gbasara OpenLDAP-
          http://www.openldap.org/faq/data/cache/605.html

          StartTLS gbatịrị ọrụ [RFC 2830] bụ usoro ọkọlọtọ LDAPv3 maka nchekwa TLS (SSL) data iji nweta nchebe nzuzo. Usoro a na-eji ọrụ LDAPv3 agbatị iji guzobe njikọ SSL / TLS ezoro ezo n'ime njikọ LDAP nke emegoro. Ọ bụ ezie na e mepụtara usoro ahụ maka iji TLSv1, ọtụtụ ntinye ga-ada na SSLv3 (yana SSLv2) ma ọ bụrụ na ọ dị mkpa.

          ldaps: // bụ usoro maka ịtọ ntọala SSL / TLS ezoro ezo maka LDAP. Ọ chọrọ iji ọdụ ụgbọ mmiri dị iche, na-ejikarị 636. Ọ bụ ezie na e mepụtara ya maka iji LDAPv2 na SSLv2, ọtụtụ ihe mmejuputa iwu na-akwado iji ya na LDAPv3 na TLSv1 Ọ bụ ezie na enweghị nkọwapụta teknụzụ maka ldaps: // a na-eji ya eme ihe.

          ldaps: // na-efu na ihu ọma nke Start TLS [RFC2830]. OpenLDAP 2.0 na-akwado ha abụọ.
          Maka ebumnuche nchekwa ihe nkesa ga-ahazi ka ọ ghara ịnabata SSLv2.

  3.   freebsddick dijo

    Nke a ga - abụ otu n’ime isiokwu ndị ọrụ agaghị aza n’ihi na ebe ọ bụ na ha na - ele porn na ọdụ Linux ha, ha enweghị mmasị. Ezigbo edemede !!

    1.    nri dijo

      Daalụ maka ikwu !!!. Nkwupụta gị banyere ihe ole na ole kwuru n'ọtụtụ isiokwu m bụ eziokwu. Agbanyeghị, ana m enweta akwụkwọ ozi site n'aka ndị na-agụ akwụkwọ nwere mmasị, ma ọ bụ site na ndị ọzọ na-ebudata isiokwu maka ịgụ ma mechaa ya.

      Ọ bara ezigbo uru inwe nzaghachi site na nkwupụta, ọbụlagodi na ha bụ: Echekwara m ya maka ịgụ na-esote, na-atọ ụtọ, ma ọ bụ echiche ọzọ.

      Nzaghachi na see okwu

  4.   nri dijo

    Onye Free !!! Daalụ maka ikwu. Enwetara m okwu gị na mail mana anaghị m ahụ ya n'agbanyeghị na m na-eme ka ibe akwụkwọ ahụ dị ọhụrụ ọtụtụ oge. Enyi, ị nwere ike ịnwale nke a na isiokwu ndị gara aga na-enweghị nsogbu na Squeeze ma ọ bụ Ubuntu Server 12.04. Na Wheezy, asambodo na-eme n'ụzọ dị iche, na-eji OpenSSL. Ma ọ dịghị ihe. Ekele m, nwannem !!!.

  5.   nri dijo

    @thisnameisfalse: Onye ode akwukwo kacha mma nwere nsogbu. N'ihi echiche gị, echere m na paragraf a na-ekwu okwu kwesịrị ịbụ ndị a:

    Ihe nkesa OpenLDAP nke oge a choro ka eji StartTLS ma obu Start a Secure Transport Layer, na LDAPS: // protocol, nke na-abughizi. Ajuju ọ bụla, gaa na Start TLS v. ldaps: // en http://www.openldap.org/faq/data/cache/605.html

    Nzaghachi na see okwu

  6.   Jose Monge dijo

    Zuru oke, ugbu a enwerem ihe omume ulo na ldap

  7.   Walter dijo

    Nweghị ike itinye ihe niile n'ime otu faịlụ ka ị nwee ike ibudata nkuzi zuru ezu

  8.   eBeR dijo

    Abụ m onye ọrụ kọmputa nwere ahụmịhe dị ukwuu na Linux, mana m ka furu efu n'etiti isiokwu ahụ. Mgbe ahụ, m ga-agụghachi ya nke ọma. Daalụ maka nkuzi a.
    Ọ bụ ezie na ọ bụ eziokwu na ọ na-enye anyị ohere ịghọta ọtụtụ ihe mere eji ahọkarị ActiveDirectory maka ihe ndị a. E nwere eluigwe na ala nke ọdịiche dị na ịdị mfe nke nhazi na mmejuputa iwu.
    Nzaghachi na see okwu

  9.   nri dijo

    Daalụ niile maka ịza ajụjụ !!!
    @jose monge, echere m na ọ ga-enyere gị aka
    @walter na njedebe nke ihe niile, m ga - ahụ ma m nwere ike ịme compendium na html ma ọ bụ pdf
    @eVeR n'ụzọ nke ọzọ, OpenLDAP dị mfe - ọbụlagodi ma ọ bụrụ na ọ yighị ya - karịa akwụkwọ ndekọ ọrụ. chere isiokwu ndị ọzọ ma ị ga-ahụ.

  10.   Marcelo dijo

    Ajuju, ana m eme nwụnye usoro site na nkwụsị mana mgbe ịmalitegharị ọrụ slapd ahụ, ọ na-atụba m njehie na-esonụ>

    Julaị 30 15:27:37 xxxx slapd [1219]: @ (#) $ OpenLDAP: slapd (Ubuntu) (Mar 17 2014 21:20:08) $ # 012 # 011buildd @ aatxe: /build/buildd/openldap-2.4.31 .XNUMX / debian / ewu / sava / slapd
    Jul 30 15:27:37 xxxxx slapd [1219]: UNKNOWN attributeDescription "CHANGETYPE" etinyere.
    Jul 30 15:27:37 xxxxx slapd [1219]: UNKNOWN attributeDescription "ADD" etinyere.
    Julaị 30 15:27:37 xxxxx [1219]: <= str2entry: slap_str2undef_ad (-): efu AttributeDescription
    Jul 30 15:27:37 xxxxx slapd [1219]: slapd kwụsịrị.
    Jul 30 15: 27: 37 xxxxx [1219]: links_destroy: ọ dịghị ihe na-emebi.

    1.    Mmmmmmmmmmm dijo

      I nwere ike ịjụ na forum 😀 http://foro.desdelinux.net/

  11.   ebe obibi dijo

    Maka onye ọ bụla nke na-ahụ ọmarịcha akwụkwọ a akọwapụtara nke ọma na nsogbu a na - eme mgbe ị na - eke ACL
    ldapmodify: usoro na ezighi ezi (akara 5) ntinye: "olcDatabase = {1} hdb, dc = config"

    Mgbe m jisịrị isi m nyochaa ịntanetị, ọ na-apụta na ldapmodify bụ ụdị kachasị ziri ezi n'ebe ahụ na ihu weebụ. Ọ bụ hysterical na-ekwesịghị ekwesị odide dị ka nke ọma dị ka trailing oghere. Enweghị oge ọzọ, ndụmọdụ a bụ iji dee ọnọdụ ahụ n'akụkụ ibe ya ma ọ bụ site na X dee onwe gị dee site na * ịgụ. Ọ bụrụ na ọ naghị arụ ọrụ wụnye Notepad ++> Lee> Gosi akara na n'ikpeazụ ọnwụ na mkpụrụedemede ndị a na-adịghị ahụ anya. Enwere m olile anya na mmadụ ga-enyere m aka.

  12.   ebe obibi dijo

    Nweta asambodo maka Debian Wheezy dabere na OpenSSL nke a nwere ike ije ozi:
    http://blog.phenobarbital.info/2014/10/openldap-tlsssl-configuracion-basica-y-aseguramiento/