Masiqhubeke, hhayi ngaphandle kokubonisana kuqala:
- Insiza Yezikhombisi ene-LDAP. Isingeniso.
- Insizakalo Yezikhombisi ene-LDAP [2]: i-NTP ne-dnsmasq.
- Insiza Yezikhombisi ene-LDAP [3]: Isc-DHCP-Server and Bind9.
- Insiza Yezikhombisi ene-LDAP [4]: I-OpenLDAP (I)
Kulokhu okuthunyelwe sizobona:
- Ukuqinisekiswa komsebenzisi wendawo
- Gcwalisa i-database
- Phatha i-database usebenzisa izinsiza ze-console
- Isifinyezo kuze kube manje ...
Ukuqinisekiswa komsebenzisi wendawo
Ngemuva kokuthi sisebenze i-OpenLDAP, uma sifuna ukuhlola noma ukuqinisekiswa kwasendaweni kwabasebenzisi ababhalisiwe -noma sizobhalisa- ku-Directory, kufanele sifake futhi silungiselele amaphakheji adingekayo.
Ekucingeni, amaphakheji abandakanyekile yile:
libnss-ldap: Inikezela Ngesevisi Yokushintshwa Kwegama (Ukushintshwa Kwensiza Yegama le-NSS) evumela iseva ye-LDAP ukuthi isebenze njengeseva yegama.
Kusho ukuhlinzeka ngolwazi olumayelana nama-Akhawunti Womsebenzisi, ama-ID eqembu, ulwazi mayelana nomsingathi, ama-Aliases, ama-NetGroups, futhi ngokuyisisekelo noma iyiphi enye idatha evame ukutholwa kumafayili wombhalo osobala njenge / njll / passwd, / njll / iqembu, njll, noma insizakalo I-NIS.
libpam-ldap: "Imodyuli Yokufakazela Ukuxhuma ye-LDAP", Noma i-Module WFP ye-LDAP. Inikeza isikhombimsebenzisi phakathi kweseva ye-LDAP nohlelo lokufakazela ubuqiniso ngokusebenzisa WFP.
nscd: "Igama Lensiza Yemibhalo Yehhovisi Daemon", Noma i-Daemon Ye-Name Service Cache. Iphatha ukuseshwa kwamaphasiwedi, amaqembu nabasingathi futhi igcina imiphumela yosesho kunqolobane ukuze isetshenziswe ngokuzayo.
: ~ # ukufaneleka ukufaka umunwe we-libnss-ldap
Ukufaka iphakheji libnss-ldap, ebuye ifake njengokuncika libpam-ldap vele usathane nscd, izosiyisa kuWizard Yokucushwa, okumele imibuzo yethu siyiphendule ngokufanele:
Uma sifuna ukulungisa kabusha amaphakheji libnss-ldap futhi / noma libpam-ldap, kufanele sikhiphe:
: ~ # dpkg-lungisa kabusha i-libnss-ldap : ~ # dpkg-lungisa kabusha i-libpam-ldap
Kamuva siguqula ifayela /etc/nsswitch.conf futhi sikushiya nokuqukethwe okulandelayo:
: ~ # nano /etc/nsswitch.conf # /etc/nsswitch.conf # # Isibonelo sokucushwa kokusebenza kwegama le-GNU Service Service # Uma unamaphakeji athi `glibc-doc-reference 'and` info', zama: #` info libc "Name Service switch" 'ukuthola ulwazi ngaleli fayela. i-passwd: i-compat ldap group: i-compat ldap shadow: i-compat ldap hosts: amafayela ama-dns amanethiwekhi: ama-protocols amafayela: amasevisi we-db services: amafayela we-db ethers: amafayela we-db rpc: amafayela we-db netgroup: nis
Okwezinguquko ezenziwe kufayela /etc/nsswitch.conf sisebenza, siqala kabusha insiza nscd:
: ~ # service nscd restart
Imininingwane ebalulekile ukuguqula ifayela /etc/pam.d/common-session ukuze kufakwe ifolda yomsebenzisi kuseva yendawo lapho ungena ngemvume kuyo, umsebenzisi obhaliswe ku-Directory:
: ~ # nano /etc/pam.d/common-session [----] isikhathi sidingeka pam_mkhomedir.so skel = / etc / skel / umask = 0022 ### Lo mugqa ongenhla kufanele ufakwe NGAPHAMBI KWAMA- # nanka amamojula ephakeji ngalinye (ibhulokhi "Eyinhloko") [----]
Gcwalisa i-database
Ukugcwalisa i-Database Directory noma ukuyiqala, kufanele sengeze ama-Units main Organisational, sibhalise okungenani i-User Group eyodwa, bese sengeza umsebenzisi. Ukwenza lokhu, sakha ifomethi ngefomethi ye-LDIF, esizoyengeza kamuva ku-Directory, ngokuqukethwe okulandelayo:
: ~ # nano okuqukethwe.ldif dn: ou = People, dc = abangane, dc = cu objectClass: organizationUnit ou: People dn: ou = Groups, dc = abangane, dc = cu objectClass: organisationalUnit ou: Amaqembu dn: cn = izindandatho, ou = Amaqembu, dc = abangane, dc = cu objectClass: posixGroup cn: rings gidNumber: 10000 dn: uid = frodo, ou = People, dc = abangane, dc = cu objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: frodo sn: Bagins givenName: Frodo cn : Frodo Bagins displayName: Frodo Bagins uidNumber: 10000 gidNumber: 10000 userPassword: frodo mail: frodo@amigos.cu gecos: Frodo Bagins loginShell: / bin / bash homeDirectory: / home / frodo
Sifaka okuqukethwe kwefayela ku-Directory:
: ~ # ldapadd -x -D cn = admin, dc = abangane, dc = cu -W -f okuqukethwe.ldif Faka iphasiwedi ye-LDAP: ukwengeza okufakiwe okusha "ou = People, dc = abangane, dc = cu" ukwengeza okufakiwe okusha "ou = Amaqembu, dc = abangani, dc = cu" ukungeza okufakiwe okusha "cn = izindandatho, ou = Amaqembu, dc = abangane, dc = cu "engeza ukungena okusha" uid = frodo, ou = People, dc = abangane, dc = cu "
Senza amasheke afanele:
: ~ # id frodo uid = 10000 (frodo) gid = 10000 (amasongo) amaqembu = 10000 (amasongo) : ~ # uthole ukudlula | grep frodo i-frodo: x: 10000: 10000: Frodo Bagins: / home / frodo: / bin / bas : ~ # umunwe frodo Login: frodo Name: Frodo Bagins Directory: / home / frodo Shell: / bin / bash Akukaze kungenwe ngemvume. Ayikho imeyili. Alikho icebo. : ~ # ldapsearch -YANGAPHANDLE -H ldapi: /// -b uid = frodo, ou = People, dc = abangane, dc = cu
Manje sine-Directory Service okufanele siyiphathe !!!. Sizokwakha izindlela ezimbili: eyokuqala ngephakeji imibhalo, kanti eyesibili, esizokhuluma ngayo esihlokweni esilandelayo, izokwenziwa ngoUmphathi we-Akhawunti ye-Ldap.
Kufanele futhi sithi iphakheji i-ldap-utils, inikeza uchungechunge lwemiyalo ewusizo yokuphatha i-Directory. Ukwazi ukuthi yini leyo miyalo, sisebenzisa:
: ~ # dpkg -L ldap-utils | grep / bin / usr / bin / usr / bin / ldapmodrdn / usr / bin / ldapurl / usr / bin / ldapdelete / usr / bin / ldapwhoami / usr / bin / ldapexop / usr / bin / ldappasswd / usr / bin / ldapcompare / usr / bin / ldapsearch / usr / bin / ldapmodify / usr / bin / ldapadd
Ukuze ufunde kabanzi ngomyalo ngamunye, sincoma ukuthi usebenze indoda. Ukunikeza incazelo ngayinye kungenza i-athikili ibe yinde kakhulu.
Phatha i-database usebenzisa izinsiza ze-console
Sikhetha iphakheji imibhalo ngomsebenzi onjalo. Inqubo yokufaka nokulungisa imi kanje:
: ~ # ukufaneleka ukufaka ama-ldapscript : ~ # cp /etc/ldapscripts/ldapscripts.conf \ /etc/ldapscripts/ldapscripts.conf. : ~ # cp / dev / null /etc/ldapscripts/ldapscript.conf : ~ # nano /etc/ldapscripts/ldapscripts.conf I-SERVER = i-localhost BINDDN = 'cn = admin, dc = abangane, dc = cu' BINDPWDFILE = "/ etc / ldapscripts / ldapscripts.passwd" SUFFIX = 'dc = abangane, dc = cu' GSUFFIX = 'ou = Amaqembu' USUFFIX = 'ou = People' # MSUFFIX = 'ou = Computers' GIDSTART = 10001 UIDSTART = 10001 # MIDSTART = 10000 # OpenLDAP client orders LDAPSEARCHBIN = "/ usr / bin / ldapsearch" LDAPADDBIN = "/ usr / bin / ldapadd" LDAPDELETEBIN = " / usr / bin / ldapdelete "LDAPMODIFYBIN =" / usr / bin / ldapmodify "LDAPMODRDNBIN =" / usr / bin / ldapmodrdn "LDAPPASSWDBIN =" / usr / bin / ldappasswd "GCLASS =" posixGroup "# ldapadduser.template "PASSWORDGEN =" echo% u " ### Qaphela ukuthi imibhalo isebenzisa imiyalo ye- ### ldap-utils package : ~ # sh -c "echo -n 'tupassowrd'> \ /etc/ldapscript/ldapscript.passwd" : ~ # chmod 400 /etc/ldapscript/ldapscript.passwd : ~ # cp /usr/share/doc/ldapscripts/examples/ldapadduser.template.sample \ /etc/ldapscripts/ldapadduser.template : ~ # nano /etc/ldapscripts/ldapadduser.template dn: uid = , , objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: sn: igama elinikeziwe: Bonisa igama: uid: inombolo: Inombolo ye-gid: Ikhaya Inkomba: ukungenaShell: imeyili: ogebhezi: incazelo: I-Akhawunti Yomsebenzisi : ~ # nano /etc/ldapscripts/ldapscripts.conf ## sisusa amazwana UTEMPLATE = "/ etc / ldapscripts / ldapadduser.template"
Ake sizame ukufaka umsebenzisi Strider Inkosi eqenjini lomsebenzisi izindandatho futhi ake sibheke imininingwane efakiwe:
: ~ # ldapadduser strings izindandatho [dn: uid = strides, ou = People, dc = abangane, dc = cu] Faka inani le- "sn": INkosi [dn: uid = strides, ou = People, dc = abangane, dc = cu] Faka inani le- "givenName": Strides [dn: uid = strides, ou = People, dc = abangane, dc = cu] Faka inani le- "displayName": Strides El Rey [dn: uid = strides, ou = People, dc = abangane, dc = cu] Faka inani le- "mail": trancos@amigos.cu Wengeze ngempumelelo ama-trancos womsebenzisi ku-LDAP Usethe ngempumelelo iphasiwedi yama-trancos womsebenzisi impande @ i-mildap: ~ # ldapfinger igxathu dn: uid = strides, ou = People, dc = abangane, dc = cu objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: strides sn: El Rey givenName: Strides displayName: Strides El Rey uid: strides uidNumber: 10002 gidNumber: 10000 ikhayaDirectory: / home / trancos loginShell: / bin / bash mail: trancos@amigos.cu gecos: trancos description: User Account userPassword :: e1NTSEF9UnlmcWxCem5iUzBuSzQzTkM3ZFRFcTUwV2VsVnBqRm8 =
Masimemezele iphasiwedi kumsebenzisi Frodo, ake sibhale uhlu lwe "DN”Yabasebenzisi ababhalisiwe, bese ususa umsebenzisi osanda kudalwa Abahlaseli:
: ~ # ldapsetpasswd amafodo Ukuguqula iphasiwedi yomsebenzisi uid = frodo, ou = People, dc = abangane, dc = cu Iphasiwedi entsha: Phinda uthayiphe iphasiwedi entsha: Setha ngempumelelo iphasiwedi yomsebenzisi uid = frodo, ou = People, dc = abangane, dc = cu : ~ # lsldap -u | grep dn dn: uid = frodo, ou = People, dc = abangane, dc = cu dn: uid = strides, ou = People, dc = abangane, dc = cu : ~ # ldapfinger frodo dn: uid = frodo, ou = People, dc = abangane, dc = cu objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: frodo sn: Bagins givenName: Frodo cn: Frodo Bagins displayName: Frodo Bagins uidNumber: 10000 gidNumber: 10000 mail : 1 mail: frodo@amigos.cu gecos: Frodo Bagins loginShell: / bin / bash homeDirectory: / home / frodo userPassword :: e9NTSEF4TnI3ZXN1YXA1VnplK1ZIZXZzFFKKWW5SVdWeUXNUMXoVjA = : ~ # ldapdeleteuser izinyathelo Ususe ngempumelelo umsebenzisi uid = amagxathu, ou = Abantu, dc = abangani, dc = cu kusuka ku-LDAP : ~ # lsldap -u | grep dn dn: uid = frodo, ou = Abantu, dc = abangane, dc = cu
Ake sihlole ukuthi ubuqiniso bendawo busebenza kahle yini:
: ~ # ssh frodo @ ubumnene iphasiwedi ka-frodo @ mildap: I-Linux mildap 2.6.32-5-686 # 1 SMP Fri Meyi 10 08: 33: 48 UTC 2013 i686 [---] I-Debian GNU / Linux iza ne-ABSOLUTELY NO WARRANTY, kuze kufike ezingeni elivunyelwe umthetho osebenzayo . Ukungena ngemvume kokugcina: Tue Feb 18 18:54:01 2014 from mildap.amigos.cu frodo @ mildap: ~ $ pwd / ikhaya / frodo i-frodo @ mildap: ~ $
Kunezibonelo eziningi esingazibhala, kodwa ngeshwa le ndatshana ingaba yinde kakhulu. Sihlala sithi siyanikela indawo yokungena ezindabeni zezinsizakalo ngokujwayelekile. Akunakwenzeka ukufaka esikhundleni semibhalo ebanzi kokuthunyelwe okukodwa.
Ukuze ufunde kabanzi ngephakheji imibhalo Ngiyacela, uthintane nemiyalo yayo umuntu ldapscript.
Kuze kube manje i-Simple Directory Service yethu esuselwa ku-OpenLDAP isebenza kahle.
Isifinyezo kuze kube manje ...
Abaphathi abaningi bezinsizakalo kumanethiwekhi webhizinisi, lapho bephatha eyodwa enezinsizakalo ezisuselwa kumikhiqizo ye-Microsoft, uma befuna ukuthuthela eLinux, babheka ukufuduka Kwabalawuli Bezizinda phakathi kwezinye izinsizakalo.
Uma bengakhethi umkhiqizo ovela eceleni onjenge-ClearOS noma i-Zentyal, noma uma ngezinye izizathu befuna ukuzimela, bathatha umsebenzi onzima wokuba yi-Domain Controller yabo, noma kwa-Samba 4 i-Active Directory yabo.
Bese izinkinga ziqala nokunye ukudumazeka. Amaphutha okusebenza. Abatholi indawo yezinkinga ukuthi bakwazi ukuzixazulula. Imizamo yokufaka ephindiwe. Ukusebenza okuncane kwezinsizakalo. Futhi uhlu olude lwezinkinga.
I-Base yanoma iyiphi i-Domain Controller noma i-Active Directory ku-Linux, ngokususelwa ku-OpenLDAP kanye ne-Samba, empeleni idlula olwazini oluyisisekelo lwe Yini iseva ye-LDAP, ifakwa kanjani, ilungiswa kanjani futhi iphethwe kanjani, njalo njalo?. Labo abafunde imibhalo ebanzi yeSamba, bazokwazi kahle ukuthi sisho ukuthini.
Ngokunembile ukuphendula lowo mbuzo sibhale lonke uchungechunge lwezihloko kuze kufike kulokhu, futhi sizoqhubeka nalezo ezidingekayo. Sithemba ukuthi ziwusizo kuwe.
Kuhle ukuthumela kwakho i-Fico, umbuzo, nge-OpenLDAP, kungakhiwa izinqubomgomo zesizinda? ukuzisebenzisa kubasebenzisi abaxhunyiwe, njengesilondolozi sesikrini esenziwe sasebenza ngemuva kwemizuzu engu-5 kungekho msebenzi, ukulungisa isithombe sangemuva, ukuvimbela izinhlelo ezithile ekusebenzeni, ukulungisa imibhalo yokuqalisa, njll.
Ukulawula,
oscar
Siyabonga ngokuphawula !!!. Oscar, khumbula ukuthi lezo zinqubomgomo, ku-Linux, zenziwa ngokuhlukile uma kukhulunywa ngamakhasimende we-Linux. I-GNOME iletha ithuluzi lokukufeza ukuthi manje angisalikhumbuli igama layo. Uma ngazi ukuthi singasungula izinqubomgomo ze-akhawunti yomsebenzisi ngqo ku-OpenLDAP. Abaningi bangibuza umbuzo ofanayo futhi ngihlala ngiphendula ngokufana noma ngokufana. Lezo zinqubomgomo zokuphepha zisebenza kuphela kumakhasimende e-Microsoft, HHAYI amaklayenti we-Linux. Angamafilosofi amabili ahlukene. I-Directory Esebenzayo uhlelo lokusebenza lobunikazi olususelwa ku-OpenLDAP, iKerberos yomuntu siqu evela eMicrosft kanye ne-Network Administrator, engingazi ukuthi bakubiza kanjani manje. Ngaphambi kwalokho, bekukuLan Manager. Asikwazi ukucabanga ukulingisa isiqondisi esisebenzayo kuphela nge-LDAP. Kuzofanele sihlanganise iSamba noma sisebenzise iSamba 4 ukubona ukuthi ingafinyelelwa. Futhi mngani wami, angikaze ngisho ngibheke iSamba 4. Angazi nokuthi iZentyal ene-Directory Esebenzayo ingazisebenzisa yini ... kepha leyo software akuyona i-OpenLDAP kuphela. I-OpenLDAP + Samba + Kerberos + ezinye izinto engingazazi kahle. This Kulolu chungechunge ngibhekana ne-OpenLDAP kuphela, futhi uma uyilandela uzobona ukuthi embhalweni engiwubhala kulo lonke lolu chungechunge, kanye nezinye izinsizakalo ezibalulekile, konke kusekelwe ekuqinisekisweni okuphikisana ne-OpenLDAP Directory.
Phendula ngokucaphuna