Inethiwekhi ye-SWL (III): I-Debian Wheezy ne-ClearOS. Ukuqinisekiswa kwe-LDAP

Sanibonani zihlobo !. Sizokwenza inethiwekhi enamakhompyutha amaningi wedeskithophu, kepha kulokhu nohlelo olusebenzayo lwe-Debian 7 "Wheezy". Njengeseva yena Sula i-ClearOS. Njengedatha, ake siqaphele ukuthi iphrojekthi UDebian-Edu sebenzisa i-Debian kumaseva akho nasezindaweni zokusebenza. Futhi leyo phrojekthi isifundisa futhi yenza kube lula ukusetha isikole esiphelele.

Kubalulekile ukufunda ngaphambili:

• Isingeniso kuNethiwekhi eneSoftware yamahhala (I): Ukwethulwa kwe-ClearOS

Sizobona:

• Isibonelo senethiwekhi
• Silungiselela iklayenti le-LDAP
• Amafayela wokuhlela adaliwe futhi / noma aguquliwe
• Ifayela le /etc/ldap/ldap.conf

Isibonelo senethiwekhi

• Isilawuli Sesizinda, i-DNS, i-DHCP, i-OpenLDAP, i-NTP: I-ClearOS Enterprise 5.2sp1.
• Igama Lesilawuli: centos
• Igama Lesizinda: abangani.cu
• Isilawuli IP: 10.10.10.60
• ---------------
• Uhlobo lwe-Debian: wheezy.
• Igama leqembu: phuzekhemisi
• Ikheli le-IP: Kusetshenziswa i-DHCP
  

Silungiselela iklayenti le-LDAP

Kufanele sibe nedatha yeseva ye-OpenLDAP esandleni, esiyithola kusixhumi esibonakalayo se-ClearOS web interface ku- «Uhla lwemibhalo »->« Isizinda ne-LDAP":

I-LDAP Base DN: dc = abangane, dc = cu LDAP Bind DN: cn = umphathi, cn = ngaphakathi, dc = abangani, dc = cu LDAP Bopha Iphasiwedi: kLGD + Mj + ZTWzkD8W

Sifaka amaphakheji adingekayo. Njengomsebenzisi izimpande sikhipha:

ukufaneleka ukufaka umunwe we-libnss-ldap nscd

Qaphela ukuthi ukukhishwa komyalo wangaphambilini kufaka ne-package libpam-ldap. Ngesikhathi senqubo yokufaka bazosibuza imibuzo eminingana, okumele siyiphendule kahle. Izimpendulo zingaba kulesi sibonelo:

I-URD yeseva ye-LDAP: ldap: //10.10.10.60
Igama elivelele (DN) lesisekelo sosesho: dc = abangani, dc = cu
Uhlobo lwe-LDAP oluzosetshenziswa: 3
I-akhawunti ye-LDAP yempande: cn = umphathi, cn = ngaphakathi, dc = abangani, dc = cu
Iphasiwedi ye-akhawunti ye-LDAP eyimpande: I-kLGD + Mj + ZTWzkD8W

Manje umemezela ukuthi ifayela /etc/nsswitch.conf ayiphathwa ngokuzenzakalela, nokuthi kufanele siyiguqule ngokwenza. Ngabe ufuna ukuvumela i-akhawunti yomlawuli we-LDAP ukuthi iziphathe njengomphathi wendawo?: Si
Ngabe umsebenzisi uyadingeka ukufinyelela ku-database ye-LDAP?: Cha
I-akhawunti yomlawuli we-LDAP: cn = umphathi, cn = ngaphakathi, dc = abangani, dc = cu
Iphasiwedi ye-akhawunti ye-LDAP eyimpande: I-kLGD + Mj + ZTWzkD8W

Uma sinamaphutha kuzimpendulo ezedlule, sisebenzisa njengomsebenzisi izimpande:

dpkg-lungisa kabusha i-libnss-ldap
dpkg-lungisa kabusha i-libpam-ldap

Futhi siphendula ngokwanele imibuzo efanayo ebuzwe ngaphambili, ngokungezwa kuphela kombuzo:

Ukubethela kwe-algorithm kwasendaweni okusetshenziselwa amaphasiwedi Md5

Ojo lapho uphendula ngoba inani elizenzakalelayo esinikezwe lona ngu Crypt, futhi kufanele simemezele ukuthi kunjalo Md5. Iphinde isibonise isikrini kumodi ye-console ngokukhishwa komyalo pam-auth-buyekeza kwenziwe njenge- izimpande, okufanele siyamukele.

Siguqula ifayela /etc/nsswitch.conf, futhi sikushiya nokuqukethwe okulandelayo:

# /etc/nsswitch.conf # # Isibonelo sokucushwa kokusebenza kwe-GNU Name Service Shintsha. # Uma unamaphakeji athi `glibc-doc-reference 'and` info', zama: #` info libc "Name Service switch" 'ukuthola ulwazi ngaleli fayela. passwd:         i-compat ldap
iqembu:          i-compat ldap
isithunzi:         i-compat ldap

izingosi: amafayela mdns4_minimal [NOTFOUND = buyela] dns mdns4 amanethiwekhi: amafayela ama-protocols: db amafayela services: db files ethers: db files rpc: db files netgroup: nis

Siguqula ifayela /etc/pam.d/common-session ukudala ngokuzenzakalela amafolda womsebenzisi lapho ungena ngemvume uma kwenzeka engekho:

[----]
isikhathi sidingeka pam_mkhomedir.so skel = / etc / skel / umask = 0022

### Umugqa ongenhla kufanele ufakwe NGAPHAMBI
# nanka amamojula ephakeji ngalinye (ibhulokhi "Eyinhloko") [----]

Sisebenzisa ikhonsoli njengomsebenzisi izimpande, Ukuhlola nje, pam-auth-buyekeza:

Siqala kabusha insiza nscd, futhi siyahlola:

: ~ # qala kabusha insiza nscd
[ok] Ukuqalisa kabusha igama lesevisi yenqolobane yegama: nscd. : ~ # ukunyakaza komunwe
Login: strides Name: Strides El Rey Directory: / home / strides Shell: / bin / bash Ungakaze ungene ngemvume. Ayikho imeyili. Alikho icebo. : ~ # intuthuko yokudlula
Iziteleka: x: 1006: 63000: Iziteleka El Rey: / home / strides: / bin / bash: ~ # uthole ukudlula kwama-legolas
i-legolas: x: 1004: 63000: I-Legolas I-Elf: / ikhaya / i-legolas: / bin / bash

Siguqula inqubomgomo yokuxhuma kabusha neseva ye-OpenLDAP.

Sihlela njengomsebenzisi izimpande futhi ngokucophelela, ifayela /etc/libnss-ldap.conf. Sibheke igama elithi «Kanzima«. Sisusa ukuphawula kulayini # bopha_umgomo kanzima futhi sikushiya kanjena: bind_policy ithambile.

Ushintsho olufanayo olushiwo ngaphambili, silwenza kufayela /etc/pam_ldap.conf.

Ukuguqulwa okungenhla kususa imilayezo eminingi ehlobene ne-LDAP ngesikhathi sokuqalisa futhi ngasikhathi sinye kuyenze isheshe (inqubo yokuqalisa).

Siqala kabusha i-Wheezy yethu ngoba ushintsho olwenziwe lubalulekile:

: ~ # qala kabusha

Ngemuva kokuqalisa kabusha, singangena ngemvume nganoma imuphi umsebenzisi obhaliswe ku-ClearOS OpenLDAP.

Sincoma bese kuthi lokhu okulandelayo kwenziwe:

• Yenza abasebenzisi bangaphandle babe yilungu lamaqembu afanayo nomsebenzisi wendawo owadalwa ngesikhathi sokufakwa kwe-Debian yethu.
• Usebenzisa umyalo ngithanda, kwenziwa njenge- izimpande, unikeze izimvume zokusebenza ezidingekayo kubasebenzisi bangaphandle.
• Dala ibhukumaka enekheli https://centos.amigos.cu:81/?user en I-Iceweasel, ukufinyelela ikhasi lomuntu siqu ku-ClearOS, lapho singashintsha khona iphasiwedi yethu.
• Faka i-OpenSSH-Server - uma ingakhethwanga lapho ufaka uhlelo- ukuze ukwazi ukufinyelela i-Debian yethu kusuka kwenye ikhompyutha.

Amafayela wokuhlela adaliwe futhi / noma aguquliwe

Isihloko se-LDAP sidinga ukutadisha okuningi, ukubekezela nolwazi. Eyokugcina anginayo. Sincoma kakhulu ukuthi amaphakheji libnss-ldap y libpam-ldap, esimweni sokuguqulwa mathupha okwenza ukuthi ukufakazela ubuqiniso kuyeke ukusebenza, kufanele ulungiswe kabusha kahle usebenzisa umyalo ukulungisa kabusha i-dpkg, okwenziwa yi- I-DEBCONF.

Amafayela wokumisa ahlobene yilena:

• /etc/libnss-ldap.conf
• /etc/libnss-ldap.secret
• /etc/pam_ldap.conf
• /etc/pam_ldap.secret
• /etc/nsswitch.conf
• /etc/pam.d/common-sessions

Ifayela le /etc/ldap/ldap.conf

Asikalithinti leli fayela okwamanje. Kodwa-ke, ukufakazela ubuqiniso kusebenza kahle ngenxa yokulungiswa kwamafayela abhalwe ngaphezulu kanye nokucushwa kwe-PAM okwenziwe yi- pam-auth-buyekeza. Noma kunjalo, kufanele futhi siyilungiselele kahle. Kwenza kube lula ukusebenzisa imiyalo efana ne- ldapsearch, enikezwe yiphakheji i-ldap-utils. Ukucushwa okuncane kungaba:

BASE dc = abangane, dc = cu URI ldap: //10.10.10.60 SIZELIMIT 12 TIMELIMIT 15 DEREF never

Singabheka ukuthi ngabe iseva ye-OpenLDAP ye-ClearOS isebenza kahle, uma senza kukhonsoli:

i-ldapsearch -d 5 -L "(objectclass = *)"

Umphumela womyalo uyathandeka. 🙂

Ngiyamthanda uDebian! Futhi umsebenzi uphelile wanamuhla, Abangane !!!