Directory Service ne OpenLDAP [7 uye yekupedzisira?]: Ldap Account Manager

Mhoro shamwari !. Isu hatina kuda kutsikisa ichi chinyorwa sezvo chiri mune yekumanikidza muPDF fomati yakumbirwa nevaverengi vazhinji. Ehe, isu tinonyora pfupiso nezvakanaka zvinowedzerwa. Uye sekutarisa kwechikamu ichi, tinonyora iyo Nhanganyaya:

Vanhu vazhinji vari kutarisira masevhisi mumabhizinesi network, pavanotora netiweki ine masevhisi akavakirwa pazvigadzirwa zveMicrosoft, kana vachida kuenda kuLinux, vanofunga kutama kweDomain Dhairekita pakati pemamwe masevhisi.

Kana vakasasarudza chigadzirwa chechitatu-bato senge ClearOS kana Zentyal, kana kana nekuda kwezvimwe zvikonzero vachida kuzvimiririra, vanobva vatora basa rakaoma rekuve yavo Domain Controller, kana kubva kuSamba 4 -kana zvimwe- yavo Active Directory.

Ipapo matambudziko anotanga uye kumwe kuora mwoyo. Kushanda zvikanganiso. Ivo havawani iko kunowanikwa matambudziko kuti vakwanise kuagadzirisa. Dzokororo yekumisikidza kuyedza. Kusarudzika mashandiro emasevhisi. Uye runyorwa rurefu rwematambudziko.

Kana tikatarisa padyo, yakawanda yeInternet haishandise Microsoft-mhando network. Nekudaro, mune yedu bhizinesi nharaunda isu tinoita, yakawanda.

Neichi chirevo isu tinoedza kuratidza kuti tinogona kugadzira bhizinesi network pasina Microsoft uzivi. Sevhisi inoenderana nekusimbisa vashandisi kupokana neiyo OpenLDAP Dhairekitori senge: E-Mail, FTP, SFTP, Bhizinesi Cloud rinotungamirwa naOwncloud, nezvimwe.

Isu tinoshuvira kupa nzira yakatarwa inoenderana ne100% Yemahara Software, uye izvo hazvishandise kana kuteedzera -iyo nyaya yacho yakafanana- uzivi hweMicrosoft network, kungave neMicrosoft Software, kana neOpenLDAP neSamba seyakanyanya.

Mhinduro dzese dzinoshandisa yemahara software Openldap + Samba, zvinofanirwa kuenda kuburikidza neruzivo rwekutanga rweiyo LDAP server, inoiswa sei, inogadzirirwa uye kuitiswa sei, nezvimwe. Gare gare vanobatanidza Samba uye pamwe Kerberos, uye pakupedzisira ivo vanotipa isu kuti "titeedzere" Domain Dhairekita nenzira yeMicrosoft's NT 4, kana iyo Active Directory.

Zvakaoma basa zvirokwazvo kana isu tichiita uye nekumisikidza kubva repository mapakeji. Avo vakadzidza uye vakashandisa zvakazara zvinyorwa zveSamba vanoziva chaizvo zvatinoreva. Samba 4 inotokurudzira kutungamira kweAka Directory Dhairekitori uchishandisa echimisheni manejimendi manejimendi yatinowana muMicrosoft Active Directory, angave ari 2003 kana imwe yepamberi.

Yakurudzirwa kuverenga.

https://wiki.debian.org/LDAP
OpenLDAP Software 2.4 Mutungamiri weMutungamiri
Ubuntu Server Guide 12.04
Kugadziriswa kweSeva neGNU / Linux.

Yakanaka bhuku rekuti, El Maestro, Joel Barrios Dueñas anotipa uye iyo inoshumira vatambi veDebian chaizvo, kunyangwe yakanangana neCentOS neRed Hat.

Ndeapi masevhisi uye software yatiri kuronga kuisa nekugadzirisa?

  • Independent NTP, DNS uye DHCP, ndiko kuti, maviri ekupedzisira haana kubatanidzwa muDhairekitori
  • Dhairekitori Sevhisi kana «Directory Services»Kubva pa OpenLDAP
  • E-Mail, "Citadel" Boka Rekushandisa Suite, FTP uye SFTP,
  • Business Cloud «OwnCloud«
  • Yakazvimirira faira server yakatarwa neSamba.

Muzviitiko zvese, maitiro ekusimbisa hunhu hwevashandisi achaitwa achipesana neDhairekitori zvakananga, kana kuburikidza libnss-ldap y PAM zvinoenderana nehunhu hwe software iri kubvunzwa.

Uye pasina imwezve ado, ngatitangei kubhizinesi.

Ldap Akaunti Manager

Tisati taenderera mberi, tinofanira kuverenga:

Avo vakatevera akateedzana ezvinyorwa zvakapfuura vachange vaona kuti isu TAKATOSHANDA tine Dhairekitori rekutonga. Tinogona kuzadzisa izvi munzira dzakawanda, kungave kuburikidza neconsource utility dzakarongedzwa mupakeji zvinyorwa, iyo webhu inopindirana phpLDAPadmin, Ldap Akaunti Manager, nezvimwewo, zviri munzvimbo yekuchengetera.

Iko kune zvakare mukana wekuzviita kuburikidza ne Dhairekitori reApache, yatinofanira kurodha pasi kubva paInternet. Iyo inorema ingangoita 142 megabytes.

Kugovera dhairekitori redu, tinokurudzira zvakasimba kushandiswa kwe Ldap Akaunti Manager. Uye chinhu chekutanga chatichataura nezvazvo, ndechekuti mushure mekumisikidzwa kwayo, tinogona kuiwana yayo zvinyorwa iyo iri mufaira / usr / share / doc / ldap-account-maneja / maHTML.

Through the Ldap Akaunti Manager, kubva zvino M, isu tinokwanisa kubata maakaundi evashandisi uye eboka akachengetwa mudura redu. Iyo LAM inomhanya pane chero peji rewebhu peji iyo inotsigira PHP5, uye isu tinokwanisa kubatana kwariri kuburikidza neisina kunyorwa chiteshi, kana kuburikidza StartTLS, inova fomu yatichashandisa mumuenzaniso wedu.

Kutanga kuiswa uye kugadzirisa:

: ~ # aptitude gadza ldap-account-maneja

Mushure mekumisikidzwa kweiyo Apache2 -apache2-mpm-prefork-, Kubva kuPH5 nekumwe kutsamira, uye kubva pasuru pachayo ldap-account-manejaChinhu chekutanga chatinofanira kuita kugadzira chinongedzo chinongedzo kubva kuLAM zvinyorwa faira kune iro dhairekodhi rezvinyorwa pane yedu dura rewebhu. Muenzaniso:

: ~ # ln -s / usr / share / doc / ldap-account-maneja / maHTML / bhuku / / var / www / lam-maHTML

Nenzira iyi isu tinovimbisa kupinda kune iyo LAM bhuku kuburikidza newebhu browser, kana tikanongedzera kukero http://mildap.amigos.cu/lam-docs.

Tevere, ngatitange kugadzirisa iyo LAM pachayo. Mubrowser tinonongedza http://mildap.amigos.cu/lam.

  • Tinobaya pane iyi link "Kugadziridza LAM".
  • Dzvanya pane iyi link "Rongedza ma profiles eseva".
  • Isu tinonyora pasiwedhi 'The m' pasina makotesheni.

Mune iwo ekumisikidza LAM mapeji, isu tinokwanisa kugadzirisa akawanda ma parameter zvinoenderana nezvatinoda nezvatinoda. Sezvo ini ndagara ndichikurudzira kuenda kubva kuRakareruka kuenda kuComplex, uye kwete imwe nzira yakatenderedza, isu tinongobata izvo zvinonyanya kudikanwa kushandisa chishandiso chine simba chiri LAM. Kana mushure mekunge tave Masters mukushandisa kwayo, tinoda kugadzirisa kana kuwedzera zvinoshanda, tobva tagamuchira.

  • Shandisa TLS: ehe -Yakakurudzirwa-.
  • Chikwiti chemuti: dc = shamwari, dc = cu
  • Mutauro wekutanga: español (Spain)
  • Chinyorwa chevashandisi vanoshanda *: cn = admin, dc = shamwari, dc = cu
  • Nyaya itsva rakasiyana password kubva ku lam
  • Pindazve password: rakasiyana password kubva ku lam

Cherechedza: Iye ' * 'zvinoreva kuti chinhu chinodiwa kupinda.

Pazasi kuruboshwe ndiwo mabhatani ^ Sevha y ^ Kukanzura. Kana tikachengeta shanduko izvozvi, zvinotidzosera kune peji rekutanga uye tinogona kuona kuti mutauro watochinja uye kuti zita remushandisi rave izvozvi arun. Asati meneja. Nekudaro, ngatidzokerei kunogadzira iyo -zvino muchiSpanish- "Kugadzika. yeRAM ». Mushure mekunge tadzoka pane peji rekumisikidza, tichaita zvinotevera:

  • Isu tinosarudza iyo tebhu 'Mhando dzemaakaundi'.
  • Muchikamu 'Anoshanda account mhando' -> 'Vashandisi' -> 'LDAP chinokwana', isu takanyora kuti: ou = Vanhu, dc = shamwari, dc = cu.
  • Muchikamu 'Active account mhando' -> 'Mapoka' -> 'LDAP chinokwana', isu takanyora kuti: ou = Mapoka, dc = shamwari, dc = cu.
  • Uchishandisa mabhatani akanzi '^ Bvisa iyi mhando account', isu tinobvisa izvo zvinoenderana ne 'Mapoka' y 'Samba domains', yatisingazoshandisa.
  • Isu tinosarudza iyo tebhu 'MaModule'.
  • En 'Vashandisi', pane zvakanyorwa 'Akasarudzwa mamodule', tinofambisa module 'Samba 3 (sambaSamAccount)' kune iyo rondedzero ye 'MaModule Anowanikwa'.
  • En 'Mapoka', pane zvakanyorwa 'Akasarudzwa mamodule', tinofambisa module 'Samba 3 (sambaGroupMapping)' kune iyo rondedzero ye 'MaModule Anowanikwa'.

Parizvino, uye kusvikira tajairana neyekugadziriswa kweLAM, isu tichaisiya ipapo.

Isu tinochengetedza shanduko uye tinodzoka kune yekutanga peji, kwatinofanira kunyora password yemushandisi arun (cn = admin, dc = shamwari, dc = cu), yakaziviswa panguva yekumisikidzwa kwe mbama. Kana iwe ukadzorera kukanganisa, tarisa kuti iyo /etc/ldap/ldap.conf yakanyatsogadziriswa pane server pachayo. Unogona kunge uine nzira isiriyo kune chitupa cheTLS kana imwe mhosho. Rangarira kuti rinofanira kutaridzika seichi:

BASE dc = shamwari, dc = cu URI ldap: //mildap.amigos.cu # zvitupa zveTLS (zvinodiwa kuGnuTLS) TLS_CACERT /etc/ssl/certs/cacert.pem

Tichingori mukati meLAM, isu tinofanirwa kushandisa imwe nguva tichidzidza KUSATI tachinja chero gadziriso. Yayo interface ine intuitive uye iri nyore kushandisa. Shandisa uye tarisa.

Kucherechedza: Mune iro gwaro http://mildap.amigos.cu/lam-docs/ch02s02.html#confTypicalScenarios, tinogona kuverenga kumagumo:

Yega LDAP dhairekitori ine vakawanda vashandisi (> 10 000)
LAM yakaedzwa kuti ishande nevashandisi zviuru gumi. Kana iwe uine yakawanda yakawanda vashandisi saka iwe une zvanyanya sarudzo mbiri.

  • Govanisa muti wako weLDAP muzvikamu zvesangano: Izvi zvinowanzo kuita sarudzo iri nani. Isa maakaunzi ako muzvikamu zvakati wandei zvehurongwa uye kumisikidza LAM senge mune yepamusoro mamiriro ari pamusoro.
  • Wedzera ndangariro muganho: Wedzerai memory_limit paramende mu php.ini yako. Izvi zvinobvumidza LAM kuverenga zvimwe zvinyorwa. Asi izvi zvinodzora nguva yekupindura yeLAM.

Ngativei Vakasikwa uye Vakarongeka muHurumende yeDhairekitori redu.

Pasiwedhi kuchengetedzwa kwemitemo, uye zvimwe zvinhu kuburikidza neLAM

  • Tinobaya pane iyi link «LAM kumisikidza».
  • Dzvanya pane iyi link "Gadzirisa zvirongwa zvese".
  • Isu tinonyora pasiwedhi 'The m' pasina makotesheni.

Uye pane iro peji tinowana iyo password Mapolisi, Zvekuchengetedza Zvido, Akabvumidzwa Mauto, nevamwe.

Cherechedza: Iyo yekumisikidza yeLAM inochengetwa mu /usr/share/ldap-account-manager/config/lam.conf.

Isu tinogonesa https kuti ibatanidze kune iyo LAM zvakachengeteka:

: ~ # a2ensite default-ssl
: ~ # a2enmod ssl
: ~ # /etc/init.d/apache2 kutangazve

Kana isu tichigonesa https nenzira yapfuura, isu tiri kushanda nezvitupa izvo Apache zvinogadzira nekukasira, uye zvinozviratidza mune dudziro yeiyo chaiyo inomiririra default-ssl. Kana tichida kushandisa zvimwe zvitupa zvinogadzirwa nesu, ndapota uye ngatibvunzei /usr/share/doc/apache2.2-common/README.Debian.gz. Zvitupa zviri kutaurwa zvinodaidzwa "Nyoka Mafuta" o Nyoka Mafuta, uye anowanikwa mu:

/etc/ssl/certs/ssl-cert-snakeoil.pem
/etc/ssl/private/ssl-cert-snakeoil.key

Ngatinongedzei browser ku https://mildap.amigos.cu, uye isu tinobvuma chitupa. Ipapo tinonongedzera https://mildap.amigos.cu/lam uye isu tinogona kutoshanda kuburikidza ne https iyo LAM.

Zvinokosha: kana panguva yekutanga kweseva maitiro, iyo exempt zvinotora nguva yakareba kutanga, kuisa chinoremedza chinotsiva ssmtp.

: ~ # kugona kuisa ssmtp
 Aya anotevera NEW mapakeji achaiswa: ssmtp {b} 0 akagadziridzwa mapakeji, 1 nyowani yakaiswa, 0 kubvisa uye 0 haina kuvandudzwa. Ini ndoda kurodha 52,7 kB yemafaira. Mushure mekuburitsa 8192 B kuchashandiswa.Ukutsamira kwemapakeji anotevera hakuna kugutsikana: exim4-config: Conflicts: ssmtp asi 2.64-4 ichaiswa. exim4-daemon-mwenje: Kunetsana: mail-yekufambisa-mumiririri inova iri package. ssmtp: Kukakavadzana: tsamba-yekufambisa-mumiririri inova iri package chaiyo. Aya anotevera matanho achagadzirisa kutsamira uku Bvisa anotevera mapakeji: 1) exim4 2) exim4-base 3) exim4-config 4) exim4-daemon-mwenje Unogamuchira mhinduro iyi here? [Y / n / q /?] Uye

Ipapo isu tinoita:

: ~ # aptitude purge ~ c: ~ # aptitude yakachena: ~ # aptitude autoclean: ~ # reboot

Kana iwe uchinge uchinge uchishanda nemaseva chaiwo, ino ingave iri nguva yakanaka yekuita yakanaka backup yekusevha huru ... zvingangoitika. 🙂

Kudzokorora. Sevha uye dzorera iyo Dhatabhesi dhatabhesi.

Muchirongwa chakanakisa -icho chatinokurudzira munhu wese kuti averenge nekudzidza- «Ubuntu Server Gwaro»Kubva kuUbuntu Server 12.04« Yakajeka », pane tsananguro yakadzama yezvikamu zvekodhi zvatakanyora nezve OpenLDAP uye chizvarwa cheTLS zvitupa, uye nekuwedzera, Dhairekodhi Kudzokorora, uye maitirwo eSave uye Kudzorera yedhatabhesi.

Nekudaro, heino maitiro ekudzoreredza rese dhatabhesi kana paitika njodzi.

Zvakanyanya kukosha:

Tinofanira kugara Tine faira rinotumirwa pedyo neLdap Account Manager sekuchengetedzwa kwedata redu. Ehezve, iyo faira cn = amigos.ldif inofanirwa kuenderana neyedu yekuisirwa. Isu tinogona zvakare kuiwana kuburikidza neslapcat rairo sezvatichaona gare gare.

1.- Isu tinobvisa iyo slapd yekumisikidza chete.

: ~ # kukodzera purge slpad

2.- Isu tinosuka iyo package system

: ~ # aptitude yekuisa -f: ~ # aptitude purge ~ c: ~ # aptitude yakachena: ~ # aptitude autoclean

3.- Tinobvisa zvachose Dhatabhesi dhatabhesi

: ~ # rm -r / var / lib / ldap / *

4.- Isu tinodzoreredza iyo slapd daemon uye zvinoenderana nazvo

: ~ # kugona kuisa slapd

5.- Tinotarisa

: ~ # ldapsearch -Q -LLL -Y Kunze -H ldapi: /// -b cn = config dn: ~ # ldapsearch -x -LLL -H ldap: /// -b dc = shamwari, dc = cu dn

6.- Wedzera iyo imwechete index faira olcDbIndex.ldif

: ~ # ldapmodify -YOKUNYANYA -H ldapi: /// -f ./olcDbIndex.ldif

7.- Isu tinoongorora akawedzera maindekisi

_

8.- Isu tinowedzera iwo iwo akafanana Kudzora Kudzora Rule

: ~ # ldapmodify -YOKUNYANYA -H ldapi: /// -f ./olcAccess.ldif

9.- Isu tinotarisa iyo Yekushandisa Kudzora Mitemo

: ~ # ldapsearch -Q -LLL -Y KUNYANYA -H ldapi: /// -b cn = config '(olcAccess = *)' olcAccess olcSuffix

10.- Isu tinowedzera maTSitifiketi. Hapana chikonzero chekuvaka zvakare kana kugadzirisa mvumo. Ivo vatove varipo mune yefaira system, asi havaziviswe mudhatabhesi.

: ~ # ldapmodify -YOKUNYANYA -H ldapi: /// -f /etc/ssl/certinfo.ldif

11.- Tinowedzera izvo zvirimo zvinoenderana neyedu backup

: ~ # ldapadd -x -D cn = admin, dc = shamwari, dc = cu -W -f dc = shamwari.ldif

Usatangise mbama nekuti iri kunongedza dhatabhesi uye inogona kukanganiswa !!! NGUVA dzose gadzirisa rako rekuchengetedza faira usati wawedzera iro, kuti usapinda izvo zviripo zvirimo.

Tinonongedza mubrowser ku https://mildap.amigos.cu/lam uye isu tinoongorora.

Iyo slapcat yekuraira

Kuraira slapcat Inonyanya kushandiswa kugadzira muODD fomati, zvirimo mudhatabhesi zvinobata iyo mbama. Iwo wekuraira unovhura dhatabhesi yakatemwa nenhamba yayo kana nechisimba, uye inonyora inoenderana faira muLDIF fomati pachiratidziri. Dhatabhesi dzakagadziriswa senge dziri pasi dzinooneswawo, kunze kwekunge taudza sarudzo -g.

Iyo yakanyanya kukosha kuremedzwa kwekushandisa kwemurairo uyu ndeyekuti haufanire kuitwa kana iyo mbama, zvirinani mumanyorero maitiro, kuve nechokwadi chekuenderana kwedata.

Semuenzaniso, kana isu tichida kugadzira backup kopi yeDhatabhesi dhatabhesi, kune faira rakanzi backup-slapd.ldif, tinoita:

: ~ # sevhisi slapd mira: ~ # slapcat -l backup-slapd.ldif: ~ # sevhisi slapd kutanga

LAM mifananidzo

lam-01

lam-02

lam-03

lam-04

lam-05

lam-06


Makomendi gumi, siya zvako

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   jose antonio akadaro

    Kubatsira kukuru, ndakaida, uye zvakare kuverenga kwakakurudzirwa.
    Akanga ave kutsvaga chinyorwa chakafanana pasina kubudirira kukuru.

    Ndinokupa gumi 😉

    1.    federico akadaro

      Ndatenda nekupindura uye kuongorora zvinyorwa zvangu !!!

  2.   ngatishandise linux akadaro

    Inonakidza! Zvekare, mupiro wakanaka, Fico!
    Kumbundirana! Paul.

    1.    federico akadaro

      Ndatenda zvikuru nemhinduro yako nekurumbidza, shamwari Pablo !!! Ndinovimba zvinobatsira kune avo vanozvida.

  3.   vidagnu akadaro

    Zvakanaka zvemukati! Ndatenda zvakare nekugovana.

    Reply with quote

    1.    federico akadaro

      Ndatenda nekutaura !!!

  4.   dhunter akadaro

    Homerun Fico !! Uye iyo pdf yepamutemo ichave yakagadzirira riini?

    1.    federico akadaro

      Kwazisai dhunter !!!. Fungidzira kuti pamusoro pekunge uine zvinyorwa zvinomwe zvakaburitswa parizvino, ini ndichasanganisira maitiro ekubatanidza iyo yekutanga mail server seyakavakirwa paCITADEL; FTP, SFTP masevhisi; Gore Rebhizinesi rakavakirwa paOnCloud; Standalone Samba server ine system vashandisi kuburikidza libnss-ldap uye PAM, zvichingodaro. Dhirina yako mhedziso. Ndinofunga kupera kwaKurume kana kutanga kwaKubvumbi.

      1.    guzmanweb akadaro

        Mhoro Federico, ndatenda nemupiro, tichave takautarisira. pamwe neyekuvandudza ..

        1.    federico akadaro

          Ndichaita nhanho yekuipedza kupera kwemwedzi uno. Hazvisi nyore zvachose kunyora bhuku kunyangwe ari mashoma mapeji.

  5.   nexus6 akadaro

    Ini ndinongogona kutaura ndevaya vanopa kune ino blog, iwe unoratidzika kwandiri kunge unonyanya kunakidza, wakatsanangurwa zvakanakisa uye wepedyo weVose.

    1.    federico akadaro

      Ndatenda zvikuru nekutarisa kwako. Muchinyorwa chega chega chandinonyora, ndinoita nepandinogona napo, nekuti ndinoziva kuti kune vanogara vachiverenga sewe, kunyangwe vazhinji vasingataure.
      Kwaziso Nexus6 !!!

  6.   Edgar akadaro

    Manheru akanaka, pese pandinobvunza kunetiweki nezve ldap ini ndinokuwana uchipa mazano, ayo andinokorokotedza nekuda kwechinangwa chako, ikozvino ndave mutsva pane izvi uye semunhu wese anoda kudzidza
    Uyu ndiwo mubvunzo
    Shamwari dzangu dzinondiudza kuti kana netiweki ikadamburwa, iyo sisitimu yekushandisa yatosimbiswa ne ldap inoshandura mutauro wangu kuChirungu kuti iwe undiudze nezve kwandinofanira kutarisa kuti ndeipi faira rekutarisa kuti iri muchiSpanish kuti mushandisi wangu atangiswazve kare akawedzera muLDAP pachine nguva nekuda kwekubatsira

  7.   petrop akadaro

    Federico akanakisa posvo senguva dzose. Ini ndanga ndichiverenga kuti iwe waive uchipindura pane chimwe chinhu chine hukama nePDF pamwe nekumisikidzwa kwakawanda kweterevhizheni masevhisi anoshandiswa mune bhizinesi network. Wati pakupera kwaKurume kana kutanga kwaKubvumbi wegore rapfuura inenge yagadzirira. Mubvunzo wangu ndewekuti kana panguva iyoyo wakakwanisa kuipedza nekuiisa? Kutenda pamberi, mukupedzisira ndichaenda kuyedza Openfire, ini ndinoona kuti ine kunyange newebhu webhu yeiyo 9090.

    1.    Federico A. Valdes Toujague akadaro

      Ndatenda nematauriro ako, Pedro Pablo. Panzvimbo pekukupindura zvakanyanya, ndakanyora chinyorwa iwe chaunoverenga nhasi kana mangwana. Vaverengi vanoonga senge iwe unokodzera mhinduro. Thanks zvekare.