변군이글루

[LDAP] OpenLDAP 클라이언트 설치 본문

* 리눅스

[LDAP] OpenLDAP 클라이언트 설치

변군 변군이글루 2021. 6. 13. 20:13
728x90
반응형

OpenLDAP 클라이언트 설치

OpenLDAP 클라이언트 패키지 설치

$ yum install -y openldap-clients nss-pam-ldapd
...
Installing:
 nss-pam-ldapd
 openldap-clients
Installing for dependencies:
 nscd
$ systemctl restart nscd

ldapsearch 명령어 확인

$ ldapsearch -h 192.168.56.101 -D cn=admin,dc=4wxyz,dc=com -b dc=4wxyz,dc=com -w ldappassword -s sub "(objectclass=*)"
--output--
# extended LDIF
#
# LDAPv3
# base <dc=4wxyz,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# 4wxyz.com
dn: dc=4wxyz,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: 4wxyz
dc: 4wxyz

# admin, 4wxyz.com
dn: cn=admin,dc=4wxyz,dc=com
cn: admin
roleOccupant: dc=4wxyz,dc=com
objectClass: organizationalRole
objectClass: top
description: LDAP Manager

# Groups, 4wxyz.com
dn: ou=Groups,dc=4wxyz,dc=com
ou: Groups
objectClass: organizationalUnit
objectClass: top

# People, 4wxyz.com
dn: ou=People,dc=4wxyz,dc=com
ou: People
objectClass: organizationalUnit
objectClass: top

# admin, Groups, 4wxyz.com
dn: cn=admin,ou=Groups,dc=4wxyz,dc=com
cn: admin
objectClass: posixGroup
objectClass: top
gidNumber: 1200
description: Administrator Team

# secu, Groups, 4wxyz.com
dn: cn=secu,ou=Groups,dc=4wxyz,dc=com
cn: secu
objectClass: posixGroup
objectClass: top
gidNumber: 1300
description: Security Team

# infra, Groups, 4wxyz.com
dn: cn=infra,ou=Groups,dc=4wxyz,dc=com
cn: infra
objectClass: posixGroup
objectClass: top
gidNumber: 1500
description: Infrastructure Team

# dev, Groups, 4wxyz.com
dn: cn=dev,ou=Groups,dc=4wxyz,dc=com
cn: dev
objectClass: posixGroup
objectClass: top
gidNumber: 1600
description: Development Team

# plan, Groups, 4wxyz.com
dn: cn=plan,ou=Groups,dc=4wxyz,dc=com
cn: plan
objectClass: posixGroup
objectClass: top
gidNumber: 1700
description: Planning Team

# design, Groups, 4wxyz.com
dn: cn=design,ou=Groups,dc=4wxyz,dc=com
cn: design
objectClass: posixGroup
objectClass: top
gidNumber: 1800
description: Design Team

# publisher, Groups, 4wxyz.com
dn: cn=publisher,ou=Groups,dc=4wxyz,dc=com
cn:: cHVibGlzaGVyIA==
objectClass: posixGroup
objectClass: top
gidNumber: 1900
description: Publisher Team

# testuser1, People, 4wxyz.com
dn: uid=testuser1,ou=People,dc=4wxyz,dc=com
uid: testuser1
cn: testuser1
sn: 3
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: shadowAccount
loginShell: /bin/bash
homeDirectory: /home/testuser1
uidNumber: 1501
gidNumber: 1500
userPassword:: e1NTSEF9ajNsQmgxU2VxZTRycUYxK051V21qaHZ0QW5pMUpDNUE=
mail: testuser1@4wxyz.com
gecos: testuser1 User

# Policies, 4wxyz.com
dn: ou=Policies,dc=4wxyz,dc=com
ou: Policies
objectClass: organizationalUnit
objectClass: extensibleObject
objectClass: top

# default, Policies, 4wxyz.com
dn: cn=default,ou=Policies,dc=4wxyz,dc=com
objectClass: pwdPolicy
objectClass: person
objectClass: top
cn: passwordDefault
cn: default
sn: passwordDefault
pwdAttribute: 2.5.4.35
pwdAllowUserChange: TRUE
pwdCheckQuality: 2
pwdExpireWarning: 600
pwdFailureCountInterval: 30
pwdGraceAuthNLimit: 5
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdMaxAge: 0
pwdMaxFailure: 10
pwdMaxRecordedFailure: 10
pwdMinAge: 0
pwdMinLength: 8
pwdMustChange: FALSE
pwdSafeModify: FALSE
pwdInHistory: 2

# apart, Groups, 4wxyz.com
dn: cn=apart,ou=Groups,dc=4wxyz,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 2100
cn: apart
description: groups

# scbyun, People, 4wxyz.com
dn: uid=scbyun,ou=People,dc=4wxyz,dc=com
uid: scbyun
cn: sangchul
sn: sangchul
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
givenName: sangchul
mail: scbyun@4wxyz.com
gecos: sangchul
loginShell: /bin/bash
uidNumber: 2101
gidNumber: 2101
homeDirectory: /home/scbyun
userPassword:: e1NTSEF9VVpyV1JsaHhwWEsrYUFmUEd6NUIrd2xvUitJYXc5VFY=
description: User Create

# search result
search: 2
result: 0 Success

# numResponses: 17
# numEntries: 16


$ ldapsearch -h 192.168.56.101 -D cn=admin,dc=4wxyz,dc=com -b dc=4wxyz,dc=com -w ldappassword dn
--output--
# extended LDIF
#
# LDAPv3
# base <dc=4wxyz,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: dn
#

# 4wxyz.com
dn: dc=4wxyz,dc=com

# admin, 4wxyz.com
dn: cn=admin,dc=4wxyz,dc=com

# Groups, 4wxyz.com
dn: ou=Groups,dc=4wxyz,dc=com

# People, 4wxyz.com
dn: ou=People,dc=4wxyz,dc=com

# admin, Groups, 4wxyz.com
dn: cn=admin,ou=Groups,dc=4wxyz,dc=com

# secu, Groups, 4wxyz.com
dn: cn=secu,ou=Groups,dc=4wxyz,dc=com

# infra, Groups, 4wxyz.com
dn: cn=infra,ou=Groups,dc=4wxyz,dc=com

# dev, Groups, 4wxyz.com
dn: cn=dev,ou=Groups,dc=4wxyz,dc=com

# plan, Groups, 4wxyz.com
dn: cn=plan,ou=Groups,dc=4wxyz,dc=com

# design, Groups, 4wxyz.com
dn: cn=design,ou=Groups,dc=4wxyz,dc=com

# publisher, Groups, 4wxyz.com
dn: cn=publisher,ou=Groups,dc=4wxyz,dc=com

# testuser1, People, 4wxyz.com
dn: uid=testuser1,ou=People,dc=4wxyz,dc=com

# Policies, 4wxyz.com
dn: ou=Policies,dc=4wxyz,dc=com

# default, Policies, 4wxyz.com
dn: cn=default,ou=Policies,dc=4wxyz,dc=com

# apart, Groups, 4wxyz.com
dn: cn=apart,ou=Groups,dc=4wxyz,dc=com

# scbyun, People, 4wxyz.com
dn: uid=scbyun,ou=People,dc=4wxyz,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 17
# numEntries: 16

LDAP enable

$ authconfig --enableldap \
--enableshadow \
--enableldapauth \
--enablelocauthorize \
--disableldaptls \
--ldapserver=192.168.56.101 \
--ldapbasedn="dc=4wxyz,dc=com" \
--disablecache \
--enablemkhomedir \
--update

LDAP 계정 조회

$ getent passwd

LDAP disable

$ authconfig --disableldap --disableldapauth --update
728x90
반응형
0 Comments
댓글쓰기 폼