informatica:linux:openldap
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
informatica:linux:openldap [2013/10/03 09:55] – javi | informatica:linux:openldap [2017/11/16 10:22] – jose | ||
---|---|---|---|
Line 435: | Line 435: | ||
==== TLS ==== | ==== TLS ==== | ||
+ | |||
+ | 1. Configuracion del virtual host: | ||
< | < | ||
Line 470: | Line 472: | ||
</ | </ | ||
</ | </ | ||
+ | |||
+ | 2. Crear el siguiente archivo: | ||
+ | |||
+ | sudo vim / | ||
+ | | ||
+ | Con el siguiente contenido: | ||
+ | |||
+ | LDAPVerifyServerCert Off | ||
+ | |||
+ | 3. (TODO) Comprobar si es necesario reiniciar apache o con el reload de mas adelante es suficiente | ||
==== Comprobacion ==== | ==== Comprobacion ==== | ||
Line 645: | Line 657: | ||
Mas info: | Mas info: | ||
- | LDAP over TLS/SSL (ldaps://) is deprecated in favour of StartTLS. The latter refers to an existing LDAP session (listening on TCP port 389) becoming protected by TLS/SSL whereas LDAPS, like HTTPS, is a distinct encrypted-from-the-start protocol that operates over TCP port 636. | + | |
+ | LDAP over TLS/SSL (ldaps: / / ) is deprecated in favour of StartTLS. The latter refers to an existing LDAP session (listening on TCP port 389) becoming protected by TLS/SSL whereas LDAPS, like HTTPS, is a distinct encrypted-from-the-start protocol that operates over TCP port 636. | ||
10. Tighten up ownership and permissions: | 10. Tighten up ownership and permissions: | ||
Line 668: | Line 682: | ||
tcp 0 0 0.0.0.0: | tcp 0 0 0.0.0.0: | ||
</ | </ | ||
+ | |||
+ | ===== Modificar un registro en LDAP ===== | ||
+ | Para añadir un campo, por ejemplo loginshell al usuario jur. Creeamos el fichero anyadir.ldif: | ||
+ | < | ||
+ | dn: cn=jur, | ||
+ | add: loginshell | ||
+ | loginshell: /bin/bash | ||
+ | </ | ||
+ | |||
+ | Lo añadimos con el comando: | ||
+ | ldapmodify -x -w ******** -D " | ||
+ | | ||
+ | Para modificarlo, | ||
+ | < | ||
+ | dn: cn=jur, | ||
+ | changetype: modify | ||
+ | replace: loginshell | ||
+ | loginshell: /bin/sh | ||
+ | </ | ||
+ | |||
+ | ldapmodify -x -w ******** -D " | ||
+ | |||
+ | |||
+ | ===== Consulta sin corte de línea ===== | ||
+ | ldapsearch -D " | ||
+ | Con linux si tienes perl: | ||
+ | ldapsearch -D " | ||
+ | ===== Consulta de todos los atributos ===== | ||
+ | ldapsearch -D " | ||
+ | < | ||
+ | objectClasses: | ||
+ | objectClasses: | ||
+ | objectClasses: | ||
+ | objectClasses: | ||
+ | objectClasses: | ||
+ | objectClasses: | ||
+ | </ | ||
+ | | ||
+ |
informatica/linux/openldap.txt · Last modified: 2018/07/24 09:37 by javi