OpenLdap no
Debian Squeeze:
# aptitude install libldap-2.4-2 slapd ldap-utils
Vamos gerar a senha de admin:
# slappasswd
{SSHA}Kw4HqksjDnbutR6Re1+8HdSvhdPMnYFo
Anote a senha para inserir na diretiva roopw que estará no arquivo /etc/ldap/slapd.conf
Monte o arquivo slapd.conf conforme abaixo:
# vim /etc/ldap/slapd.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
allow bind_v2
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel none
modulepath /usr/lib/ldap
moduleload back_bdb
sizelimit 500
tool-threads 1
backend bdb
database bdb
suffix "dc=leonardoamorim,dc=com,dc=br"
rootdn "cn=admin,dc=leonardoamorim,dc=com,dc=br"
rootpw {SSHA}Kw4HqksjDnbutR6Re1+8HdSvhdPMnYFo
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass eq
lastmod on
checkpoint 512 30
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=leonardoamorim,dc=com,dc=br" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=leonardoamorim,dc=com,dc=br" write
by * read
Salve o arquivo.
Gerando a estrutura para levantar o servidor
OpenLDAP:
# /etc/init.d/slapd stop
# cd /etc/ldap
# cp -r slapd.d slapd.d.backup
# rm -r slapd.d
# mkdir slapd.d
# slaptest -f slapd.conf -F slapd.d
# chown -R openldap:openldap slapd.d
# /etc/init.d/slapd start
Como usar a ferramenta migrationtools:
# aptitude install migrationtools
# vim /usr/share/migrationtools/migrate_common.ph
Procure as seguintes diretivas e as deixe exatamente assim:
$DEFAULT_MAIL_DOMAIN = "leonardoamorim.com.br";
$DEFAULT_BASE = "dc=leonardoamorim,dc=com,dc=br";
Salve o arquivo.
# cd /usr/share/migrationtools/
# ./migrate_passwd.pl /etc/passwd /etc/ldap/users.ldif
# ./migrate_group.pl /etc/group /etc/ldap/groups.ldif
# ./migrate_base.pl > /etc/ldap/base.ldif
O seu arquivo base.ldif deve estar assim:
dn: dc=leonardoamorim,dc=com,dc=br
dc: leonardoamorim
objectClass: top
objectClass: domain
dn: ou=Hosts,dc=leonardoamorim,dc=com,dc=br
ou: Hosts
objectClass: top
objectClass: organizationalUnit
dn: ou=Rpc,dc=leonardoamorim,dc=com,dc=br
ou: Rpc
objectClass: top
objectClass: organizationalUnit
dn: ou=Services,dc=leonardoamorim,dc=com,dc=br
ou: Services
objectClass: top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byuser,dc=leonardoamorim,dc=com,dc=br
nismapname: netgroup.byuser
objectClass: top
objectClass: nisMap
dn: ou=Mounts,dc=leonardoamorim,dc=com,dc=br
ou: Mounts
objectClass: top
objectClass: organizationalUnit
dn: ou=Networks,dc=leonardoamorim,dc=com,dc=br
ou: Networks
objectClass: top
objectClass: organizationalUnit
dn: ou=People,dc=leonardoamorim,dc=com,dc=br
ou: People
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=leonardoamorim,dc=com,dc=br
ou: Group
objectClass: top
objectClass: organizationalUnit
dn: ou=Netgroup,dc=leonardoamorim,dc=com,dc=br
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
dn: ou=Protocols,dc=leonardoamorim,dc=com,dc=br
ou: Protocols
objectClass: top
objectClass: organizationalUnit
dn: ou=Aliases,dc=leonardoamorim,dc=com,dc=br
ou: Aliases
objectClass: top
objectClass: organizationalUnit
dn: nisMapName=netgroup.byhost,dc=leonardoamorim,dc=com,dc=br
nismapname: netgroup.byhost
objectClass: top
objectClass: nisMap
Inserindo o conteúdo dos ldifs na base de dados OpenLDAP:
# ldapadd -x -D cn=admin,dc=leonardoamorim,dc=com,dc=br -f /etc/ldap/base.ldif -W
# ldapadd -x -D cn=admin,dc=leonardoamorim,dc=com,dc=br -f /etc/ldap/groups.ldif -W
# ldapadd -x -D cn=admin,dc=leonardoamorim,dc=com,dc=br -f /etc/ldap/users.ldif -W
# ldapsearch -x -b dc=leonardoamorim,dc=com,dc=br uidNumber=1000
dn: uid=leo,ou=People,dc=leonardoamorim,dc=com,dc=br
uid: leo
cn: Leonardo Afonso Amorim
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/leo
gecos: Leonardo Afonso Amorim,,,
Como modificar dados através do comando ldapmodify:
# vim /root/loginShell.ldif
dn: uid=leo,ou=People,dc=leonardoamorim,dc=com,dc=br
changetype: modify
replace: loginShell
loginShell: /bin/false
Salve o arquivo.
# ldapmodify -x -D cn=admin,dc=leonardoamorim,dc=com,dc=br -f /root/loginShell.ldif -W
modifying entry "uid=leo,ou=People,dc=leonardoamorim,dc=com,dc=br"
# ldapsearch -x -b dc=leonardoamorim,dc=com,dc=br uidNumber=1000
dn: uid=leo,ou=People,dc=leonardoamorim,dc=com,dc=br
uid: leo
cn: Leonardo Afonso Amorim
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMax: 99999
shadowWarning: 7
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/leo
gecos: Leonardo Afonso Amorim,,,
loginShell: /bin/false
Volte ao normal:
# vim /root/loginShell.ldif
dn: uid=leo,ou=People,dc=leonardoamorim,dc=com,dc=br
changetype: modify
replace: loginShell
loginShell: /bin/bash
# ldapmodify -x -D cn=admin,dc=leonardoamorim,dc=com,dc=br -f /root/loginShell.ldif -W
modifying entry "uid=leo,ou=People,dc=leonardoamorim,dc=com,dc=br"
Backup e restore no OpenLDAP:
# slapcat
# slapcat -l /root/backup.ldif
# cp /root/backup.ldif /root/backup.ldif.copia
# ldapdelete -x -D cn=admin,dc=leonardoamorim,dc=com,dc=br -W dc=leonardoamorim,dc=com,dc=br