informatica:linux:ldap
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
informatica:linux:ldap [2010/11/24 18:19] – creado 95.20.4.69 | informatica:linux:ldap [2015/04/13 20:19] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 2: | Line 2: | ||
open-ldap slapd ldap | open-ldap slapd ldap | ||
+ | |||
+ | http:// | ||
===== Instalación ===== | ===== Instalación ===== | ||
sudo aptitude install slapd ldap-utils | sudo aptitude install slapd ldap-utils | ||
+ | |||
+ | |||
===== ldap.conf ===== | ===== ldap.conf ===== | ||
Line 22: | Line 26: | ||
# NB: RH Linux schemas in / | # NB: RH Linux schemas in / | ||
# | # | ||
- | include | + | include |
- | include | + | include |
- | include | + | include |
# NO SECURITY - no access clause | # NO SECURITY - no access clause | ||
Line 39: | Line 42: | ||
# enable a lot of logging - we might need it | # enable a lot of logging - we might need it | ||
# but generates huge logs | # but generates huge logs | ||
- | loglevel | + | loglevel |
# MODULELOAD definitions | # MODULELOAD definitions | ||
Line 51: | Line 54: | ||
####################################################################### | ####################################################################### | ||
# bdb database definitions | # bdb database definitions | ||
- | # | + | # |
# replace example and com below with a suitable domain | # replace example and com below with a suitable domain | ||
- | # | + | # |
# If you don't have a domain you can leave it since example.com | # If you don't have a domain you can leave it since example.com | ||
# is reserved for experimentation or change them to my and inc | # is reserved for experimentation or change them to my and inc | ||
Line 65: | Line 68: | ||
rootdn " | rootdn " | ||
rootpw dirtysecret | rootpw dirtysecret | ||
- | # The database directory MUST exist prior to running slapd AND | + | |
+ | # The database directory MUST exist prior to running slapd AND | ||
# change path as necessary | # change path as necessary | ||
- | directory | + | directory |
# Indices to maintain for this directory | # Indices to maintain for this directory | ||
# unique id so equality match only | # unique id so equality match only | ||
- | index uid eq | + | index |
# allows general searching on commonname, givenname and email | # allows general searching on commonname, givenname and email | ||
index | index | ||
+ | |||
# allows multiple variants on surname searching | # allows multiple variants on surname searching | ||
index sn eq,sub | index sn eq,sub | ||
+ | |||
# sub above includes subintial, | # sub above includes subintial, | ||
# optimise department searches | # optimise department searches | ||
index ou eq | index ou eq | ||
+ | |||
# if searches will include objectClass uncomment following | # if searches will include objectClass uncomment following | ||
# index objectClass eq | # index objectClass eq | ||
# shows use of default index parameter | # shows use of default index parameter | ||
index default eq,sub | index default eq,sub | ||
+ | |||
# indices missing - uses default eq,sub | # indices missing - uses default eq,sub | ||
index telephonenumber | index telephonenumber | ||
Line 90: | Line 99: | ||
cachesize 10000 | cachesize 10000 | ||
checkpoint 128 15 | checkpoint 128 15 | ||
- | |||
</ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ===== Arrancar ldap ===== | ||
+ | |||
+ | No se por que demonios el '/ | ||
+ | |||
+ | sudo / | ||
+ | | ||
+ | Comprobar que ha arrancado: | ||
+ | |||
+ | ps ax | grep ldap | ||
+ | 9122 ? Ssl 0:00 / | ||
+ | |||
+ | Para pararlo matar el proceso con kill | ||
+ | |||
+ | ===== Insertar registro ===== | ||
+ | |||
+ | 1. Crear un archivo .ldif: | ||
+ | |||
+ | sudo vim / | ||
+ | |||
+ | Con el siguiente contenido: | ||
+ | |||
+ | < | ||
+ | ## DEFINE DIT ROOT/ | ||
+ | ## uses RFC 2377 format | ||
+ | ## replace example and com as necessary below | ||
+ | ## or for experimentation leave as is | ||
+ | |||
+ | ## dcObject is an AUXILLIARY objectclass and MUST | ||
+ | ## have a STRUCTURAL objectclass (organization in this case) | ||
+ | # this is an ENTRY sequence and is preceded by a BLANK line | ||
+ | |||
+ | dn: dc=example, | ||
+ | dc: example | ||
+ | description: | ||
+ | in this line up to 32K continuation data for the line above must | ||
+ | have <CR> or < | ||
+ | on both Windows and *nix system - new line MUST begin with ONE SPACE | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | o: Example, Inc. | ||
+ | |||
+ | ## FIRST Level hierarchy - people | ||
+ | ## uses mixed upper and lower case for objectclass | ||
+ | # this is an ENTRY sequence and is preceded by a BLANK line | ||
+ | |||
+ | dn: ou=people, dc=example, | ||
+ | ou: people | ||
+ | description: | ||
+ | objectclass: | ||
+ | |||
+ | ## SECOND Level hierarchy | ||
+ | ## ADD a single entry under FIRST (people) level | ||
+ | # this is an ENTRY sequence and is preceded by a BLANK line | ||
+ | # the ou: Human Resources is the department name | ||
+ | |||
+ | dn: cn=Robert Smith, | ||
+ | objectclass: | ||
+ | cn: Robert Smith | ||
+ | cn: Robert J Smith | ||
+ | cn: bob smith | ||
+ | sn: smith | ||
+ | uid: rjsmith | ||
+ | userpassword: | ||
+ | carlicense: HISCAR 123 | ||
+ | homephone: 555-111-2222 | ||
+ | mail: r.smith@example.com | ||
+ | mail: rsmith@example.com | ||
+ | mail: bob.smith@example.com | ||
+ | description: | ||
+ | ou: Human Resources | ||
+ | </ | ||
+ | |||
+ | 2. Insertar el registro: | ||
+ | |||
+ | ldapadd -H ldap:// | ||
+ | |||
+ | |||
+ | ===== Buscar registro ===== | ||
+ | |||
+ | ldapsearch -H ldap:// | ||
+ | |||
+ | Me ha salido bien antes, ahora no me furrula (quiza porque borre el registro | ||
+ | |||
+ | ldapsearch -xh 192.168.1.17 -b '' |
informatica/linux/ldap.1290622786.txt.gz · Last modified: 2015/04/13 20:19 (external edit)