Linux - OpenLDAP - 1

LDAP note
1. Là một hệ thống chứng thực tập trung, bao gồm user account, info, mail...

a1. Hỗ trợ Directory Information Tree (DIT) - 1 kiểu kiến trúc dạng cây thư mục, kiểu như DNS, trong đó
a1.1 Cung cấp DNS top level, kiểu như '.' là root cao nhất
a1.2 Cung cấp sub-level. kiểu như abc.com.vn
a2. Mỗi object là duy nhất, có nhiều attributes
Open-LDAP tương tự AD trên M$ Windows, thực ra cả 2 cái này dùng chug 1 giao thức là LDAP

#######################Bây giờ bắt đầu với LDAP
1. Distinguished Names (DNs)
Mỗi LDAP Object có 1 DN trong DIT
2. Object Class
a. Xác định loại thuộc tính
b. VD: ou=people là Organizational Unit group
3. Schemas - /etc/openldap/schema
a Schemas định nghĩa object classes và attribute
4. Attributes
a. Hỗ trợ đơn trị hoặc đa trị

#######################Cài đặt cấu hình DNS
Về lý thuyết thì không cần nhưng ta vẫn cần nó cho sau này, ( triển khai DC)
yum install -y bind-chroot
chmod 755 -R /var/named/
cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/chroot/var/named/
cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/
cp /usr/share/doc/bind-9.3.6/sample/var/named/localhost.zone /var/named/chroot/var/named/
touch /var/named/chroot/etc/named.conf
chkconfig --level 35 named on
service named start
vim /etc/resolv.conf

search hbn.local
nameserver 192.168.232.100
nameserver 192.168.232.2

vim /var/named/chroot/etc/named.conf

options {
directory "/var/named";

forwarders {203.162.0.181; 203.162.0.11; 210.245.0.11; 210.245.0.58; 208.67.222.222; 208.67.220.220; 8.8.8.8; 8.8.4.4;};
};

zone "." IN {
type hint;
file "named.root";
};

zone "localhost" IN {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};

zone "232.168.192.in-addr.arpa" IN {
type master;
file "192.168.232.0.db";
};

zone "hbn.local" {
type master;
file "hbn.local";
};

cd /var/named/chroot/var/named/
file 192.168.232.0.db

$TTL 86400
@ IN SOA hbn.local. root.hbn.local. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.hbn.local.
100 IN PTR dns.hbn.local.

file hbn.local

$TTL 14400
@ IN SOA root.hbn.local. hostmaster.hbn.local. (
2009102800
14400
3600
1209600
86400 )

IN NS hbn.local.
IN NS hbn.local.

ftp IN A 192.168.232.100
hbn.local. IN A 192.168.232.100
localhost IN A 127.0.0.1
mail IN A 192.168.232.100
pop IN A 192.168.232.100
smtp IN A 192.168.232.100
www IN A 192.168.232.100
hbn.local. IN MX 10 mail

hbn.local. 14400 IN TXT "v=spf1 a mx ip4:192.168.153.100 ~all"

#####################Cài đặt Open-LDAP
yum -y install openldap*

Update /etc/openldap/slapd.conf

Update: suffix "dc=my-domain,dc=com"
TO: suffix "dc=hbn,dc=local"

###Super-User Info###

#rootdn "cn=Manager,dc=my-domain,dc=com"
rootdn "cn=Manager,dc=linuxcbt,dc=internal"
rootpw secret
rootpw abc123

vim /etc/ldap.conf

base dc=hbn,dc=local

vi /etc/openldap/ldap.conf

URI ldap://127.0.0.1/

BASE dc=hbn,dc=local

##################Test LDAP

###LDAP ADD
cd /usr/share/openldap/migration
vi migrate_common.ph

$DEFAULT_MAIL_DOMAIN = "hbn.local";
$DEFAULT_BASE = "dc=hbn,dc=local";

./migrate_base.pl > base.ldif
vi base.ldif

dn: dc=server-linux,dc=info
dc: server-linux
objectClass: top
objectClass: domain

dn: ou=People,dc=server-linux,dc=info
ou: People
objectClass: top
objectClass: organizationalUnit

dn: ou=Group,dc=server-linux,dc=info
ou: Group
objectClass: top
objectClass: organizationalUnit

ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f base.ldif

###LDAPSEARCH###
ldapsearch -x -b "dc=hbn,dc=local" "(objectclass=*)"

Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.

Nam Habach