User Tools

Site Tools


informatica:linux:ldap

ldap

open-ldap slapd ldap

http://www.zytrax.com/books/ldap/

Instalación

sudo aptitude install slapd ldap-utils

ldap.conf

sudo mv /etc/ldap/ldap.conf /etc/ldap/ldap.conf.bak
sudo vim /etc/ldap/ldap/ldap.conf
#
###### SAMPLE 1 - SIMPLE DIRECTORY ############
#
# NOTES: inetorgperson picks up attributes and objectclasses
#        from all three schemas
#
# NB: RH Linux schemas in /etc/openldap
#
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema

# NO SECURITY - no access clause
# defaults to anonymous access for read
# only rootdn can write

# NO REFERRALS

# DON'T bother with ARGS file unless you feel strongly
# slapd scripts stop scripts need this to work
pidfile /var/run/slapd.pid

# enable a lot of logging - we might need it
# but generates huge logs
loglevel        255

# MODULELOAD definitions
# not required (comment out) before version 2.3
moduleload back_bdb.la

# NO TLS-enabled connections

# backend definition not required

#######################################################################
# bdb database definitions
#
# replace example and com below with a suitable domain
#
# If you don't have a domain you can leave it since example.com
# is reserved for experimentation or change them to my and inc
#
#######################################################################

database bdb
suffix "dc=example, dc=com"

# root or superuser
rootdn "cn=jimbob, dc=example, dc=com"
rootpw dirtysecret

# The database directory MUST exist prior to running slapd AND
# change path as necessary
directory       /srv/ldapdb

# Indices to maintain for this directory
# unique id so equality match only
index   uid     eq

# allows general searching on commonname, givenname and email
index   cn,gn,mail eq,sub

# allows multiple variants on surname searching
index sn eq,sub

# sub above includes subintial,subany,subfinal
# optimise department searches
index ou eq

# if searches will include objectClass uncomment following
# index objectClass eq
# shows use of default index parameter
index default eq,sub

# indices missing - uses default eq,sub
index telephonenumber

# other database parameters
# read more in slapd.conf reference section
cachesize 10000
checkpoint 128 15

Arrancar ldap

No se por que demonios el '/etc/init.d/slpad start' me arranca malamente el demonio. Mejor hacerlo a mano (con mucho debug, con la opcion -d):

sudo /usr/sbin/slapd -f /etc/ldap/ldap.conf -g openldap -u openldap -h ldap://192.168.1.17 &

Comprobar que ha arrancado:

ps ax | grep ldap
9122 ?        Ssl    0:00 /usr/sbin/slapd -f /etc/ldap/ldap.conf -g openldap -u openldap -h ldap://192.168.1.17

Para pararlo matar el proceso con kill

Insertar registro

1. Crear un archivo .ldif:

sudo vim /tmp/ejemplo1.ldif

Con el siguiente contenido:

## DEFINE DIT ROOT/BASE/SUFFIX ####
## uses RFC 2377 format
## replace example and com as necessary below
## or for experimentation leave as is

## dcObject is an AUXILLIARY objectclass and MUST
## have a STRUCTURAL objectclass (organization in this case)
# this is an ENTRY sequence and is preceded by a BLANK line

dn: dc=example,dc=com
dc: example
description: My wonderful company as much text as you want to place 
 in this line up to 32K continuation data for the line above must 
 have <CR> or <CR><LF> i.e. ENTER works 
 on both Windows and *nix system - new line MUST begin with ONE SPACE
objectClass: dcObject
objectClass: organization
o: Example, Inc.

## FIRST Level hierarchy - people 
## uses mixed upper and lower case for objectclass
# this is an ENTRY sequence and is preceded by a BLANK line

dn: ou=people, dc=example,dc=com
ou: people
description: All people in organisation
objectclass: organizationalunit

## SECOND Level hierarchy
## ADD a single entry under FIRST (people) level
# this is an ENTRY sequence and is preceded by a BLANK line
# the ou: Human Resources is the department name

dn: cn=Robert Smith,ou=people,dc=example,dc=com
objectclass: inetOrgPerson
cn: Robert Smith
cn: Robert J Smith
cn: bob  smith
sn: smith
uid: rjsmith
userpassword: rJsmitH
carlicense: HISCAR 123
homephone: 555-111-2222
mail: r.smith@example.com
mail: rsmith@example.com
mail: bob.smith@example.com
description: swell guy
ou: Human Resources

2. Insertar el registro:

ldapadd -H ldap://192.168.1.17 -x -D "cn=jimbob,dc=example,dc=com" -f /srv/example.ldif -w dirtysecret

Buscar registro

ldapsearch -H ldap://192.168.1.17 -LL -b ou=people,dc=example,dc=com "{mail=*smith*)" sn cn mail

Me ha salido bien antes, ahora no me furrula (quiza porque borre el registro

ldapsearch -xh 192.168.1.17 -b '' -s base subschemaSubentry
informatica/linux/ldap.txt · Last modified: 2015/04/13 20:19 by 127.0.0.1