Sanibonani zihlobo !. Sizokwenza inethiwekhi enamakhompyutha amaningi wedeskithophu, kepha kulokhu nohlelo olusebenzayo lwe-Debian 7 "Wheezy". Njengeseva yena Sula i-ClearOS. Njengedatha, ake siqaphele ukuthi iphrojekthi UDebian-Edu sebenzisa i-Debian kumaseva akho nasezindaweni zokusebenza. Futhi leyo phrojekthi isifundisa futhi yenza kube lula ukusetha isikole esiphelele.
Kubalulekile ukufunda ngaphambili:
- Isingeniso kuNethiwekhi eneSoftware yamahhala (I): Ukwethulwa kwe-ClearOS
Sizobona:
- Isibonelo senethiwekhi
- Silungiselela iklayenti le-LDAP
- Amafayela wokuhlela adaliwe futhi / noma aguquliwe
- Ifayela le /etc/ldap/ldap.conf
Isibonelo senethiwekhi
- Isilawuli Sesizinda, i-DNS, i-DHCP, i-OpenLDAP, i-NTP: I-ClearOS Enterprise 5.2sp1.
- Igama Lesilawuli: centos
- Igama Lesizinda: abangani.cu
- Isilawuli IP: 10.10.10.60
- ---------------
- Uhlobo lwe-Debian: wheezy.
- Igama leqembu: phuzekhemisi
- Ikheli le-IP: Kusetshenziswa i-DHCP
Silungiselela iklayenti le-LDAP
Kufanele sibe nedatha yeseva ye-OpenLDAP esandleni, esiyithola kusixhumi esibonakalayo se-ClearOS web interface ku- «Uhla lwemibhalo »->« Isizinda ne-LDAP":
I-LDAP Base DN: dc = abangane, dc = cu LDAP Bind DN: cn = umphathi, cn = ngaphakathi, dc = abangani, dc = cu LDAP Bopha Iphasiwedi: kLGD + Mj + ZTWzkD8W
Sifaka amaphakheji adingekayo. Njengomsebenzisi izimpande sikhipha:
ukufaneleka ukufaka umunwe we-libnss-ldap nscd
Qaphela ukuthi ukukhishwa komyalo wangaphambilini kufaka ne-package libpam-ldap. Ngesikhathi senqubo yokufaka bazosibuza imibuzo eminingana, okumele siyiphendule kahle. Izimpendulo zingaba kulesi sibonelo:
I-URD yeseva ye-LDAP: ldap: //10.10.10.60 Igama elivelele (DN) lesisekelo sosesho: dc = abangani, dc = cu Uhlobo lwe-LDAP oluzosetshenziswa: 3 I-akhawunti ye-LDAP yempande: cn = umphathi, cn = ngaphakathi, dc = abangani, dc = cu Iphasiwedi ye-akhawunti ye-LDAP eyimpande: I-kLGD + Mj + ZTWzkD8W Manje umemezela ukuthi ifayela /etc/nsswitch.conf ayiphathwa ngokuzenzakalela, nokuthi kufanele siyiguqule ngokwenza. Ngabe ufuna ukuvumela i-akhawunti yomlawuli we-LDAP ukuthi iziphathe njengomphathi wendawo?: Si Ngabe umsebenzisi uyadingeka ukufinyelela ku-database ye-LDAP?: Cha I-akhawunti yomlawuli we-LDAP: cn = umphathi, cn = ngaphakathi, dc = abangani, dc = cu Iphasiwedi ye-akhawunti ye-LDAP eyimpande: I-kLGD + Mj + ZTWzkD8W
Uma sinamaphutha kuzimpendulo ezedlule, sisebenzisa njengomsebenzisi izimpande:
dpkg-lungisa kabusha i-libnss-ldap dpkg-lungisa kabusha i-libpam-ldap
Futhi siphendula ngokwanele imibuzo efanayo ebuzwe ngaphambili, ngokungezwa kuphela kombuzo:
Ukubethela kwe-algorithm kwasendaweni okusetshenziselwa amaphasiwedi Md5
Ojo lapho uphendula ngoba inani elizenzakalelayo esinikezwe lona ngu Crypt, futhi kufanele simemezele ukuthi kunjalo Md5. Iphinde isibonise isikrini kumodi ye-console ngokukhishwa komyalo pam-auth-buyekeza kwenziwe njenge- izimpande, okufanele siyamukele.
Siguqula ifayela /etc/nsswitch.conf, futhi sikushiya nokuqukethwe okulandelayo:
# /etc/nsswitch.conf # # Isibonelo sokucushwa kokusebenza kwe-GNU Name Service Shintsha. # Uma unamaphakeji athi `glibc-doc-reference 'and` info', zama: #` info libc "Name Service switch" 'ukuthola ulwazi ngaleli fayela. passwd: i-compat ldap iqembu: i-compat ldap isithunzi: i-compat ldap izingosi: amafayela mdns4_minimal [NOTFOUND = buyela] dns mdns4 amanethiwekhi: amafayela ama-protocols: db amafayela services: db files ethers: db files rpc: db files netgroup: nis
Siguqula ifayela /etc/pam.d/common-session ukudala ngokuzenzakalela amafolda womsebenzisi lapho ungena ngemvume uma kwenzeka engekho:
[----] isikhathi sidingeka pam_mkhomedir.so skel = / etc / skel / umask = 0022 ### Umugqa ongenhla kufanele ufakwe NGAPHAMBI # nanka amamojula ephakeji ngalinye (ibhulokhi "Eyinhloko") [----]
Sisebenzisa ikhonsoli njengomsebenzisi izimpande, Ukuhlola nje, pam-auth-buyekeza:
Siqala kabusha insiza nscd, futhi siyahlola:
: ~ # qala kabusha insiza nscd [ok] Ukuqalisa kabusha igama lesevisi yenqolobane yegama: nscd. : ~ # ukunyakaza komunwe Login: strides Name: Strides El Rey Directory: / home / strides Shell: / bin / bash Ungakaze ungene ngemvume. Ayikho imeyili. Alikho icebo. : ~ # intuthuko yokudlula Iziteleka: x: 1006: 63000: Iziteleka El Rey: / home / strides: / bin / bash: ~ # uthole ukudlula kwama-legolas i-legolas: x: 1004: 63000: I-Legolas I-Elf: / ikhaya / i-legolas: / bin / bash
Siguqula inqubomgomo yokuxhuma kabusha neseva ye-OpenLDAP.
Sihlela njengomsebenzisi izimpande futhi ngokucophelela, ifayela /etc/libnss-ldap.conf. Sibheke igama elithi «Kanzima«. Sisusa ukuphawula kulayini # bopha_umgomo kanzima futhi sikushiya kanjena: bind_policy ithambile.
Ushintsho olufanayo olushiwo ngaphambili, silwenza kufayela /etc/pam_ldap.conf.
Ukuguqulwa okungenhla kususa imilayezo eminingi ehlobene ne-LDAP ngesikhathi sokuqalisa futhi ngasikhathi sinye kuyenze isheshe (inqubo yokuqalisa).
Siqala kabusha i-Wheezy yethu ngoba ushintsho olwenziwe lubalulekile:
: ~ # qala kabusha
Ngemuva kokuqalisa kabusha, singangena ngemvume nganoma imuphi umsebenzisi obhaliswe ku-ClearOS OpenLDAP.
Sincoma bese kuthi lokhu okulandelayo kwenziwe:
- Yenza abasebenzisi bangaphandle babe yilungu lamaqembu afanayo nomsebenzisi wendawo owadalwa ngesikhathi sokufakwa kwe-Debian yethu.
- Usebenzisa umyalo ngithanda, kwenziwa njenge- izimpande, unikeze izimvume zokusebenza ezidingekayo kubasebenzisi bangaphandle.
- Dala ibhukumaka enekheli https://centos.amigos.cu:81/?user en I-Iceweasel, ukufinyelela ikhasi lomuntu siqu ku-ClearOS, lapho singashintsha khona iphasiwedi yethu.
- Faka i-OpenSSH-Server - uma ingakhethwanga lapho ufaka uhlelo- ukuze ukwazi ukufinyelela i-Debian yethu kusuka kwenye ikhompyutha.
Amafayela wokuhlela adaliwe futhi / noma aguquliwe
Isihloko se-LDAP sidinga ukutadisha okuningi, ukubekezela nolwazi. Eyokugcina anginayo. Sincoma kakhulu ukuthi amaphakheji libnss-ldap y libpam-ldap, esimweni sokuguqulwa mathupha okwenza ukuthi ukufakazela ubuqiniso kuyeke ukusebenza, kufanele ulungiswe kabusha kahle usebenzisa umyalo ukulungisa kabusha i-dpkg, okwenziwa yi- I-DEBCONF.
Amafayela wokumisa ahlobene yilena:
- /etc/libnss-ldap.conf
- /etc/libnss-ldap.secret
- /etc/pam_ldap.conf
- /etc/pam_ldap.secret
- /etc/nsswitch.conf
- /etc/pam.d/common-sessions
Ifayela le /etc/ldap/ldap.conf
Asikalithinti leli fayela okwamanje. Kodwa-ke, ukufakazela ubuqiniso kusebenza kahle ngenxa yokulungiswa kwamafayela abhalwe ngaphezulu kanye nokucushwa kwe-PAM okwenziwe yi- pam-auth-buyekeza. Noma kunjalo, kufanele futhi siyilungiselele kahle. Kwenza kube lula ukusebenzisa imiyalo efana ne- ldapsearch, enikezwe yiphakheji i-ldap-utils. Ukucushwa okuncane kungaba:
BASE dc = abangane, dc = cu URI ldap: //10.10.10.60 SIZELIMIT 12 TIMELIMIT 15 DEREF never
Singabheka ukuthi ngabe iseva ye-OpenLDAP ye-ClearOS isebenza kahle, uma senza kukhonsoli:
i-ldapsearch -d 5 -L "(objectclass = *)"
Umphumela womyalo uyathandeka. 🙂
Ngiyamthanda uDebian! Futhi umsebenzi uphelile wanamuhla, Abangane !!!
I-athikili enhle kakhulu, qondisa ekhabetheni lami lamathiphu
Siyabonga ngokuphawula u-Elav… uphethiloli omningi 🙂 bese ulinda olandelayo ozama ukugunyaza usebenzisa i-sssd ngokumelene ne-OpenLDAP.
Ngiyabonga kakhulu ngokwabelana, ngilindele okunye ukulethwa 😀
Siyabonga ngokuphawula !!!. Kubukeka sengathi i-inertia yengqondo yokuqinisekisa ngokumelene nesizinda seMicrosoft inamandla. Ngakho-ke imibono embalwa. Kungakho ngibhala ngezinye izindlela zamaqiniso eziyiqiniso. Uma uyibuka kahle, kulula ukuyisebenzisa. Ukucabanga okuncane ekuqaleni. Kepha lutho.