informatica:linux:openldap
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
informatica:linux:openldap [2013/05/23 13:51] – javi | informatica:linux:openldap [2018/07/24 09:37] (current) – [openldap (seguir este)] javi | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== openldap ====== | + | ====== openldap |
+ | |||
+ | 1. Create dirs | ||
+ | |||
+ | < | ||
+ | ssh 10.41.0.2 | ||
+ | sudo mkdir -p / | ||
+ | sudo mkdir -p / | ||
+ | sudo mkdir -p / | ||
+ | </ | ||
+ | |||
+ | 2. Create container | ||
+ | |||
+ | < | ||
+ | docker run --name ldap \ | ||
+ | -v / | ||
+ | -v / | ||
+ | -v / | ||
+ | -e LDAP_ORGANISATION=" | ||
+ | -e LDAP_DOMAIN=" | ||
+ | -e LDAP_ADMIN_PASSWORD=secret \ | ||
+ | -e SSL_CRT_FILENAME=ldap01_slapd_cert.pem \ | ||
+ | -e SSL_KEY_FILENAME=ldap01_slapd_key.pem \ | ||
+ | -e SSL_CA_CRT_FILENAME=cacert.pem \ | ||
+ | -d osixia/ | ||
+ | </ | ||
+ | |||
+ | IMPORTANT: LDAP_ADMIN_PASSWORD variable will hold the administrative password of " | ||
+ | |||
+ | 2.1. Test it: | ||
+ | |||
+ | **Note**: this step can be performed from phpldapadmin or similar with " | ||
+ | |||
+ | < | ||
+ | docker exec -ti ldap bash | ||
+ | ldapsearch -x -H ldap:// | ||
+ | </ | ||
+ | |||
+ | Expected output: | ||
+ | |||
+ | < | ||
+ | # extended LDIF | ||
+ | # | ||
+ | # LDAPv3 | ||
+ | # base < | ||
+ | # filter: (objectclass=*) | ||
+ | # requesting: ALL | ||
+ | # | ||
+ | |||
+ | # kedu.cat | ||
+ | dn: dc=example, | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | o: Kedu SCCL | ||
+ | dc: kedu | ||
+ | |||
+ | # admin, example.com | ||
+ | dn: cn=admin, | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | cn: admin | ||
+ | description: | ||
+ | userPassword:: | ||
+ | |||
+ | # search result | ||
+ | search: 2 | ||
+ | result: 0 Success | ||
+ | |||
+ | # numResponses: | ||
+ | # numEntries: 2 | ||
+ | </ | ||
+ | |||
+ | 3. Fix permisions to allow a readonly user. | ||
+ | |||
+ | With this step: | ||
+ | |||
+ | * You will be able to create a " | ||
+ | * Can be used as bind user by 3rd party applications such as zabbix, redmine, etc. | ||
+ | |||
+ | 3.1. Fix permisions: | ||
+ | |||
+ | < | ||
+ | ldapmodify -Q -Y EXTERNAL -H ldapi:/// -W << | ||
+ | dn: olcDatabase={1}mdb, | ||
+ | changetype: modify | ||
+ | delete: olcAccess | ||
+ | - | ||
+ | add: olcAccess | ||
+ | olcAccess: {0}to attrs=userPassword, | ||
+ | olcAccess: {1}to * by self write by dn=" | ||
+ | - | ||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | Enter LDAP Password: | ||
+ | < | ||
+ | secret | ||
+ | </ | ||
+ | |||
+ | Output: | ||
+ | |||
+ | < | ||
+ | modifying entry " | ||
+ | </ | ||
+ | |||
+ | 3.2. Create " | ||
+ | |||
+ | **Note**: this step can be performed from phpldapadmin or similar with " | ||
+ | |||
+ | < | ||
+ | ldapadd -x -D ' | ||
+ | dn: cn=readonly, | ||
+ | cn: readonly | ||
+ | description: | ||
+ | objectclass: | ||
+ | objectclass: | ||
+ | objectclass: | ||
+ | userpassword: | ||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | Expected output: | ||
+ | |||
+ | < | ||
+ | adding new entry " | ||
+ | </ | ||
+ | |||
+ | 3.3. Test it: | ||
+ | |||
+ | | " | ||
+ | | Password | secret | | ||
+ | |||
+ | Now you should be able to: | ||
+ | |||
+ | * Configure 3rd party applications (such as Zabbix) using those credentials as a bin acccount (not yet able to use groups yect) | ||
+ | * Login to phpldapadmin avoiding the "This base cannot be created with PLA." error. You should be able to see the entire tree, and once populated, DON'T see credentials such as password for posixAccount objects | ||
+ | |||
+ | 4. Add groupOfNames module/ | ||
+ | |||
+ | This module/ | ||
+ | |||
+ | 4.1. Add module | ||
+ | |||
+ | < | ||
+ | ldapadd -Q -Y EXTERNAL -H ldapi:/// -W << | ||
+ | dn: cn=module, | ||
+ | cn: module | ||
+ | objectClass: | ||
+ | olcModuleLoad: | ||
+ | olcModulePath: | ||
+ | |||
+ | dn: olcOverlay={0}memberof, | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | olcOverlay: memberof | ||
+ | olcMemberOfDangling: | ||
+ | olcMemberOfRefInt: | ||
+ | olcMemberOfGroupOC: | ||
+ | olcMemberOfMemberAD: | ||
+ | olcMemberOfMemberOfAD: | ||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | Enter LDAP Password: | ||
+ | < | ||
+ | secret | ||
+ | </ | ||
+ | |||
+ | Expected output: | ||
+ | |||
+ | < | ||
+ | adding new entry " | ||
+ | |||
+ | adding new entry " | ||
+ | </ | ||
+ | |||
+ | 4.2. Configure it | ||
+ | |||
+ | < | ||
+ | ldapmodify -Q -Y EXTERNAL -H ldapi:/// -W << | ||
+ | dn: cn=module{1}, | ||
+ | add: olcmoduleload | ||
+ | olcmoduleload: | ||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | Enter LDAP Password: | ||
+ | < | ||
+ | secret | ||
+ | </ | ||
+ | |||
+ | Expected output: | ||
+ | |||
+ | < | ||
+ | modifying entry " | ||
+ | </ | ||
+ | |||
+ | 4.3. Add overlay: | ||
+ | |||
+ | < | ||
+ | ldapadd -Q -Y EXTERNAL -H ldapi:/// -W << | ||
+ | dn: olcOverlay={1}refint, | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | olcOverlay: {1}refint | ||
+ | olcRefintAttribute: | ||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | Enter LDAP Password: | ||
+ | < | ||
+ | secret | ||
+ | </ | ||
+ | |||
+ | Expected output: | ||
+ | |||
+ | < | ||
+ | adding new entry " | ||
+ | </ | ||
+ | |||
+ | 5. Load test data: | ||
+ | |||
+ | **Note**: this step can be performed from phpldapadmin or similar with " | ||
+ | |||
+ | < | ||
+ | ldapadd -x -D ' | ||
+ | dn: ou=groups, | ||
+ | objectclass: | ||
+ | objectclass: | ||
+ | ou: groups | ||
+ | |||
+ | dn: cn=testgroup, | ||
+ | cn: testgroup | ||
+ | member: cn=user1, | ||
+ | member: cn=user2, | ||
+ | objectclass: | ||
+ | objectclass: | ||
+ | |||
+ | dn: ou=people, | ||
+ | objectclass: | ||
+ | objectclass: | ||
+ | ou: people | ||
+ | |||
+ | dn: cn=user1, | ||
+ | cn: user1 | ||
+ | gidnumber: 10001 | ||
+ | givenname: User | ||
+ | homedirectory: | ||
+ | loginshell: /bin/bash | ||
+ | mail: user1@example.com | ||
+ | objectclass: | ||
+ | objectclass: | ||
+ | objectclass: | ||
+ | sn: One | ||
+ | uid: user1 | ||
+ | uidnumber: 10001 | ||
+ | userpassword: | ||
+ | |||
+ | dn: cn=user2, | ||
+ | cn: user2 | ||
+ | gidnumber: 10001 | ||
+ | givenname: User | ||
+ | homedirectory: | ||
+ | loginshell: /bin/bash | ||
+ | mail: user2@example.com | ||
+ | objectclass: | ||
+ | objectclass: | ||
+ | objectclass: | ||
+ | sn: Two | ||
+ | uid: user2 | ||
+ | uidnumber: 10002 | ||
+ | userpassword: | ||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | Expected output: | ||
+ | |||
+ | < | ||
+ | adding new entry " | ||
+ | |||
+ | adding new entry " | ||
+ | |||
+ | adding new entry " | ||
+ | |||
+ | adding new entry " | ||
+ | |||
+ | adding new entry " | ||
+ | </ | ||
+ | |||
+ | 5.1. Test it: | ||
+ | |||
+ | < | ||
+ | ldapsearch -LL -Y EXTERNAL -H ldapi:/// " | ||
+ | </ | ||
+ | |||
+ | Expected output: | ||
+ | |||
+ | < | ||
+ | SASL/ | ||
+ | SASL username: gidNumber=0+uidNumber=0, | ||
+ | SASL SSF: 0 | ||
+ | version: 1 | ||
+ | |||
+ | dn: uid=test1, | ||
+ | </ | ||
+ | |||
+ | This has FAILED. The reason is that we need to perform a write operation in memberof object " | ||
+ | |||
+ | 5.2. Trigger a write operation in memberof object | ||
+ | |||
+ | TODO: document how to do it via CLI | ||
+ | |||
+ | 5.2.1. Create a phpldapadmin container in the same docker host that is running LDAP container: | ||
+ | |||
+ | < | ||
+ | docker run --name phpldapadmin \ | ||
+ | | ||
+ | -e PHPLDAPADMIN_LDAP_HOSTS=ldap \ | ||
+ | -d osixia/ | ||
+ | </ | ||
+ | |||
+ | 5.2.2. Login to phpldapadmin: | ||
+ | |||
+ | | URL | it will depend on your infraestructure, | ||
+ | | login | cn=admin, | ||
+ | | password | secret | | ||
+ | |||
+ | 5.2.3. Click on " | ||
+ | |||
+ | 5.2.4. Click on " | ||
+ | |||
+ | 5.2.5. Click on " | ||
+ | |||
+ | 5.2.6. Click on " | ||
+ | |||
+ | 5.2.7. Click on " | ||
+ | |||
+ | 5.2.8. Click on " | ||
+ | |||
+ | TODO: this command will remove the object " | ||
+ | |||
+ | < | ||
+ | ldapmodify -x -D " | ||
+ | dn: cn=testgroup, | ||
+ | changetype: modify | ||
+ | delete: member | ||
+ | member: cn=user2, | ||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | Enter LDAP Password: | ||
+ | < | ||
+ | secret | ||
+ | </ | ||
+ | |||
+ | Expected output: | ||
+ | |||
+ | < | ||
+ | modifying entry " | ||
+ | </ | ||
+ | |||
+ | 5.3. Let's repeat step 5.1. again: | ||
+ | |||
+ | < | ||
+ | ldapsearch -LL -Y EXTERNAL -H ldapi:/// " | ||
+ | </ | ||
+ | |||
+ | Expected output: | ||
+ | |||
+ | < | ||
+ | SASL/ | ||
+ | SASL username: gidNumber=0+uidNumber=0, | ||
+ | SASL SSF: 0 | ||
+ | version: 1 | ||
+ | |||
+ | dn: cn=user1, | ||
+ | memberOf: cn=testgroup, | ||
+ | </ | ||
+ | |||
+ | 5.4. Test it using a filter re-usable later on by 3rd party applications, | ||
+ | |||
+ | < | ||
+ | ldapsearch -D " | ||
+ | </ | ||
+ | |||
+ | Enter LDAP Password: | ||
+ | < | ||
+ | secret | ||
+ | </ | ||
+ | |||
+ | Expected output: | ||
+ | |||
+ | < | ||
+ | # extended LDIF | ||
+ | # | ||
+ | # LDAPv3 | ||
+ | # base < | ||
+ | # filter: (& | ||
+ | # requesting: ALL | ||
+ | # | ||
+ | |||
+ | # user1, people, kedu.cat | ||
+ | dn: cn=user1, | ||
+ | cn: user1 | ||
+ | gidNumber: 10001 | ||
+ | givenName: User | ||
+ | homeDirectory: | ||
+ | loginShell: /bin/bash | ||
+ | mail: user1@example.com | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | objectClass: | ||
+ | sn: One | ||
+ | uid: user1 | ||
+ | uidNumber: 10001 | ||
+ | userPassword:: | ||
+ | |||
+ | # search result | ||
+ | search: 2 | ||
+ | result: 0 Success | ||
+ | |||
+ | # numResponses: | ||
+ | # numEntries: 1 | ||
+ | </ | ||
+ | |||
+ | 5.5. Test it with a 3rd party application, | ||
+ | |||
+ | < | ||
+ | (& | ||
+ | </ | ||
+ | |||
+ | ====== openldap (viejo, ignorar, solo se deja por referencia) | ||
open-ldap slapd ldap | open-ldap slapd ldap | ||
Line 7: | Line 443: | ||
| Distro | Ubuntu Server 12.10 | | | Distro | Ubuntu Server 12.10 | | ||
| Domain Component | example.com | | | Domain Component | example.com | | ||
+ | |||
Line 21: | Line 458: | ||
sudo vim /etc/hosts | sudo vim /etc/hosts | ||
- | Y dejar la linea tal que asi: | + | Y dejar la linea tal que asi, asumiendo que nuestro hostname es " |
- | 127.0.0.1 ldap.example.com | + | 127.0.0.1 localhost |
+ | 127.0.1.1 ldap.example.com ldap-1.dev.local.example.com | ||
1. Instalar paquetes: | 1. Instalar paquetes: | ||
Line 123: | Line 561: | ||
</ | </ | ||
- | NOTA: la contrasenya de los usuarios luego la cambiamos con phpldapmyadmin | + | NOTA: la contrasenya de los usuarios luego la cambiamos con [[phpldapadmin]] |
2. Ejecutar: | 2. Ejecutar: | ||
Line 321: | Line 759: | ||
5. Verificar: | 5. Verificar: | ||
- | ldapsearch -xLLL -b " | + | ldapsearch -x -LLL -b " |
Salida: | Salida: | ||
Line 357: | Line 795: | ||
</ | </ | ||
- | 6. A partir de aqui ya podriamos probar con PhpLdapAdmin: | + | 6. A partir de aqui ya podriamos probar con [[phpldapadmin]]: |
Login DN: cn=admin, | Login DN: cn=admin, | ||
Line 387: | Line 825: | ||
1. (Apache) Habilitar el modulo ldap | 1. (Apache) Habilitar el modulo ldap | ||
- | sudo a2enmod | + | sudo a2enmod |
- | 2. (Apache) Ejemplo de virtualhost: | + | ==== HTTP plano ==== |
+ | |||
+ | 1. (Apache) Ejemplo de virtualhost: | ||
< | < | ||
Line 403: | Line 843: | ||
< | < | ||
+ | | ||
order allow,deny | order allow,deny | ||
allow from all | allow from all | ||
+ | |||
AuthName " | AuthName " | ||
AuthType Basic | AuthType Basic | ||
AuthBasicProvider ldap | AuthBasicProvider ldap | ||
- | | + | |
+ | AuthLDAPBindDN cn=readonly, | ||
+ | AuthLDAPBindPassword clearpassword | ||
+ | | ||
require valid-user | require valid-user | ||
- | | + | </ |
ErrorLog ${APACHE_LOG_DIR}/ | ErrorLog ${APACHE_LOG_DIR}/ | ||
- | |||
# Possible values include: debug, info, notice, warn, error, crit, | # Possible values include: debug, info, notice, warn, error, crit, | ||
# alert, emerg. | # alert, emerg. | ||
LogLevel warn | LogLevel warn | ||
- | |||
CustomLog ${APACHE_LOG_DIR}/ | CustomLog ${APACHE_LOG_DIR}/ | ||
</ | </ | ||
Line 427: | Line 870: | ||
Ver [[http:// | Ver [[http:// | ||
- | 3. (Apache) Reiniciar Apache: | + | ==== TLS ==== |
+ | |||
+ | 1. Configuracion del virtual host: | ||
+ | |||
+ | < | ||
+ | < | ||
+ | ServerName testldap.example.com | ||
+ | ServerAdmin webmaster@localhost | ||
+ | DocumentRoot / | ||
+ | |||
+ | < | ||
+ | Options FollowSymLinks | ||
+ | AllowOverride None | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | | ||
+ | order allow, | ||
+ | allow from all | ||
+ | |||
+ | AuthName " | ||
+ | AuthType Basic | ||
+ | AuthBasicProvider ldap | ||
+ | |||
+ | AuthLDAPBindDN cn=readonly, | ||
+ | AuthLDAPBindPassword clearpassword | ||
+ | AuthLDAPURL " | ||
+ | |||
+ | require valid-user | ||
+ | </ | ||
+ | |||
+ | ErrorLog ${APACHE_LOG_DIR}/ | ||
+ | # Possible values include: debug, info, notice, warn, error, crit, | ||
+ | # alert, emerg. | ||
+ | LogLevel warn | ||
+ | CustomLog ${APACHE_LOG_DIR}/ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | 2. Crear el siguiente archivo: | ||
+ | |||
+ | sudo vim / | ||
+ | |||
+ | Con el siguiente contenido: | ||
+ | |||
+ | LDAPVerifyServerCert Off | ||
+ | |||
+ | 3. (TODO) Comprobar si es necesario reiniciar apache o con el reload de mas adelante es suficiente | ||
+ | |||
+ | ==== Comprobacion ==== | ||
+ | |||
+ | 1. (Apache) Reiniciar Apache: | ||
- | sudo / | + | sudo service |
- | 4. En un navegador teclear: | + | 2. En un navegador teclear: |
http:// | http:// | ||
Line 518: | Line 1012: | ||
NOTA: si se utiliza ' | NOTA: si se utiliza ' | ||
+ | |||
===== TLS, SSL, STARTTLS, LDAPS ===== | ===== TLS, SSL, STARTTLS, LDAPS ===== | ||
- | 1. Seguir los pasos especificados en https:// | + | https:// |
- | 2. **IMPORTANTE** es recomendable habilitar ldaps, por lo tanto **SI** es necesario: | + | When authenticating to an OpenLDAP server it is best to do so using an encrypted session. This can be accomplished using Transport Layer Security (TLS). |
- | 2.1 Editar: | + | Here, we will be our own Certificate Authority and then create and sign our LDAP server certificate as that CA. Since slapd is compiled using the gnutls library, we will use the certtool utility to complete these tasks. |
+ | |||
+ | 1. Install the gnutls-bin and ssl-cert packages: | ||
+ | |||
+ | sudo apt-get install gnutls-bin ssl-cert | ||
+ | |||
+ | 2. Create a private key for the Certificate Authority: | ||
+ | |||
+ | sudo sh -c " | ||
+ | |||
+ | 3. Create the template/ | ||
+ | |||
+ | < | ||
+ | cn = Example Company | ||
+ | ca | ||
+ | cert_signing_key | ||
+ | </ | ||
+ | |||
+ | 4. Create the self-signed CA certificate: | ||
+ | |||
+ | sudo certtool --generate-self-signed --load-privkey / | ||
+ | |||
+ | 5. Make a private key for the server: | ||
+ | |||
+ | sudo certtool --generate-privkey --bits 1024 --outfile / | ||
+ | |||
+ | 6. Create the / | ||
+ | |||
+ | < | ||
+ | organization = Example Company | ||
+ | cn = ldap01.example.com | ||
+ | tls_www_server | ||
+ | encryption_key | ||
+ | signing_key | ||
+ | expiration_days = 3650 | ||
+ | </ | ||
+ | |||
+ | The above certificate is good for 10 years. Adjust accordingly. | ||
+ | |||
+ | 7. Create the server' | ||
+ | |||
+ | sudo certtool --generate-certificate --load-privkey / | ||
+ | |||
+ | 8. Create the file / | ||
+ | |||
+ | < | ||
+ | dn: cn=config | ||
+ | add: olcTLSCACertificateFile | ||
+ | olcTLSCACertificateFile: | ||
+ | - | ||
+ | add: olcTLSCertificateFile | ||
+ | olcTLSCertificateFile: | ||
+ | - | ||
+ | add: olcTLSCertificateKeyFile | ||
+ | olcTLSCertificateKeyFile: | ||
+ | </ | ||
+ | |||
+ | Use the ldapmodify command to tell slapd about our TLS work via the slapd-config database: | ||
+ | |||
+ | sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f / | ||
+ | |||
+ | 9. IMPORTANTE es recomendable habilitar ldaps, por lo tanto SI es necesario: | ||
+ | |||
+ | Editar: | ||
sudo vim / | sudo vim / | ||
Line 533: | Line 1091: | ||
SLAPD_SERVICES=" | SLAPD_SERVICES=" | ||
- | 2.2 Reiniciar | + | Mas info: |
+ | |||
+ | |||
+ | LDAP over TLS/SSL (ldaps: / / ) is deprecated in favour of StartTLS. The latter refers to an existing | ||
+ | |||
+ | |||
+ | 10. Tighten up ownership and permissions: | ||
+ | |||
+ | sudo adduser openldap ssl-cert | ||
+ | sudo chgrp ssl-cert / | ||
+ | sudo chmod g+r / | ||
+ | sudo chmod o-r / | ||
+ | |||
+ | 11. Restart OpenLDAP: | ||
sudo service slapd restart | sudo service slapd restart | ||
- | -------------------------------------------------------------------------------- | + | 12. Comprobar: |
+ | |||
+ | sudo netstat | ||
+ | Salida esperada: | ||
+ | < | ||
+ | tcp 0 0 0.0.0.0: | ||
+ | tcp 0 0 0.0.0.0: | ||
+ | </ | ||
- | ^ Protocolo ^ Config.adicional servidor ^ Puerto ^ | + | ===== Modificar un registro |
- | | StartTLS | La descrita | + | Para añadir un campo, por ejemplo loginshell al usuario jur. Creeamos el fichero anyadir.ldif: |
- | | ldaps | La descrita en esta seccion. Editar '/etc/default/slapd' | 636 | | + | < |
+ | dn: cn=jur, | ||
+ | add: loginshell | ||
+ | loginshell: | ||
+ | </code> | ||
- | **IMPORTANTE**: | + | Lo añadimos con el comando: |
+ | ldapmodify -x -w ******** -D " | ||
+ | |||
+ | Para modificarlo, | ||
+ | < | ||
+ | dn: cn=jur, | ||
+ | changetype: modify | ||
+ | replace: loginshell | ||
+ | loginshell: /bin/sh | ||
+ | </ | ||
- | a) LDAP over TLS/SSL (ldaps://) is deprecated in favour of StartTLS. The latter refers to an existing LDAP session (listening on TCP port 389) becoming protected by TLS/SSL whereas LDAPS, like HTTPS, is a distinct encrypted-from-the-start protocol that operates over TCP port 636. | + | ldapmodify |
- | b) Hay todavia muchas aplicaciones que NO soportan StartTLS. | ||
- | c) En el lado servidor se realizan las configuraciones, en el lado cliente dependiendo | + | ===== Consulta sin corte de línea ===== |
+ | ldapsearch -D " | ||
+ | Con linux si tienes perl: | ||
+ | ldapsearch -D " | ||
+ | ===== Consulta | ||
+ | ldapsearch -D " | ||
+ | < | ||
+ | objectClasses: | ||
+ | objectClasses: | ||
+ | objectClasses: | ||
+ | objectClasses: | ||
+ | objectClasses: | ||
+ | objectClasses: | ||
+ | </ | ||
informatica/linux/openldap.txt · Last modified: 2018/07/24 09:37 by javi