Inethiwekhi ye-SWL (III): I-Debian Wheezy kunye ne-ClearOS. Ukuqinisekiswa kwe-LDAP

Molweni zihlobo! Siza kwenza uthungelwano ngeekhompyuter ezininzi zedesktop, kodwa ngeli xesha ngeNkqubo yokusebenza kweDebian 7 "Wheezy". Njengomncedisi yena I-ClearOS. Njengedatha, masiqwalasele ukuba iprojekthi U-Debian-Edu Sebenzisa i-Debian kwiiseva zakho nakwiindawo zokusebenza. Kwaye le projekthi iyasifundisa kwaye yenza kube lula ukuseta isikolo esigqibeleleyo.

Kubalulekile ukuba ufunde ngaphambili:

• Intshayelelo yenethiwekhi eneSoftware yasimahla (I): Ukunikezelwa kwe-ClearOS

Siza kubona:

• Umzekelo womnatha
• Silungiselela umxhasi we-LDAP
• Iifayile zoqwalaselo zenziwe kunye / okanye zilungisiwe
• Ifayile /etc/ldap/ldap.conf

Umzekelo womnatha

• Umlawuli weDomain, iDNS, iDHCP, i-OpenLDAP, i-NTP: Cacisa ishishini 5.2sp1.
• Igama lomlawuli: iisenti
• Igama leNdawo: umhlobo.cu
• Umlawuli we-IP: 10.10.10.60
• ---------------
• Inguqulelo yeDebian: Nwabisa.
• Igama leqela: deb7
• Idilesi ye-IP: Sebenzisa i-DHCP
  

Silungiselela umxhasi we-LDAP

Kuya kufuneka sinedatha ye-OpenLDAP esezandleni, esiyifumana kunxibelelwano lwewebhu lwe-ClearOS kwi «Isalathiso »->« Indawo kunye ne-LDAP":

Isiseko se-LDAP DN: dc = abahlobo, dc = cu LDAP Bopha DN: cn = umphathi, cn = ngaphakathi, dc = abahlobo, dc = cu LDAP Bopha Iphasiwedi: kLGD + Mj + ZTWzkD8W

Sifaka iipakeji eziyimfuneko. Njengomsebenzisi Ingcambu senza:

ukufaneleka ukufaka i-libnss-ldap nscd ngomnwe

Qaphela ukuba imveliso yomyalelo odlulileyo ikwabandakanya iphakheji I-libpam-ldap. Ngexesha lenkqubo yokufaka baya kusibuza imibuzo eliqela, ekufuneka siyiphendule ngokuchanekileyo. Iimpendulo ziya kuba kwimeko yalo mzekelo:

Iseva ye-LDAP URI: ldap: //10.10.10.60
Igama elahlukileyo (DN) lesiseko sokukhangela: dc = abahlobo, dc = cu
Uhlobo lwe-LDAP oza kuyisebenzisa: 3
Iakhawunti ye-LDAP yengcambu: cn = umphathi, cn = ngaphakathi, dc = abahlobo, dc = cu
Iphasiwedi yengcambu ye-akhawunti ye-LDAP: I-kLGD + Mj + ZTWzkD8W

Ngoku ubhengeza ukuba ifayile /etc/nsswitch.conf ayilawulwa ngokuzenzekelayo, kwaye kufuneka siyiguqule ngesandla. Ngaba ufuna ukuvumela iakhawunti yomlawuli ye-LDAP ukuba iziphathe njengomlawuli wengingqi? Si
Ngaba umsebenzisi uyafuneka ukufikelela kwiziko ledatha le-LDAP? Hayi
Iakhawunti yomlawuli we-LDAP: cn = umphathi, cn = ngaphakathi, dc = abahlobo, dc = cu
Iphasiwedi yengcambu ye-akhawunti ye-LDAP: I-kLGD + Mj + ZTWzkD8W

Ukuba asilunganga kwiimpendulo zangaphambili, sisebenzisa njengomsebenzisi Ingcambu:

dpkg-phinda uqwalasele i-libnss-ldap
dpkg-phinda uqwalasele i-libpam-ldap

Kwaye siphendula ngokwaneleyo imibuzo efanayo ebuzwe ngaphambili, kongezwa kuphela umbuzo:

I-encryption algorithm yasekhaya oyisebenzisela iipassword: Md5

Ojo xa uphendula kuba ixabiso elisisiseko esinikwe lona ngu Ukukhala, kwaye kufuneka sibhengeze ukuba kunjalo Md5. Ikwasibonisa isikrini kwimowudi yeconsole ngesiphumo somyalelo Uhlaziyo lwe-pam-Author yenziwe njenge Ingcambu, ekufuneka siyamkele.

Silungisa ifayile /etc/nsswitch.conf, kwaye siyishiya nomxholo olandelayo:

# /etc/nsswitch.conf # # Umzekelo woqwalaselo lwegama le-GNU Service Service switch. # Ukuba une-glibc-doc-reference 'kunye` info' package efakiweyo, zama: # `info info libc" Name Service Switch "'ngolwazi malunga nale fayile. kudlula:         ikhomputha ldap
iqela:          ikhomputha ldap
isithunzi:         ikhomputha ldap

Imikhosi: iifayile mdns4_minimal [NOTFOUND = buyela] dns mdns4 iinethiwekhi: iifayile zeprotocol: iifayile zeefayile ze-db: iifayile ze-db ethers: iifayile ze-db rpc: iifayile ze-db iqela lesikhuselo: nis

Silungisa ifayile /etc/pam.d/indlela eqhelekileyo ukwenza ngokuzenzekelayo iifolda zomsebenzisi xa ungena ukuba azikho:

[----]
Iseshoni efunekayo pam_mkhomedir.so skel = / etc / skel / umask = 0022

### Lo mgca ungasentla kufuneka ubandakanywe NGAPHAMBI
# nazi iimodyuli zephakeji nganye (ibhloko "yaseprayimari" [----]

Sisebenzisa ikhonsoli njengomsebenzisi Ingcambu, Ukujonga nje, Uhlaziyo lwe-pam-Author:

Siqala inkonzo kwakhona nscd, kwaye siyajonga:

: ~ # qala kwakhona inkonzo ye-nscd
[ok] Ukuqalisa kwakhona igama leNkonzo efihlakeleyo yeDemon: nscd. : ~ # ukuhamba ngomnwe
Ukungena: ukuhamba ngegama: Ukuhamba kwe-Re Re Directory: / ekhaya / ukuhamba kweShell: / bin / bash Ungaze ungene. Akukho meyile. Akukho siCwangciso. : ~ # Ukufumana amanyathelo okudlula
Imizila: x: 1006: 63000: Ukuhamba nge-El Rey: / ekhaya / kumanqwanqwa: / bin / bash: ~ # ndifumene i-legolas
iilegolas: x: 1004: 63000: iLegolas Elf: / ikhaya / iigololas: / bin / bash

Sitshintsha umgaqo-nkqubo wokudibanisa kwakhona kunye neseva ye-OpenLDAP.

Sihlela njengomsebenzisi Ingcambu kwaye ngononophelo olukhulu, ifayile /etc/libnss-ldap.conf. Sijonge igama elithi «nzima«. Sisusa amagqabantshintshi emgceni #bopha_umgaqo onzima kwaye siyishiya ngoluhlobo: bind_policy ithambile.

Utshintsho olufanayo olukhankanyiweyo ngaphambili, silwenza kwifayile /etc/pam_ldap.conf.

Olu hlengahlengiso lungentla luphelisa imiyalezo emininzi enxulumene ne-LDAP ngexesha lokuqalisa kwaye kwangaxeshanye uyihlengahlengise (inkqubo yokuqalisa).

Siyiqala kwakhona i-Wheezy yethu kuba utshintsho olwenziwe lubalulekile:

: ~ # qalisa kwakhona

Emva kokuqalisa kwakhona, sinokungena kunye nawuphi na umsebenzisi obhaliswe kwi-OpenOS OpenLDAP.

Sincoma oku kulandelayo kuyenziwa:

• Yenza abasebenzisi bangaphandle babe lilungu lamaqela afanayo nalawo omsebenzisi wasekhaya owenziwe ngexesha lokufakwa kweDebian yethu.
• Sebenzisa umyalelo i-visudo, yenziwe njenge Ingcambu, Nika imvume yokusebenza efanelekileyo kubasebenzisi bangaphandle.
• Yenza ibhukumaka enedilesi https://centos.amigos.cu:81/?user en iceweasel, ukufikelela kwiphepha lakho kwi-ClearOS, apho sinokutshintsha khona iphasiwedi.
• Faka i-OpenSSH-Server -ukuba ayikhethwanga xa ufaka inkqubo- ukuze ukwazi ukufikelela kwi-Debian yethu kwenye ikhompyutha.

Iifayile zoqwalaselo zenziwe kunye / okanye zilungisiwe

Isihloko se-LDAP sifuna ukufunda okuninzi, umonde kunye namava. Eyokugqibela andinayo. Siyaleza ngamandla ukuba iipakeji I-libnss-ldap y I-libpam-ldapKwimeko yenguqulelo yesandla ebangela ungqinisiso luyeke ukusebenza, baphinde balungiswa ngokuchanekileyo besebenzisa umyalelo Uqwalaselo kwakhona lwe-dpkg, Eveliswa yi I-DEBCONF.

Iifayile zoqwalaselo ezinxulumene noko zezi:

• /etc/libnss-ldap.conf
• /etc/libnss-ldap.secret
• /etc/pam_ldap.conf
• /etc/pam_ldap.secret
• /etc/nsswitch.conf
• /etc/pam.d/indlela eziqhelekileyo

Ifayile /etc/ldap/ldap.conf

Asikayichukumisi le fayile okwangoku. Nangona kunjalo, ubunyani busebenza ngokuchanekileyo ngenxa yoqwalaselo lweefayile ezidweliswe apha ngasentla kunye noqwalaselo lwePAM oluveliswe Uhlaziyo lwe-pam-Author. Nangona kunjalo, kufuneka siyiqwalasele ngokufanelekileyo. Kwenza kube lula ukusebenzisa imiyalelo efana ukuhla, ebonelelwe yiphakheji ldap-izixhobo. Uqwalaselo oluncinci luya kuba:

BASE dc = abahlobo, dc = cu URI ldap: //10.10.10.60 SIZELIMIT 12 TIMELIMIT 15 DEREF soze

Singajonga ukuba ngaba iseva ye-OpenLDAP ye-ClearOS isebenza ngokuchanekileyo, ukuba senza ikhonsoli:

ldapsearch -d 5 -L "(objectclass = *)"

Iziphumo zomyalelo zininzi. 🙂

Ndiyamthanda uDebian! Kwaye umsebenzi uphelile namhlanje, Abahlobo !!!