Implementazione dell autenticazione con LDAP

Implementazione dell autenticazione con LDAP Esercitazione Informazioni preliminari " : /etc/openldap/slapd.conf /etc/openldap/ldap.conf /etc/ldap.conf #$/etc/init.d/ldap "$ "%&$ldap://<server>/<base_dn>?<filtro>?<scope> # '$ ldapsearch ()* ldapadd/modify/delete + ()* ldappasswd, - ()* slapcat. ()/ )* slapadd & ( )* slappasswd " - slapdn 0 1 Rete di riferimento

Avvio e configurazione del servizio base ) 2 /etc/openldap/slapd.conf o 3- [CUT] ####################################################################### # ldbm and/or bdb database definitions ####################################################################### database bdb suffix "dc=master,dc=univr,dc=it" rootdn "cn=manager,dc=master,dc=univr,dc=it" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # rootpw secret rootpw {crypt}ijfyncsnctbyg # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap # Indices to maintain for this database index objectclass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidnumber,gidnumber,loginshell eq,pres index uid,memberuid eq,pres,sub index nismapname,nismapentry eq,pres,sub ) $ $> slaptest ) ' $$> slapd d3 ) $root.ldif dn: dc=master,dc=univr,dc=it dc: master objectclass: dcobject ou: masterunit ) $ o $> slapadd l root.ldif o ' $ $> chown ldap:ldap /var/lib/ldap/* ) $$> /etc/init.d/ldap start ) )dir1: dir.ldif dn: dc=dir1,dc=master,dc=univr,dc=it ou: dir1 ) )$ o ldapadd x D cn=manager,dc=master,dc=univr,dc=it W f dir.ldif ) $$> ldapsearch x -b dc=master,dc=univr,dc=it h 127.0.0.1 ) $ ()*()* /etc/openldap/ldap.conf ) People, Groups e Services (branches.ldif) dn: ou=people,dc=dir1,dc=master,dc=univr,dc=it ou: People dn: ou=groups,dc=dir1,dc=master,dc=univr,dc=it

ou: Groups dn: ou=services,dc=dir1,dc=master,dc=univr,dc=it ou: Services ) ldapadd slapadd ) $group.ldif dn: cn=staff1,ou=groups,dc=dir1,dc=master,dc=univr,dc=it gidnumber: 8901 objectclass: top objectclass: posixgroup cn: staff1 ) ldapadd slapadd ) $user.ldif dn: uid=user1,ou=people,dc=dir1,dc=master,dc=univr,dc=it uid: user1 cn: Paolo Rossi userpassword: {SSHA}gDAxp9h3kaoiV7vpnldQTnvnc62hMdX1 uidnumber: 5001 gidnumber: 8901 objectclass: account objectclass: posixaccount objectclass: shadowaccount shadowmax: 999999 shadowlastchange: 111180 shadowwarning: 7 shadowflag: 134539460 loginshell: /bin/bash homedirectory: /home/user1 gecos: Paolo Rossi ) ' $ $> chown ldap:ldap /var/lib/ldap/* ) 1 '$ o ldapsearch xd uid=user1,ou=people,dc=dir1,dc=master,dc=univr,dc=it W # 4 ) 55$ /etc/ldap.conf ) $ o $> system-config-authentication ) (* ) '$ o $> id user1 o o user1 2/home/user1 user1 ) $ dn: dc=dir3,dc=master,dc=univr,dc=it

objectclass: referral objectclass: extensibleobject dc: dir3 ref: ldap://192.168.2.32/dc=dir3,dc=master,dc=univr,dc=it??sub ) ldapsearch -xc ) 0 ' 2 6 ) &78 9$ o $> export PATH=/usr/java/jre1.5.0_02/bin/:$PATH ) -$ o $> /root/ldap/ldapbrowser/lbe.sh ) 2 ("):2;* ) 0 $ o ldapsearch x uid=user1 + Schemi degli objectclass Utilizzati objectclass ( 2.5.6.5 NAME 'organizationalunit' DESC 'RFC2256: an organizational unit' SUP top STRUCTURAL MUST ou MAY ( userpassword $ searchguide $ seealso $ businesscategory $ x121address $ registeredaddress $ destinationindicator $ preferreddeliverymethod $ telexnumber $ teletexterminalidentifier $ telephonenumber $ internationalisdnnumber $ facsimiletelephonenumber $ street $ postofficebox $ postalcode $ postaladdress $ physicaldeliveryofficename $ st $ l $ description ) ) objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixaccount' SUP top AUXILIARY DESC 'Abstraction of an account with POSIX attributes' MUST ( cn $ uid $ uidnumber $ gidnumber $ homedirectory ) MAY ( userpassword $ loginshell $ gecos $ description ) ) objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowaccount' SUP top AUXILIARY DESC 'Additional attributes for shadow passwords' MUST uid MAY ( userpassword $ shadowlastchange $ shadowmin $ shadowmax $ shadowwarning $ shadowinactive $ shadowexpire $ shadowflag $ description ) ) objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixgroup' SUP top STRUCTURAL DESC 'Abstraction of a group of accounts' MUST ( cn $ gidnumber )

MAY ( userpassword $ memberuid $ description ) )