Directory Service ndi LDAP [5]: OpenLDAP (II)

Tiyeni tipitilize, osati popanda kufunsa koyamba:

• Utumiki Wamakalata ndi LDAP. Chiyambi.
• Directory Service ndi LDAP [2]: NTP ndi dnsmasq.
• Directory Service ndi LDAP [3]: Isc-DHCP-Server ndi Bind9.
• Directory Service ndi LDAP [4]: ​​OpenLDAP (I)

M'nkhaniyi tiwona:

• Kutsimikizika kwa ogwiritsa ntchito kwanuko
• Lembani database
• Sinthani nkhokweyo pogwiritsa ntchito zotonthoza
• Chidule mpaka pano ...

Kutsimikizika kwa ogwiritsa ntchito kwanuko

Tikakhala ndi seva ya OpenLDAP, ngati tikufuna kuyesa kapena kukhala ndi kutsimikizika kwanuko kwa ogwiritsa ntchito olembetsa - kapena kuti tilembetsa - mu Directory, tiyenera kukhazikitsa ndikukonzekera phukusi loyenera.

Finyani, mapaketi omwe akukhudzidwa ndi awa:

libnss-ldap: Amapereka Name Exchange Service (NSS Name Service Sinthani) yomwe imalola seva ya LDAP kukhala ngati seva yadzina.

Zimatanthawuza kupereka zidziwitso za Maakaunti aogwiritsa ntchito, ma ID a Gulu, zambiri za omwe akukhala nawo, Aliases, NetGroups, komanso zidziwitso zina zilizonse zomwe zimapezeka pamafayilo osavuta monga / etc / passwd, / etc / gulu, etc., kapena ntchito NIS.

choyimira: "Module Yotsimikizika Yosungika ya LDAP", Kapena Module PAM za LDAP. Imapereka mawonekedwe pakati pa seva ya LDAP ndi dongosolo lotsimikizira kudzera PAM.

nscd: "Tchulani Cache Daemon", Kapena Daemon ya Cache Service Service. Imagwira pakufufuza mapasiwedi, magulu ndi makamu ndikusunga zotsatira zakusaka posungira mtsogolo.

: ~ # aptitude kukhazikitsa chala cha libnss-ldap

Kuyika phukusi libnss-ldap, yomwe imayikanso ngati kudalira choyimira Mdierekezi kale nscd, ititenga ife kudzera pa Wizard Yosintha, omwe mafunso athu tiyenera kuyankha moyenera:

Ngati tikufuna kusinthanso ma phukusi libnss-ldap ndi / kapena choyimira, tiyenera kuchita:

: ~ # dpkg-sinthani libnss-ldap
: ~ # dpkg-sinthani libpam-ldap

Pambuyo pake timasintha fayilo /etc/nsswitch.conf ndipo timazisiya ndi zotsatirazi:

: ~ # nano /etc/nsswitch.conf
# /etc/nsswitch.conf # # Chitsanzo chosinthira magwiridwe antchito a GNU Name Service switch. # Ngati muli ndi phukusi la `glibc-doc-reference 'ndi` info', yesani: #` info info libc "Name Service switch" "kuti mumve zambiri za fayiloyi. passwd: gulu ldap: compat ldap mthunzi: compat ldap makamu: mafayilo dns ma network: mafayilo ma fayilo: db mafayilo ntchito: db mafayilo ethers: db mafayilo rpc: db mafayilo netgroup: nis

Zosintha zomwe zasinthidwa mu fayilo /etc/nsswitch.conf zimayamba, timayambitsanso ntchitoyi nscd:

: ~ # service nscd kukhazikitsanso

Chofunika kwambiri ndikusintha fayilo /etc/pam.d/common-session kuti foda yogwiritsira ntchito ipangidwe pa seva yakomwe mukalowetsamo, wogwiritsa ntchito adalembetsa mu Directory:

: ~ # nano /etc/pam.d/kukhala nthawi yayitali
[----]
Gawo lofunikira pam_mkhomedir.so skel = / etc / skel / umask = 0022
### Mzere uli pamwambapa uyenera kuphatikizidwa ASANAKHALE # nayi ma module amtundu wa phukusi ("Primary" block) [----]

Lembani database

Kuti tipeze nkhokwe ya Directory kapena kuyiyambitsa, tiyenera kuwonjezera mayunitsi akuluakulu a bungwe, kulembetsa Gulu limodzi la ogwiritsa ntchito, ndikuwonjezera wosuta. Kuti tichite izi, timapanga fayilo mu mtundu wa LDIF, yomwe tiziwonjezera ku Directory, ndi izi:

: ~ # nano okhutira.ldif
dn: ou = People, dc = abwenzi, dc = cu objectClass: organizationUnit ou: People dn: ou = Groups, dc = friends, dc = cu objectClass: organizationUnit ou: Magulu dn: cn = mphete, ou = Magulu, dc = abwenzi, dc = cu objectClass: posixGroup cn: rings gidNumber: 10000 dn: uid = frodo, ou = People, dc = abwenzi, dc = cu objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: frodo sn: Zikwama zapatsidwaName: Frodo cn : Frodo Bagins akuwonetsaName: Frodo Bagins uidNambala: 10000 gidNambala: 10000 userPassword: frodo mail: frodo@amigos.cu gecos: Frodo Bagins loginShell: / bin / bash homeDirectory: / home / frodo

Timawonjezera zomwe zili mufayiloyi:

: ~ # ldapadd -x -D cn = admin, dc = abwenzi, dc = cu -W -f okhutira.ldif
Lowani LDAP Password: kuwonjezera kulowa kwatsopano "ou = People, dc = abwenzi, dc = cu" kuwonjezera kulowa kwatsopano "ou = Magulu, dc = abwenzi, dc = cu" kuwonjezera kulowa kwatsopano "cn = mphete, ou = Magulu, dc = abwenzi, dc = cu "kuwonjezera kulowa kwatsopano" uid = frodo, ou = People, dc = abwenzi, dc = cu "

Timachita macheke oyenera:

: ~ # id frodo
uid = 10000 (frodo) gid = 10000 (mphete) magulu = 10000 (mphete)

: ~ # adadutsa | grep frodo
frodo: x: 10000: 10000: Frodo Bagins: / home / frodo: / bin / bas

: ~ # chala frodo
Kulowa: frodo Dzina: Frodo Bagins Directory: / home / frodo Shell: / bin / bash Sanalowemo. Palibe makalata. Palibe Mapulani.

: ~ # ldapsearch -Y Kunja -H ldapi: /// -b uid = frodo, ou = Anthu, dc = abwenzi, dc = cu

Tsopano tili ndi Directory Service yomwe tiyenera kuyang'anira !!!. Tipanga njira ziwiri: yoyamba kudzera phukusi zolemba, ndipo lachiwiri, lomwe tidzakambirana m'nkhani yotsatira, lidzathaWoyang'anira Akaunti ya Ldap.

Tiyeneranso kunena kuti package ldap-zida, Amapereka malamulo angapo othandiza kusamalira Directory. Kuti mudziwe malamulo awa, timachita:

: ~ # dpkg -L ldap-zida | grep / bin
/ usr / bin / usr / bin / ldapmodrdn / usr / bin / ldapurl / usr / bin / ldapdelete / usr / bin / ldapwhoami / usr / bin / ldapexop / usr / bin / ldappasswd / usr / bin / ldapcompare / usr / bin / ldapsearch / usr / bin / ldapmodify / usr / bin / ldapadd

Kuti mudziwe zambiri zamalamulo aliwonse, timalimbikitsa kuthamanga munthu. Kufotokozera chilichonse kungapangitse kuti nkhaniyi ikhale yayitali kwambiri.

Sinthani nkhokweyo pogwiritsa ntchito zotonthoza

Timasankha phukusi zolemba pa ntchito yotereyi. Kuyika ndikukonzekera njira ndi izi:

: ~ # aptitude yesani zolemba

: ~ # cp /etc/ldapscripts/ldapscripts.conf \ /etc/ldapscripts/ldapscripts.conf. choyambirira

: ~ # cp / dev / null /etc/ldapscripts/ldapscript.conf

: ~ # nano /etc/ldapscripts/ldapscripts.conf
SERVER = localhost BINDDN = 'cn = admin, dc = abwenzi, dc = cu' BINDPWDFILE = "/ etc / ldapscripts / ldapscripts.passwd" SUFFIX = 'dc = abwenzi, dc = cu' GSUFFIX = 'ou = Magulu' USUFFIX = 'ou = People' # MSUFFIX = 'ou = Makompyuta' GIDSTART = 10001 UIDSTART = 10001 # MIDSTART = 10000 # OpenLDAP kasitomala amalamula LDAPSEARCHBIN = "/ usr / bin / ldapsearch" LDAPADDBIN = "/ usr / bin / ldapadd" LDAPDELETEBIN = " / usr / bin / ldapdelete "LDAPMODIFYBIN =" / usr / bin / ldapmodify "LDAPMODRDNBIN =" / usr / bin / ldapmodrdn "LDAPPASSWDBIN =" / usr / bin / ldappasswd "GCLASS =" posiXPLATE "# . /ldapadduser.template "PASSWORDGEN =" echo% u "

### Zindikirani kuti zolembazo zimagwiritsa ntchito malamulo a
### ldap-utils phukusi

: ~ # sh -c "echo -n 'tupassowrd'> \ /etc/ldapscript/ldapscript.passwd"

~ # chmod 400 /etc/ldapscripts/ldapscript.passwd

: ~ # cp /usr/share/doc/ldapscript/examples/ldapadduser.template.sample \ /etc/ldapscripts/ldapadduser.template

: ~ # nano /etc/ldapscripts/ldapadduser.template
dn: uid = , , objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: sn: dzina loyamba: dzina lowonetsa: uid: Chiwerengero: Chiwerengero: chitsogozo chakunyumba: kulowaShell: makalata: nalimata: kufotokozera: Akaunti Yogwiritsa Ntchito

: ~ # nano /etc/ldapscripts/ldapscripts.conf
## timachotsa ndemanga UTEMPLATE = "/ etc / ldapscripts / ldapadduser.template"

Tiyeni tiyese kuwonjezera wosuta Wopanda Mfumu pagulu la ogwiritsa mphete ndipo tiyeni tiwone zomwe zidalowetsedwa:

: ~ # ldapadduser amayendetsa mphete
[dn: uid = strides, ou = People, dc = friends, dc = cu] Lowetsani mtengo wa "sn": The King [dn: uid = strides, ou = People, dc = friends, dc = cu] Lowetsani mtengo wa "givenName": Strides [dn: uid = strides, ou = People, dc = friends, dc = cu] Lowetsani mtengo wa "displayName": Strides El Rey [dn: uid = strides, ou = People, dc = friends, dc = cu] Lowetsani mtengo wa "makalata": trancos@amigos.cu Mwinanso kuwonjezera ma trancos ogwiritsa ntchito ku LDAP Khazikitsani mawu achinsinsi a ogwiritsa ntchito

root @ mildap: ~ # ldapfinger akuyenda
dn: uid = strides, ou = People, dc = abwenzi, dc = cu objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: strides sn: El Rey givenName: Strides showName: Strides El Rey uid: strides uidNumber: 10002 gidNumber: 10000 homeDirectory: / home / trancos loginShell: / bin / bash mail: trancos@amigos.cu gecos: trancos kufotokozera: User Account userPassword :: e1NTSEF9UnlmcWxCem5iUzBuSzQzTkM3ZFRFcTUwV2VsVnBqRm8 =

Tiyeni tilengeze achinsinsi kwa wogwiritsa ntchito Frodo, tiyeni tilembere "DN”Mwa olembetsa, ndipo chotsani amene wongogwiritsa kumene Osuntha:

: ~ # ldapsetpasswd frodo
Kusintha mawu achinsinsi kwa wosuta uid = frodo, ou = People, dc = abwenzi, dc = cu Chinsinsi Chatsopano: Bwerezaninso Mawu Achinsinsi: Khazikitsani mawu achinsinsi kwa ogwiritsa uid = frodo, ou = People, dc = abwenzi, dc = cu

: ~ # lsldap -u | grep dn
dn: uid = frodo, ou = People, dc = abwenzi, dc = cu dn: uid = strides, ou = People, dc = abwenzi, dc = cu

: ~ # ldapfinger frodo
dn: uid = frodo, ou = People, dc = abwenzi, dc = cu objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: frodo sn: Bagins givenName: Frodo cn: Frodo Bagins displayName: Frodo Bagins uidNumber: 10000 gidNumber: 10000 mail : Makalata 1: frodo@amigos.cu gecos: Frodo Bagins loginShell: / bin / bash homeDirectory: / home / frodo userPassword :: e9NTSEF4TnI3ZXN1YXA1VnplK1ZIZXZzFFKKWW5SVdWeUXNUMXoVjA =

: ~ # ldapdeleteuser akuyenda
Chotsani wosuta uid = mayendedwe, ou = People, dc = abwenzi, dc = cu kuchokera ku LDAP

: ~ # lsldap -u | grep dn
dn: uid = frodo, ou = People, dc = abwenzi, dc = cu

Tiyeni tiwone ngati kutsimikizika Kwanuko kumagwira ntchito molondola:

: ~ # ssh frodo @ chithunzithunzi
mawu achinsinsi a frodo @ mildap: Linux mildap 2.6.32-5-686 # 1 SMP Fri Meyi 10 08: 33: 48 UTC 2013 i686 [---] Debian GNU / Linux imabwera ndi ABSOLUTELY NO WARRANTY, mpaka momwe chilolezo chovomerezeka ndi lamulo . Kulowa komaliza: Lachiwiri Feb 18 18:54:01 2014 kuchokera ku mildap.amigos.cu
frodo @ mildap: ~ $ pwd
/ kunyumba / frodo
frodo @ mildap: ~ $ 

Pali zitsanzo zambiri zomwe titha kulemba, koma mwatsoka nkhaniyi ikadakhala yayitali kwambiri. Nthawi zonse timanena kuti timapereka polowera kuzinthu zantchito zonse. Ndikosatheka kusinthitsa zolemba zonsezo positi imodzi.

Kuti mudziwe zambiri za phukusi zolemba ndi malamulo ake, chonde kambiranani mwamuna lembani.

Pakadali pano Ntchito Yathu Yosavuta Yoyambira potengera OpenLDAP imagwira ntchito bwino.

Chidule mpaka pano ...

Anthu ambiri omwe amayang'anira ntchito zamabizinesi, akamayang'anira imodzi ndi ntchito zochokera kuzinthu za Microsoft, ngati akufuna kusamukira ku Linux, amalingalira kusamuka kwa Domain Controllers pakati pazinthu zina.

Ngati sangasankhe chinthu chachitatu monga ClearOS kapena Zentyal, kapena ngati pazifukwa zina akufuna kukhala odziyimira pawokha, ndiye kuti agwira ntchito yovuta yakukhala Domain Controller wawo, kapena kuchokera ku Samba 4 Active Directory yawo.

Kenako mavuto amayamba ndi zokhumudwitsa zina. Zochita zolakwika. Sapeza komwe kuli mavuto kuti athe kuwathetsa. Kubwereza kuyeserera mobwerezabwereza. Ntchito zochepa zamautumikiwa. Ndi mndandanda wautali wamavuto.

Maziko a Domain Controller kapena Active Directory mu Linux, kutengera OpenLDAP kuphatikiza Samba, amatha kudziwa zambiri za Kodi seva ya LDAP ndi chiyani, imayikidwa bwanji, imakonzedwa bwanji ndikuwongoleredwa, ndi zina zotero?. Iwo omwe adawerenga zolemba zambiri za Samba, adzadziwa zomwe tikutanthauza.

Ndendende kuyankha funsoli talemba nkhani zonse mpaka iyi, ndipo tipitiliza ndi zomwe zikufunika. Tikukhulupirira kuti ndi othandiza kwa inu.