반응형
OpenLDAP 설치 및 구성
OpenLDAP 설치
yum install -y compat-openldap openldap openldap-servers openldap-clients
$ yum install -y compat-openldap openldap openldap-servers openldap-clients openldap-servers-sql openldap-devel
OpenLDAP 데이터베이스 설정
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap. /var/lib/ldap/DB_CONFIG
$ cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
$ chown ldap. /var/lib/ldap/DB_CONFIG
systemctl --now enable slapd.service
$ systemctl --now enable slapd.service
$ systemctl status slapd.service
● slapd.service - OpenLDAP Server Daemon
Loaded: loaded (/usr/lib/systemd/system/slapd.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2021-06-11 16:23:18 KST; 22min ago
Docs: man:slapd
man:slapd-config
man:slapd-hdb
man:slapd-mdb
file:///usr/share/doc/openldap-servers/guide.html
Process: 7786 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0/SUCCESS)
Process: 7757 ExecStartPre=/usr/libexec/openldap/check-config.sh (code=exited, status=0/SUCCESS)
Main PID: 7789 (slapd)
CGroup: /system.slice/slapd.service
└─7789 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:///
$ netstat -nlp | grep 389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 23999/slapd
tcp6 0 0 :::389 :::* LISTEN 23999/slapd
$ ps -ef | grep -v grep | grep slapd
ldap 23999 1 0 11:29 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:///
OpenLDAP 구성
OpenLDAP 루트 사용자 비밀번호 설정
$ slappasswd -h {SSHA} -s ldappassword1!
{SSHA}TuXt7LyRbmpzacWE4jjjdi8zUQNEcNYz
chrootpw.ldif 파일 생성
cat <<EOF > chrootpw.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}TuXt7LyRbmpzacWE4jjjdi8zUQNEcNYz
EOF
$ ldapmodify -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
--output--
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={0}config,cn=config"
LDAP 스키마(cosine.ldif, nis.ldif, inetorgperson.ldif) 추가
$ ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
$ ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
$ ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
chdomain.ldif 파일 생성
cat <<EOF > chdomain.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
read by dn.base="cn=Manager,dc=4wxyz,dc=com" read by * none
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=4wxyz,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=4wxyz,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}TuXt7LyRbmpzacWE4jjjdi8zUQNEcNYz
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn="cn=Manager,dc=4wxyz,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=4wxyz,dc=com" write by * read
EOF
$ ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
--output--
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}monitor,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
basedomain.ldif 파일 생성
cat <<EOF > basedomain.ldif
dn: dc=4wxyz,dc=com
o: 4wxyz
dc: 4wxyz
objectClass: top
objectClass: dcObject
objectclass: organization
dn: cn=Manager,dc=4wxyz,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=People,dc=4wxyz,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=4wxyz,dc=com
objectClass: organizationalUnit
ou: Group
EOF
$ ldapadd -x -D cn=Manager,dc=4wxyz,dc=com -W -f basedomain.ldif
useradd.ldif 파일 생성
cat <<EOF > useradd.ldif
dn: uid=testuser,ou=People,dc=4wxyz,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: testuser
uid: testuser
uidNumber: 1500
gidNumber: 1500
homeDirectory: /home/testuser
loginShell: /bin/bash
gecos: Linuxuser [Admin (at) HostAdvice]
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
EOF
$ ldapadd -x -D cn=Manager,dc=4wxyz,dc=com -W -f useradd.ldif
LDAP Admin
http://www.ldapadmin.org/download/ldapadmin.html
728x90
반응형
'리눅스' 카테고리의 다른 글
[LDAP] OpenLDAP Password Policy overlay (ppolicy) (0) | 2021.06.13 |
---|---|
[LDAP] OpenLDAP 그룹 및 계정 생성 (0) | 2021.06.13 |
도커 컴포즈 설치(docker-compose install) (0) | 2021.06.10 |
chage 명령어 (0) | 2021.06.09 |
파일 디스크립터(File Descriptor) 및 설정(ulimit) (0) | 2021.06.08 |