OpenLDAP

Deixe um comentário Ir para os comentários

*******************************************************************************
Instalar e Configurar o OpenLDAP Server no Debian 4.0 (Etch)
Criado por: Alessandro C. M. Kuramoto
Data: 25/06/2009
Modificado em: 18/04/2010-23:40
v.20100418-23:40
Palavras-chaves: OpenLDAP, LDAP, Autenticando o Linux
Por favor, matenham o nome do autor deste arquivo.
*******************************************************************************

http://pt.wikipedia.org/wiki/EOF

###############################################################################
# Avisos!!!
###############################################################################

http://memovirtual.worpress.com

## Atenção no site memovirtual:
## As opções passadas com – - (menos,menos) no site podem ter ficado
## com um — (travessão), assim use o “man” para confirmar a opção utilizada

## Desculpem-me pelos erros de português, mas vocês sabem…
## nossa lingua é fácil ;) … e às vezes ao escrever o pensamento está
## lá na frente, enquanto que a digitação…

|##########^ Avisos!!! #######################################################|

###############################################################################
# Ver Também:
###############################################################################

## MemoVirtual:
PAM

|##########^ Ver Também ######################################################|

###############################################################################
# Temp:
###############################################################################

ESTUDAR SUDO no OpenLDAP:

http://www.gentoo-wiki.info/HOWTO_LDAP_auth_and_SUDO

http://www.secure-computing.net/wiki/index.php/OpenLDAP/sudo

Bom:

http://www.michael-hammer.at/blog/ldap_sudo/

http://www.gratisoft.us/sudo/readme_ldap.html

ESTUDA O SSH no OpenLDAP:

## Directory:

http://directory.fedoraproject.org/

VER:

https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html

|##########^ Temp ############################################################|

###############################################################################
# Servidor:
###############################################################################

SO:       Debian 4.0 Etch
Servidor: OpenLDAP Server
Serviço:

Instalação básica (modo texto).

RAM

Swap
/boot
/
/usr
/var

###############################################################################
# Conceitos:
###############################################################################

|##########^ Conceitos #######################################################|

###############################################################################
# Instalando um Servidor OpenLDAP:
###############################################################################

## Para instalar o servidor de OpenLDAP e o cliente OpenLDAP:
sudo apt-get install ldap-server ldap-client

#### Debian 5.0 Lenny
### Que de fato deve ser:
## (Fonte: http://www.debianhelp.co.uk/ldap.htm)
sudo apt-get install slapd ldap-utils

#> Será solicitado a senha para o adim do OpenLDAP

|#########^ Instalando o OpenLDAP ############################################|

###############################################################################
# Arquivos de Configuração:
###############################################################################

|#########^ Arquivos de Configuração##########################################|

###############################################################################
# Configurando o Servidor de OpenLDAP:
###############################################################################
===============================================================================
Configuração Geral – Explicação:
===============================================================================

Our OpenLDAP server is already running, so let’s first configure /etc/ldap/ldap.conf, a common configuration file for all LDAP clients. This will allow us to run ldapsearch and other commands without having to list all the basic parameters by hand each time.

vim /etc/ldap/ldap.conf
_______________________________________________________________________________
SO: Debian 5.0 Lenny
Arquivo: /etc/ldap/ldap.conf (Permissões: -rw-r–r– 1 root root)
————————————————————————-
.
..

#>>>> Modificado:
BASE    dc=dominio,dc=com,dc=br
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#>>>> Modificado:
URI    ldap://10.161.1.14

..
.

|———-^ Arquivo: /etc/ldap/ldap.conf ———————————–|

|<<<<<<<<<<<<<< #### Configurando o Servidor de OpenLDAP ####

vim /etc/ldap/slapd.conf
_______________________________________________________________________________
SO: Debian 5.0 Lenny
Arquivo: /etc/ldap/slapd.conf (Permissões: -rw-r—– 1 root openldap)
————————————————————————-
.
..

### Nível de detalhes do Log:
loglevel 256

### Iremos configurar qual é a base padrão para pesquisas, para isto:
# The base of your directory in database #1
#>>>> Modificado:
suffix          “dc=dominio,dc=com,dc=br”

# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
#>>>> Modificado:
rootdn          “cn=admin,dc=dominio,dc=com,dc=br”


..
.
|———-^ Arquivo: /etc/ldap/slapd.conf ———————————–|

|<<<<<<<<<<<<<< #### Configurando o Servidor de OpenLDAP ####

———————————————————–
### Erro:
adding new entry “ou=grupos,dc=testdomain,dc=net,dc=br”
ldap_add: Naming violation (64)
additional info: value of naming attribute ‘ou’ is not present in entry

## Este erro aconteceu pelo erro do nome do grupo em “ou”:
dn: ou=grupos,dc=testdomain,dc=net,dc=br
ou: grupo
objectClass: organizationalUnit
———————————————————–

———————————————————–
### Erro:
adding new entry “ou=empresa,dc=testdomain,dc=net,dc=br”
ldap_add: Already exists (68)

## Este erro aconteceu porque a OU empresa já existia
———————————————————–

|#########^ Configurando o Servidor de OpenLDAP ##############################|

###############################################################################
# Administrando o Servidor de OpenLDAP:
###############################################################################

===============================================================================
Criando Contas de Usuários:
===============================================================================

Criar um arquivo LDIF:

vim usuario.ldif
_______________________________________________________________________________
Arquivo: usuario.ldif
————————————————————————-

## DN do grupo
dn: cn=administradores,ou=empresa,dc=testdomain,dc=net,dc=br
cn: administradores
gidNumber: 20000
objectClass: top
objectClass: posixGroup

dn: uid=alessandro,ou=empresa,dc=testdomain,dc=net,dc=br
uid: alessandro
uidNumber: 20000
gidNumber: 20000
cn: Alessandro
sn: Alessandro
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
loginShell: /bin/false
homeDirectory: /home/alessandro

|———-^ Arquivo: usuario.ldif ———————————–|

|<<<<<<<<<<<<<< #### Administrando o Servidor de OpenLDAP ####

## Executar o comando para criar o usuário e grupos:
ldapadd -c -x -D cn=admin,dc=testdomain,dc=net,dc=br -W -f /root/usuario.ldif
Enter LDAP Password:
adding new entry “cn=administradores,ou=empresa,dc=testdomain,dc=net,dc=br”

adding new entry “uid=alessandro,ou=empresa,dc=testdomain,dc=net,dc=br”

ldapsearch -x alessandro
ldapsearch -LLLx empresa
### Opções Gerais:
# -b – caminho onde quer consultar (Base DN)
# -H – servidor LDAP
# -L – pesquisa mais “enxuta”, retira as informações desnecessárias
# -x – usa a autenticação simples ao invés de usar SASL

|<<<<<<<<<<<<<< #### Administrando o Servidor de OpenLDAP ####

ldapsearch -x -H ldap://10.161.1.14 -LLL -b ou=empresa,dc=testdomain,dc=net,dc=br cn=alessandro

ldapsearch -x -H ldap://ldap.dominio.net.br -LLL -b ou=empresa,dc=dominio,dc=net,dc=br cn=*Kuramoto*

## Erro:
adding new entry “cn=administradores,ou=grupo,ou=empresa,dc=testdomain,dc=net,dc=br”
ldap_add: No such object (32)

# A OU grupo especificada no arquivo LDIF não existia

|<<<<<<<<<<<<<< #### Administrando o Servidor de OpenLDAP ####

ldappasswd -x -D cn=admin,dc=testdomain,dc=net,dc=br -W -S uid=alessandro,ou=empresa,dc=testdomain,dc=net,dc=br

|<<<<<<<<<<<<<< #### Administrando o Servidor de OpenLDAP ####

### Opções Gerais:
# -b – caminho onde quer consultar (Base DN)
# -H – servidor LDAP
# -L – pesquisa mais “enxuta”, retira as informações desnecessárias
# -W – para solicitar a senha
# -x – usa a autenticação simples ao invés de usar SASL

|#########^ Administrando o Servidor de OpenLDAP #############################|

## Pesquisa de usuário destro de grupos:

ldapsearch -H ldap://ldap.domino.net.br -LLL -x -b ‘ou=groups,o=dominio’ ‘cn=’grupos.nome” | grep usuario.

Ou

## Pesquisa de usuário destro de grupos:
ldapsearch -H ldap://ldap.dominio.net.br -LLL -x -b ‘ou=Groups,ou=empresa,dc=dominio,dc=net,dc=br’ ‘cn=’grupos.nome” | grep usuario

### Opções
# -H – servidor LDAP
# -b – caminho onde quer consultar (Base DN)
# -x – usa a autenticação simples ao invés de usar SASL

ldapsearch -x -H ldap://ldap.dominio.net.br -LLL -b ou=empresa,dc=dominio,dc=net,dc=br

ldapsearch -x -H ldap://ldap.dominio.net.br -LLL -b ou=empresa,dc=dominio,dc=net,dc=br uid=alessandro

ldapsearch -x -H ldap://ldap.dominio.net.br -LLL -b ou=empresa,dc=dominio,dc=net,dc=br cn=*Kuramoto*

ldapsearch -x -H ldap://ldap.dominio.net.br -LLL -b ou=empresa,dc=dominio,dc=net,dc=br givenName=*Kuramoto*

ldapsearch -x -H ldap://ldap.dominio.com.br -b ou=groups,ou=oudodominio,dc=dominio,dc=com,dc=br cn=grupo.nome | grep usuario.usa

(Fonte: http://www.istf.com.br/vb/autenticacao-e-controle-de-acesso/13873-pesquisa-ldap-com-o-ldapsearch.html)
# ldapsearch -x -h 10.3.7.32 -D cn=Administrator,cn=users,dc=timlig,dc=com -W -b “cn=users,dc=timlig,dc=com” ‘(sAMAccountName=*)’

onde:

-x = autenticacao simples sem tls
-h = host ou nome do server
-D = usuario pra logar no AD
-W = senha do usuario q vai logar la
-b = caminho onde quer consultar (Base DN)

ai o SAMAAccountName=* vai me retornar todos os nomes de login la dentro!
no meu caso esse comando retornou 2 usuarios:

http://www.cesarkallas.net/arquivos/tutoriais/linux/activedirectory/AutenticarLinuxAD.html

LDAP password audit and general hackery:

http://midnightresearch.com/pages/ldap-password-audit-and-general-hackery/

tcpdump -i <if> -n -p -s65535 -w ldapsearch.pcap port 389

Como integrar o Firewall Aker com um servidor LDAP:

http://www1.aker.com.br/108/10802002.asp?ttCD_CHAVE=266

Autenticando com LDAP Suse:

pam_ldap
nss_ldap

LDAP user cannot login with GUI desktop

https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html

###############################################################################
# Configurar Clientes para Autenticar em um Servidor OpenLDAP:
###############################################################################

Configurar o Debian para Autenticar em um Servidor OpenLDAP

————————————————————————-
[ No Cliente ]
|

(Fonte: https://help.ubuntu.com/community/LDAPClientAuthentication)
### Instalar
sudo apt-get update
sudo apt-get install libpam-ldap libnss-ldap nscd

———————————————————————
### Reponder às perguntas:

Configuring libnss-ldap (Digitar o endereço do servidor de OpenLDAP):
Exemplo, ldap://ldap.dominio.com.br

Distinguished name of the search base:
Exemplo: dc=dominio,dc=com,dc=br

LDAP version to use: 3

LDAP account for root: (deixar como está. Em princípio não será necessário)

LDAP root account password: (deixar como está. Em princípio não será necessário)

———————————————————————

|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####

##### Name Service:
1/1 – Name Service)

vim /etc/nsswitch.conf
_______________________________________________________________________________
SO: Debian, Ubuntu
Arquivo: /etc/nsswitch.conf (Permissões: -rw-r–r– 1 root root)
——————————————————————————
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference’ and `info’ packages installed, try:
# `info libc “Name Service Switch”‘ for information about this file.

#>>>> Adicionar ldap:
passwd:         compat ldap #winbind
#passwd:         compat winbind

#>>>> Adicionar ldap
group:          compat ldap #winbind
#group:          compat winbind

#>>>> Adicionar ldap (não é obrigatório, checar!!!)
shadow:         compat ldap
#shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

|———-^ Arquivo: /etc/nsswitch.conf  ————————————|

|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
##### LDAP (No Cliente):
1/1 – LDAP no Cliente)

vim /etc/pam_ldap.conf
_______________________________________________________________________________
Arquivo: /etc/pam_ldap.conf (Permissões: -rw-r–r– 1 root root)
SO: Debian, Ubuntu
——————————————————————————
.
..

#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
### Caminho para Base LDAP
# The distinguished name of the search base.
base dc=dominio,dc=com,dc=br

#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
### Servidor do OpenLDAP
# Another way to specify your LDAP server is to provide an
uri ldap://ldap.dominio.com.br

#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
## Versão do OpenLDAP
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3

#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
### Filtro PAM Adicionado:
# Filter to AND with uid=%s
#pam_filter objectclass=account
pam_filter | (&(loginShell=/bin/bash))

# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
pam_password crypt


..
.
|———-^ Arquivo: /etc/pam_ldap.conf  ————————————|

|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
##### PAM (No Cliente):
1/4 – PAM no Cliente)
vim /etc/pam.d/common-account
_______________________________________________________________________________
SO: Debian, Ubuntu
Arquivo: /etc/pam.d/common-account (Permissões: -rw-r–r– 1 root root)
——————————————————————————
#
# /etc/pam.d/common-account – authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system.  The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#

#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
### Linha adicionada:
## config=/etc/pam_ldap.conf – indica o arquivo de configuração do LDAP
## normalmente o arquivo padrão é o /etc/ldap.conf
account sufficient      pam_ldap.so config=/etc/pam_ldap.conf
#account sufficient      pam_ldap.so

account required        pam_unix.so

|———-^ Arquivo: /etc/pam.d/common-account  ——————————|

|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
2/4 – PAM no Cliente)
vim /etc/pam.d/common-auth
_______________________________________________________________________________
SO: Debian, Ubuntu
Arquivo: /etc/pam.d/common-auth (Permissões: -rw-r–r– 1 root root)
——————————————————————————
#
# /etc/pam.d/common-auth – authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#

#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
### Linha Adicionada:
### Linha para realizar autenticação no OpenLDAP, ver arquivos:
### common-account e common-session
#auth    sufficient                      pam_ldap.so
auth sufficient pam_ldap.so config=/etc/pam_ldap.conf

auth    required        pam_unix.so nullok_secure

|———-^ Arquivo: /etc/pam.d/common-auth  ——————————–|

|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
3/4 – PAM no Cliente)
vim /etc/pam.d/common-password
_______________________________________________________________________________
SO: Debian, Ubuntu
Arquivo: /etc/pam.d/common-password (Permissões: -rw-r–r– 1 root root)
——————————————————————————
#
# /etc/pam.d/common-password – password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define  the services to be
#used to change user passwords.  The default is pam_unix

# The “nullok” option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
#
# (Add `md5′ after the module name to enable MD5 passwords)
#
# The “obscure” option replaces the old `OBSCURE_CHECKS_ENAB’ option in
# login.defs. Also the “min” and “max” options enforce the length of the
# new password.
#password        sufficient                      pam_ldap.so

#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
auth sufficient pam_ldap.so config=/etc/pam_ldap.conf

password   required   pam_unix.so nullok obscure min=4 max=8 md5

# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
# (Replaces the `OBSCURE_CHECKS_ENAB’, `CRACKLIB_DICTPATH’)
#
# password required       pam_cracklib.so retry=3 minlen=6 difok=3
# password required       pam_unix.so use_authtok nullok md5

|———-^ Arquivo: /etc/pam.d/common-password —————————–|

|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
4/4 – PAM no Cliente)
vim /etc/pam.d/common-session
_______________________________________________________________________________
SO: Debian, Ubuntu
Arquivo: /etc/pam.d/common-session (Permissões: -rw-r–r– 1 root root)
——————————————————————————
.
..

#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
## A linha abaixo permitirá a criação do diretório do usuário no momento do
## Login
## Adicionar esta linha:
session required                        pam_mkhomedir.so umask=0022 skel=/etc/skel

..
.
|———-^ Arquivo: /etc/pam.d/common-session  ——————————|

|
[Cliente - Fim]

|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####

————————————–|
## Erro:
Mar  5 09:08:52 ns2 sshd[23971]: pam_ldap: could not open secret file /etc/pam_ldap.secret (No such file or directory)

## Solução:
# Cria o arquivo /etc/pam_ldap.secret
————————————–|

Mar  6 15:48:44 firewall-server sshd[2784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.7.3.212  user=alessandro
Mar  6 15:48:47 firewall-server sshd[2784]: Failed password for alessandro from 10.7.3.212 port 34671 ssh2

|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####

===============================================================================
Configurando o Cliente para fazer Cache das Autenticações:
===============================================================================

(Fonte: https://help.ubuntu.com/community/LDAPClientAuthentication)
(Fonte: https://help.ubuntu.com/community/PamCcredsHowto)
#### Option: Caching Name Service directories (Armazenar as credenciais)
#### PamCcredsHowto

## Instalando os pacotes necessários:
sudo apt-get install nss-updatedb libnss-db libpam-ccreds

##
sudo nss_updatedb ldap

No Debian 4.0 Etch está aparecendo o erro:
Failed to enumerate nameservice: Success
passwd… nameservice unavailable.

|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
|<<<<<<<< ==== Configurando o Cliente para fazer Cache das Autenticações ====

## Criar um script para fazer a atualização da base local:
echo ‘#!/bin/sh’ | sudo tee /etc/cron.daily/upd-local-nss-db
echo `which nss_updatedb` ldap | sudo tee -a /etc/cron.daily/upd-local-nss-db

## Configurar o arquivo /etc/nsswitch.conf:
passwd:         files ldap [NOTFOUND=return] db
group:          files ldap [NOTFOUND=return] db

## Configurar:
vim /etc/pam.d/common-auth

|==========^ Configurando o Cliente para fazer Cache das Autenticações =======|

|##########^ Configurar Clientes para Autenticar em um Servidor OpenLDAP #####|

###############################################################################
# Troubleshooting
###############################################################################
>Troubleshooting

——————————————————————————-
### Erros conhecidos:
## Questão/ Problema: (Question/Issue)

Não consegue logar via SSH e aparece o erro no log /var/log/auth.log.

## Sintoma: (Symptoms)

Não consegue logar via SSH e aparece o erro no log /var/log/auth.log:

Mar  4 11:15:07 nagios sshd[3545]: reverse mapping checking getaddrinfo for maquina81260.dominio.com.br failed – POSSIBLE BREAK-IN ATTEMPT!
Mar  4 11:15:07 nagios sshd[3545]: User alessandro from 10.161.1.217 not allowed because not listed in AllowUsers
Mar  4 11:15:07 nagios sshd[3545]: Failed none for invalid user alessandro from 10.161.1.217 port 47355 ssh2
Mar  4 11:15:11 nagios sshd[3545]: pam_ldap: could not open secret file /etc/pam_ldap.secret (No such file or directory)
Mar  4 11:15:11 nagios sshd[3545]: pam_ldap: error trying to bind as user “uid=alessandro,ou=usuarios,ou=dominio,dc=com,dc=br” (Invalid credentials)
Mar  4 11:15:11 nagios sshd[3545]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.161.1.217  user=alessandro
Mar  4 11:15:11 nagios sshd[3545]: pam_ldap: error trying to bind as user “uid=alessandro,ou=usuarios,ou=dominio,dc=com,dc=br” (Invalid credentials)
Mar  4 11:15:11 nagios sshd[3545]: pam_ldap: error trying to bind as user “uid=alessandro,ou=usuarios,ou=dominio,dc=com,dc=br” (Invalid credentials)
Mar  4 11:15:14 nagios sshd[3545]: Failed password for invalid user alessandro from 10.161.1.217 port 47355 ssh2

## Causa: (Cause)

O usuário não está na diretiva AllowUsers do arquivo: /etc/ssh/sshd_config

## Solução: (Solution)

Adicione o usuário na diretiva AllowUsers do arquivo: /etc/ssh/sshd_config

|—————————————————————————–|

——————————————————————————-
### Erros conhecidos:
## Questão/ Problema: (Question/Issue)

Ao executar o comando “ls -la” no diretório raíz de um usuário, demora aparecer o resultado.

## Sintoma: (Symptoms)

- Ao executar o comando “ls -la” no diretório raíz de um usuário,
demora aparecer o resultado.;

- O usuário autenticou usando a base de dados do OpenLDAP;

- O usuário não existe no arquivo /etc/passwd;

## Causa: (Cause)

Este problema está relacionado ao GRUPO que o usuário pertence não
existir no sistema local. Ao exectuar o comando “ls -la” é mostrado
o usuário dono e grupo dono do arquivo/diretório, se o GRUPO não existir
no Sistema o resultado do comando demorará porque será feito uma consulta
no OpenLDAP e se o grupo não existir no OpenLDAP, o resultado demorará;

## Solução: (Solution)

Pesquisando.

|—————————————————————————–|

ls -lah

|##########^ Troubleshooting #################################################|

###############################################################################
# Referências:
###############################################################################
>Referência

|<<<<<<<<<<<<<< #### Referências ####

Configurando Linux Ubuntu 8.04 para autenticar no LDAP:

http://www.vivaolinux.com.br/artigo/Configurando-Ubuntu-Linux-8.04-para-autenticar-no-LDAP

Debian LDAP Client Setup:

http://cworld.wikidot.com/adm:debian-ldap-client-setup

LDAPClientAuthentication: (Muito bom site)

https://help.ubuntu.com/community/LDAPClientAuthentication

OpenLDAP installation on Debian:

http://www.debian-administration.org/article/OpenLDAP_installation_on_Debian

The ldapmodify Tool

http://docs.sun.com/source/816-6400-10/lmodify.html

|<<<<<<<<<<<<<< #### Referências ####

Ldap Authentication on Debian: (Muito bom site)

http://www.jukie.net/~bart/ldap/ldap-authentication-on-debian/

http://www.jukie.net/~bart/ldap/ldap-authentication-on-debian/#NSS

|<<<<<<<<<<<<<< #### Referências ####

http://www.securityfocus.com/infocus/1428

http://wiki.freaks-unidos.net/linux%20ldap%20howto

LDAP or OpenLDAP Configuration in Debian:

http://www.debianhelp.co.uk/ldap.htm

LDAP Series Part IV – Installing OpenLDAP on Debian Plus Some LDAP Commentary:

http://www.linuxjournal.com/node/1000115

Making a Debian or Ubuntu Machine an LDAP Authentication Client:

http://mcwhirter.com.au/node/25

OpenLDAP Software 2.4 Administrator’s Guide:

http://www.openldap.org/doc/admin24/

Howto setup user authentication on the LDAP server and on the Client:

http://en.opensuse.org/Howto_LDAP_userAuth

Mão na massa OpenLDAP:

http://www2.savant.com.br/index.php/eventos/mao-na-massa-openldap

MAIS:

http://www.linux-cd.com.ar/manuales/rh8.0/rhl-sg-en-8.0/s1-wstation-privileges.html

|#########^ Referências ######################################################|

## Para ver a versão do Suse:

yast2

Network Services > LDAP Client

Pacotes necessários:
yast2-slp
pam_ldap
nss_ldap

zypper sa -t nomedorepositório.
zypper addrepo http://packman.iu-bremen.de/suse/10.3/ ‘Packman Repository’

VER:

http://mirrors.uol.com.br/pub/opensuse/update/10.3/

ftp5.gwdg.de/pub/opensuse/repositories/YaST:/Backport/openSUSE_10.3/i586/yast2-slp-2.16.0-2.35.i586.rpm

  1. Nenhum comentário ainda.
  1. Nenhum trackbacks ainda.

Deixe uma resposta

Preencha os seus dados abaixo ou clique em um ícone para log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Sair / Alterar )

Imagem do Twitter

You are commenting using your Twitter account. Sair / Alterar )

Foto do Facebook

You are commenting using your Facebook account. Sair / Alterar )

Cancelar

Connecting to %s

Seguir

Obtenha todo post novo entregue na sua caixa de entrada.