Kamis, 22 November 2012

INSTALL LDAP

  Configure LDAP Server in order to share users' accounts in local networks.

[1] Install and Configure OpenLDAP
master:~ #
zypper install -y openldap2 pam_ldap nss_ldap


# generate password for ldap admin

master:~ #
slappasswd -s password -h {MD5}

# (1) remember

{MD5}************************

master:~ #
vi /etc/openldap/slapd.conf


# line 7: change

include
/etc/openldap/schema/core.schema

include
/etc/openldap/schema/cosine.schema

include
/etc/openldap/schema/nis.schema
# add

include
/etc/openldap/schema/inetorgperson.schema

include
/etc/openldap/schema/ppolicy.schema
# add

#
include
/etc/openldap/schema/rfc2307bis.schema
# make it comment

#
include
/etc/openldap/schema/yast.schema
# make it comment


# line 70: specify suffix

suffix   "dc=
server-world
,dc=
info
"

# line 73: specify admin's suffix

rootdn   "cn=Manager,dc=
server-world
,dc=
info
"

# line 77: specify password generated with (1)

rootpw  
{MD5}************************


# line 83: make it comment

#
index objectClass eq
# add at the bottom

index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres


master:~ #
vi /etc/openldap/ldap.conf


# line 8: uncomment and specify suffix

BASE   dc=
server-world
, dc=
info


master:~ #
vi /etc/ldap.conf


# line 14: specify suffix

base dc=
server-world
,dc=
info


master:~ #
/etc/init.d/ldap start

Starting ldap-server
done

master:~ #
chkconfig ldap on
[2] Add initial information
master:~ #
wget http://www.padl.com/download/MigrationTools.tgz

master:~ #
tar zxvf MigrationTools.tgz

master:~ #
chown -R ldap. MigrationTools-47

master:~ #
cd MigrationTools-47

master:~/MigrationTools-47 #
vi migrate_common.ph


# line 71: specify domain name

$DEFAULT_MAIL_DOMAIN = "
server-world.info
";

# line 74: specify suffix

$DEFAULT_BASE = "dc=
server-world
,dc=
info
";

master:~/MigrationTools-47 #
./migrate_base.pl > base.ldif

master:~/MigrationTools-47 #
vi base.ldif


# edit only sections that are needed for your environment ( The follows is minimum requirement example )

dn: dc=server-world,dc=info
dc: server-world
objectClass: top
objectClass: domain

dn: ou=People,dc=server-world,dc=info
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=server-world,dc=info
ou: Group
objectClass: top
objectClass: organizationalUnit

master:~/MigrationTools-47 #
ldapadd -x -W -D "cn=Manager,dc=server-world,dc=info" -f base.ldif

Enter LDAP Password:
# LDAP admin password

adding new entry "dc=server-world,dc=info"
adding new entry "ou=People,dc=server-world,dc=info"
adding new entry "ou=Group,dc=server-world,dc=info"
[3] Add Existing User and Group to LDAP
master:~/MigrationTools-47 #
grep "users" /etc/group > group

master:~/MigrationTools-47 #
grep ":1[0-9][0-9][0-9]" /etc/passwd > passwd

master:~/MigrationTools-47 #
./migrate_group.pl group > group.ldif

master:~/MigrationTools-47 #
./migrate_passwd.pl passwd > passwd.ldif


# add user and group to LDAP

master:~/MigrationTools-47 #
ldapadd -x -W -D "cn=Manager,dc=server-world,dc=info" -f group.ldif

Enter LDAP Password:
# LDAP admin password

adding new entry "cn=users,ou=Group,dc=server-world,dc=info"
master:~/MigrationTools-47 #
ldapadd -x -W -D "cn=Manager,dc=server-world,dc=info" -f passwd.ldif

Enter LDAP Password:
# LDAP admin password

adding new entry "uid=sles,ou=People,dc=server-world,dc=info"
# verify

master:~/MigrationTools-47 #
ldapsearch -x -W -D "cn=Manager,dc=server-world,dc=info"

Enter LDAP Password:
# LDAP admin password

# extended LDIF
#
# LDAPv3
# base <dc=server-world,dc=info> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# server-world.info
dn: dc=server-world,dc=info
dc: server-world
objectClass: top
objectClass: domain

# People, server-world.info
dn: ou=People,dc=server-world,dc=info
ou: People
objectClass: top
objectClass: organizationalUnit

# Group, server-world.info
dn: ou=Group,dc=server-world,dc=info
ou: Group
objectClass: top
objectClass: organizationalUnit

# users, Group, server-world.info
dn: cn=users,ou=Group,dc=server-world,dc=info
objectClass: posixGroup
objectClass: top
cn: users
userPassword:: ********
gidNumber: 100

# sles, People, server-world.info
dn: uid=sles,ou=People,dc=server-world,dc=info
uid: sles
cn: sles
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: *******************
shadowLastChange: 14447
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 100
homeDirectory: /home/sles

# search result
search: 2
result: 0 Success

# numResponses: 15
# numEntries: 14
[4] If you'd like to delete User or Group that is added in LDAP Server, Do as below.
master:~ #
ldapdelete -x -W -D 'cn=Manager,dc=server-world,dc=info' "uid=sles,ou=people,dc=server-world,dc=info"

Enter LDAP Password:
master:~ #
ldapdelete -x -W -D 'cn=Manager,dc=server-world,dc=info' "cn=users,ou=group,dc=server-world,dc=info"

Enter LDAP Password: 
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)