Difference between revisions of "Install ldap server"
(Created page with "''Install ldap'' '''sudo apt install slapd ldap-utils''' ''configure'' '''sudo dpkg-reconfigure slapd''' enter admin password, domain name (ldap-test.com), at the end of wiza...") |
|||
| Line 18: | Line 18: | ||
ou: Groups | ou: Groups | ||
| − | and run: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_nodes.ldif | + | and run: '''ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_nodes.ldif''' |
| − | enabling MemberOF | + | ''enabling MemberOF'' |
| − | create file: memberof_config.ldif | + | create file: '''memberof_config.ldif''' |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config | + | dn: cn=module,cn=config |
| − | objectClass: olcConfig | + | cn: module |
| − | objectClass: olcMemberOf | + | objectClass: olcModuleList |
| − | objectClass: olcOverlayConfig | + | olcModuleLoad: memberof |
| − | objectClass: top | + | olcModulePath: /usr/lib/ldap |
| − | olcOverlay: memberof | + | |
| − | olcMemberOfDangling: ignore | + | dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config |
| − | olcMemberOfRefInt: TRUE | + | objectClass: olcConfig |
| − | olcMemberOfGroupOC: groupOfNames | + | objectClass: olcMemberOf |
| − | olcMemberOfMemberAD: member | + | objectClass: olcOverlayConfig |
| − | olcMemberOfMemberOfAD: memberOf | + | objectClass: top |
| − | + | olcOverlay: memberof | |
| − | create file: refint1.ldif | + | olcMemberOfDangling: ignore |
| − | + | olcMemberOfRefInt: TRUE | |
| − | dn: cn=module{1},cn=config | + | olcMemberOfGroupOC: groupOfNames |
| − | add: olcmoduleload | + | olcMemberOfMemberAD: member |
| − | olcmoduleload: refint | + | olcMemberOfMemberOfAD: memberOf |
| − | + | ||
| + | create file: '''refint1.ldif''' | ||
| + | |||
| + | dn: cn=module{1},cn=config | ||
| + | add: olcmoduleload | ||
| + | olcmoduleload: refint | ||
| + | |||
| + | |||
| + | create file: '''refint2.ldif''' | ||
| + | |||
| + | dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config | ||
| + | objectClass: olcConfig | ||
| + | objectClass: olcOverlayConfig | ||
| + | objectClass: olcRefintConfig | ||
| + | objectClass: top | ||
| + | olcOverlay: {1}refint | ||
| + | olcRefintAttribute: memberof member manager owner | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
and run commands: | and run commands: | ||
| − | sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif | + | '''sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif''' |
| − | sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif | + | '''sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif''' |
| − | sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif | + | '''sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif''' |
Revision as of 07:49, 24 October 2019
Install ldap sudo apt install slapd ldap-utils
configure sudo dpkg-reconfigure slapd enter admin password, domain name (ldap-test.com), at the end of wizard select "hdb" database type
add users ndgroups
create file: add_nodes.ldif
dn: ou=people,dc=ldap-test,dc=com objectClass: organizationalUnit ou: People
dn: ou=groups,dc=ldap-test,dc=com objectClass: organizationalUnit ou: Groups
and run: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_nodes.ldif
enabling MemberOF create file: memberof_config.ldif
dn: cn=module,cn=config cn: module objectClass: olcModuleList olcModuleLoad: memberof olcModulePath: /usr/lib/ldap
dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
create file: refint1.ldif
dn: cn=module{1},cn=config
add: olcmoduleload
olcmoduleload: refint
create file: refint2.ldif
dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner
and run commands: sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif
create users:
generate SHA for userPassword: slappasswd -h {SHA} -s my_password
create file: add_user_test.ldif " dn: cn=test,ou=people,dc=ldap-test,dc=com cn: test givenName: test sn: test uid: test uidNumber: 5000 gidNumber: 10000 homeDirectory: /home/test mail: test@ldap-test.com objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash userPassword: {SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=
" and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_test.ldif
create file: add_user_valera.ldif " dn: cn=valera,ou=people,dc=ldap-test,dc=com cn: valera givenName: valera sn: valera uid: valera uidNumber: 5000 gidNumber: 10000 homeDirectory: /home/valera mail: valera@ldap-test.com objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash userPassword: {SHA}/czKZw8hc3yvCKMiU0y1lqqmATU= " and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_valera.ldif
create file: add_user_svan.ldif " dn: cn=svan,ou=people,dc=ldap-test,dc=com cn: svan givenName: svan sn: svan uid: svan uidNumber: 5000 gidNumber: 10000 homeDirectory: /home/svan mail: svan@ldap-test.com objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash userPassword: {SHA}D07SmrTu0Yh+eZcgj+nIVWKn8XU= " and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_svan.ldif
create groups: create file: add_group_disabled.ldif " dn: cn=Disabled,ou=groups,dc=ldap-test,dc=com objectClass: groupofnames cn: Disabled description: All users member: cn=test,ou=people,dc=ldap-test,dc=com
" ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_disabled.ldif
create file: add_group_openvpn.ldif " dn: cn=OpenVPN,ou=groups,dc=ldap-test,dc=com objectClass: groupofnames cn: OpenVPN description: All users member: cn=valera,ou=people,dc=ldap-test,dc=com member: cn=svan,ou=people,dc=ldap-test,dc=com member: cn=test,ou=people,dc=ldap-test,dc=com
" ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_openvpn.ldif
code:
for ldap_simple_bind_s:
"
PWCHAR user_name = L"cn=valera,ou=people,dc=ldap-test,dc=com";
PWCHAR password = L"valera";
ULONG error = ldap_simple_bind_s(pLdapConnection, user_name, password);
"
for ldap_search_s: " LDAPMessage *pResults = NULL; PWCHAR base_path = L"dc=ldap-test,dc=com"; PWCHAR base_filter = L"(&(!(memberOf=cn=Disabled, ou=groups, dc=ldap-test, dc=com))(memberOf=cn=OpenVPN, ou=groups, dc=ldap-test, dc=com))"; error = ldap_search_s(pLdapConnection, base_path, LDAP_SCOPE_SUBTREE, base_filter, NULL, 0, &pResults);
"
links: https://help.ubuntu.com/lts/serverguide/openldap-server.html https://www.adimian.com/blog/2014/10/how-to-enable-memberof-using-openldap/ https://computingforgeeks.com/install-and-configure-openldap-phpldapadmin-on-ubuntu-18-04-lts/
