Difference between revisions of "Install ldap server"
| Line 1: | Line 1: | ||
''Install LDAP'' | ''Install LDAP'' | ||
| − | ''install ubuntu and then updates'' | + | '''install ubuntu and then updates''' |
sudo apt update | sudo apt update | ||
sudo apt upgrade | sudo apt upgrade | ||
| − | ''install docker'' | + | '''install docker''' |
sudo apt install docker.io | sudo apt install docker.io | ||
sudo systemctl start docker | sudo systemctl start docker | ||
sudo systemctl enable docker | sudo systemctl enable docker | ||
| − | ''add containers'' | + | '''add containers''' |
| − | install portrainer (access to containers via web by 9000 port) | + | '''install portrainer (access to containers via web by 9000 port)''' |
sudo docker run --restart=always -d --name="portainer" -p 9000:9000 -v /etc/localtime:/etc/localtime:ro -v /var/run/docker.sock:/var/run/docker.sock -v /home/fox/smarthome/portainer:/data portainer/portainer:latest | sudo docker run --restart=always -d --name="portainer" -p 9000:9000 -v /etc/localtime:/etc/localtime:ro -v /var/run/docker.sock:/var/run/docker.sock -v /home/fox/smarthome/portainer:/data portainer/portainer:latest | ||
| − | install openldap (ldap server) | + | '''install openldap (ldap server)''' |
sudo docker run --restart=always -p 389:389 -p 636:636 --env LDAP_ORGANISATION="mps" --env LDAP_DOMAIN="mps.resnet.com" --env LDAP_ADMIN_PASSWORD="ldap" --detach osixia/openldap:1.4.0 | sudo docker run --restart=always -p 389:389 -p 636:636 --env LDAP_ORGANISATION="mps" --env LDAP_DOMAIN="mps.resnet.com" --env LDAP_ADMIN_PASSWORD="ldap" --detach osixia/openldap:1.4.0 | ||
| − | install phpldapadmin (manage ldap users via web by 6443 port) | + | '''install phpldapadmin (manage ldap users via web by 6443 port)''' |
sudo docker run --restart=always -p 6443:443 --env PHPLDAPADMIN_LDAP_HOSTS=192.168.0.5 --detach osixia/phpldapadmin:0.9.0 | sudo docker run --restart=always -p 6443:443 --env PHPLDAPADMIN_LDAP_HOSTS=192.168.0.5 --detach osixia/phpldapadmin:0.9.0 | ||
now you can control containers by: ip:9000 | now you can control containers by: ip:9000 | ||
| − | ''add user'' | + | '''add user''' |
you can edit (add new users) by: ip:6443 | you can edit (add new users) by: ip:6443 | ||
login with credentials: | login with credentials: | ||
| Line 29: | Line 29: | ||
pass: ldap | pass: ldap | ||
| − | ''need create (once) users group:'' | + | '''need create (once) users group:''' |
'''Create a child entry''' and then select '''Generic: Posix Group''', enter users and create group | '''Create a child entry''' and then select '''Generic: Posix Group''', enter users and create group | ||
| − | ''now create user:'' | + | '''now create user:''' |
'''Create a child entry''' and then select '''Generic: User Account''', enter user data (and group above) | '''Create a child entry''' and then select '''Generic: User Account''', enter user data (and group above) | ||
| − | ''after create user need add e-mail:'' | + | '''after create user need add e-mail:''' |
select user in tree and press '''Add new attribute''', then select in combobox '''mail''' attribute | select user in tree and press '''Add new attribute''', then select in combobox '''mail''' attribute | ||
| − | ''additional soft'' | + | '''additional soft''' |
| − | Softerra LDAP Browser https://www.ldapadministrator.com: [https://www.ldapadministrator.com] | + | ''Softerra LDAP Browser'' https://www.ldapadministrator.com: [https://www.ldapadministrator.com] |
host: ip | host: ip | ||
Revision as of 12:41, 8 December 2020
Install LDAP
install ubuntu and then updates
sudo apt update sudo apt upgrade
install docker
sudo apt install docker.io sudo systemctl start docker sudo systemctl enable docker
add containers
install portrainer (access to containers via web by 9000 port)
sudo docker run --restart=always -d --name="portainer" -p 9000:9000 -v /etc/localtime:/etc/localtime:ro -v /var/run/docker.sock:/var/run/docker.sock -v /home/fox/smarthome/portainer:/data portainer/portainer:latest
install openldap (ldap server)
sudo docker run --restart=always -p 389:389 -p 636:636 --env LDAP_ORGANISATION="mps" --env LDAP_DOMAIN="mps.resnet.com" --env LDAP_ADMIN_PASSWORD="ldap" --detach osixia/openldap:1.4.0
install phpldapadmin (manage ldap users via web by 6443 port)
sudo docker run --restart=always -p 6443:443 --env PHPLDAPADMIN_LDAP_HOSTS=192.168.0.5 --detach osixia/phpldapadmin:0.9.0
now you can control containers by: ip:9000
add user you can edit (add new users) by: ip:6443 login with credentials:
user: cn=admin,dc=mps,dc=resnet,dc=com pass: ldap
need create (once) users group:
Create a child entry and then select Generic: Posix Group, enter users and create group
now create user:
Create a child entry and then select Generic: User Account, enter user data (and group above)
after create user need add e-mail:
select user in tree and press Add new attribute, then select in combobox mail attribute
additional soft Softerra LDAP Browser https://www.ldapadministrator.com: [1]
host: ip port: 389 base dns: dc=mps,dc=resnet,dc=com mechanism: simple principal: cn=admin,dc=mps,dc=resnet,dc=com password: ldap
______________________________________________________________________________________________
Install LDAP old version
sudo apt install slapd ldap-utils
configure sudo dpkg-reconfigure slapd enter admin password, domain name (ldap-test.com), at the end of wizard select "hdb" database type
add users ndgroups
create file: add_nodes.ldif
dn: ou=people,dc=ldap-test,dc=com objectClass: organizationalUnit ou: People
dn: ou=groups,dc=ldap-test,dc=com objectClass: organizationalUnit ou: Groups
and run: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_nodes.ldif
enabling MemberOF create file: memberof_config.ldif
dn: cn=module,cn=config cn: module objectClass: olcModuleList olcModuleLoad: memberof olcModulePath: /usr/lib/ldap
dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
create file: refint1.ldif
dn: cn=module{1},cn=config
add: olcmoduleload
olcmoduleload: refint
create file: refint2.ldif
dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner
and run commands:
sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f memberof_config.ldif
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f refint1.ldif
sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f refint2.ldif
create users
generate SHA for userPassword: slappasswd -h {SHA} -s my_password
create file: add_user_test.ldif
dn: cn=test,ou=people,dc=ldap-test,dc=com
cn: test
givenName: test
sn: test
uid: test
uidNumber: 5000
gidNumber: 10000
homeDirectory: /home/test
mail: test@ldap-test.com
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
userPassword: {SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_test.ldif
create file: add_user_valera.ldif
dn: cn=valera,ou=people,dc=ldap-test,dc=com
cn: valera
givenName: valera
sn: valera
uid: valera
uidNumber: 5000
gidNumber: 10000
homeDirectory: /home/valera
mail: valera@ldap-test.com
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
userPassword: {SHA}/czKZw8hc3yvCKMiU0y1lqqmATU=
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_valera.ldif
create file: add_user_svan.ldif
dn: cn=svan,ou=people,dc=ldap-test,dc=com
cn: svan
givenName: svan
sn: svan
uid: svan
uidNumber: 5000
gidNumber: 10000
homeDirectory: /home/svan
mail: svan@ldap-test.com
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
userPassword: {SHA}D07SmrTu0Yh+eZcgj+nIVWKn8XU=
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_user_svan.ldif
create groups create file: add_group_disabled.ldif
dn: cn=Disabled,ou=groups,dc=ldap-test,dc=com objectClass: groupofnames cn: Disabled description: All users member: cn=test,ou=people,dc=ldap-test,dc=com
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_disabled.ldif
create file: add_group_openvpn.ldif
dn: cn=OpenVPN,ou=groups,dc=ldap-test,dc=com objectClass: groupofnames cn: OpenVPN description: All users member: cn=valera,ou=people,dc=ldap-test,dc=com member: cn=svan,ou=people,dc=ldap-test,dc=com member: cn=test,ou=people,dc=ldap-test,dc=com
and run command: ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_group_openvpn.ldif
code
for ldap_simple_bind_s:
PWCHAR user_name = L"cn=valera,ou=people,dc=ldap-test,dc=com"; PWCHAR password = L"valera"; ULONG error = ldap_simple_bind_s(pLdapConnection, user_name, password);
for ldap_search_s:
LDAPMessage *pResults = NULL; PWCHAR base_path = L"dc=ldap-test,dc=com"; PWCHAR base_filter = L"(&(!(memberOf=cn=Disabled, ou=groups, dc=ldap-test, dc=com))(memberOf=cn=OpenVPN, ou=groups, dc=ldap-test, dc=com))"; error = ldap_search_s(pLdapConnection, base_path, LDAP_SCOPE_SUBTREE, base_filter, NULL, 0, &pResults);
links
OpenLDAP Server: [2]
How to enable MemberOf using OpenLDAP: [3]
Install and configure OpenLDAP & phpLDAPadmin on Ubuntu 18.04 LTS: [4]
LDAP commands: [5]
