SLUUG Wiki

User Tools

Site Tools

Trace:
ldap_study_group

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
ldap_study_group [2007/11/06 19:55]
206.197.251.70 		ldap_study_group [2008/01/08 18:49] (current)
206.197.251.51
Line 17: Line 17:
 //apt-get install migrationtools //apt-get install migrationtools
 // //
 +
  
 ====Edit ==== ====Edit ====
Line 23: Line 24:
  sudo vi /​etc/​migrationtools/​migrate_common.ph  sudo vi /​etc/​migrationtools/​migrate_common.ph
  
-<pre>+<code>
 # Default DNS domain # Default DNS domain
 #​$DEFAULT_MAIL_DOMAIN = "​padl.com";​ #​$DEFAULT_MAIL_DOMAIN = "​padl.com";​
Line 43: Line 44:
 $IGNORE_GID_BELOW = 100; $IGNORE_GID_BELOW = 100;
  
-</pre>+</code> 
  
 ====Perform Migration==== ====Perform Migration====
  
-<pre>+<code>
 cd /​usr/​share/​migrationtools/​ cd /​usr/​share/​migrationtools/​
 export ETC_SHADOW=/​etc/​shadow export ETC_SHADOW=/​etc/​shadow
Line 54: Line 56:
 ./​migrate_hosts.pl /etc/hosts /​tmp/​hosts.ldif ./​migrate_hosts.pl /etc/hosts /​tmp/​hosts.ldif
 ./​migrate_passwd.pl /etc/passwd /​tmp/​passwd.ldif ./​migrate_passwd.pl /etc/passwd /​tmp/​passwd.ldif
-</pre>+</code>
  
 Now we have the data in the format understood by LDAP server. Now open one the files with text editor to get used to the syntax. After that we can add the data from ldifs. Now we have the data in the format understood by LDAP server. Now open one the files with text editor to get used to the syntax. After that we can add the data from ldifs.
  
-<pre>+<code>
 ldapadd -x -v -D "​cn=admin,​dc=hickorydale,​dc=no-ip,​dc=com"​ -W -f /​tmp/​base.ldif ldapadd -x -v -D "​cn=admin,​dc=hickorydale,​dc=no-ip,​dc=com"​ -W -f /​tmp/​base.ldif
 ldapadd -x -v -D "​cn=admin,​dc=hickorydale,​dc=no-ip,​dc=com"​ -W -f /​tmp/​group.ldif ldapadd -x -v -D "​cn=admin,​dc=hickorydale,​dc=no-ip,​dc=com"​ -W -f /​tmp/​group.ldif
 ldapadd -x -v -D "​cn=admin,​dc=hickorydale,​dc=no-ip,​dc=com"​ -W -f /​tmp/​passwd.ldif ldapadd -x -v -D "​cn=admin,​dc=hickorydale,​dc=no-ip,​dc=com"​ -W -f /​tmp/​passwd.ldif
 ldapadd -x -v -D "​cn=admin,​dc=hickorydale,​dc=no-ip,​dc=com"​ -W -f /​tmp/​hosts.ldif ldapadd -x -v -D "​cn=admin,​dc=hickorydale,​dc=no-ip,​dc=com"​ -W -f /​tmp/​hosts.ldif
-</pre>+</code>
  
 ---- ----
Line 95: Line 97:
  
 ====== Install LDAP ====== ====== Install LDAP ======
 +
 +
 +
 +
  
  
Line 114: Line 120:
 apt-get install libpam-ldap libnss-ldap apt-get install libpam-ldap libnss-ldap
 </​code>​ </​code>​
 +For the URI ldap:///​localhost
 +<​code>​
 +dc=sluup.org,​dc=org
 +</​code>​
 +Version
 +<​code>​
 +3
 +</​code>​
 +LDAP Account for Root
 +nss requests ​
 +<​code>​
 +cn=manager,​dc=sluug,​dc=org
 +</​code>​
 +
 +LDAP root account password
 +<​code>​
 +wouldn'​t you like to know! Same as root x lc
 +</​code>​
 +
 +example file for nssswitch.conf
 +<​code>​
 +/​usr/​share/​doc/​libnss-ldap/​examples/​nssswitch.ldap
 +</​code>​
 +
 +Password utilities to use pam = yes
 +
 +Does the LDAP database require login? = No # Allows anonymous bind
 +
 +LDAP account for root:
 +<​code>​
 +cn=manager,​dc=sluug,​dc=org
 +</​code>​
 +
 +libpam-ldap LDAP root account password:
 +<​code>​
 +same as the others
 +</​code>​
 +
 +ldap-utils
 +<​code>​
 +apt-get install ldap-utils
 +</​code>​
 +
 +
 +===== test installs =====
 +After install the services should be running. Test this with:
 +<​code>​
 +ps ax | grep slapd
 +netstat -an | grep 389
 +</​code>​
 +
 +
 +
 +===== configure =====
 +<​code>​
 +vi /​etc/​default/​slapd
 +find SLAPD_SERVICES and uncomment
 +uncomment line and remove ldapi:///
 +</​code>​
 +
 +Force external users to come over secure connection (ldaps)
 +
 +===== Load Data =====
 +We have a custom SLUUG schema that needs to be copied over.
 +<​code>​
 +mv /​home/​jmuse/​sluug.schema /​etc/​ldap/​schema
 +</​code>​
 +Edit /​etc/​ldap/​slapd.conf
 +Add :
 +<pre>
 +include ​       /​etc/​ldap/​schema/​sluug.schema
 +</​code>​
 +
 +Test by running slaptest
 +
 +restart ldap
 +<​code>​
 +/​etc/​init.s/​splapd restart
 +</​code>​
 +
 +
 +
 +
 +
 +
 +===== Configure phpldapadmin =====
 +Put link to phpldapadmin
 +<​code>​
 +ln -s /​usr/​share/​phpldapadmin /​home/​www/​www.sluug.org/​public/​phpldapadmin
 +</​code>​
 +At this point you should be able to go to [[http://​www.sluug.org/​phpldapadmin]] and see the admin page.
 +
 +Add to /​etc/​apache2/​sites-available/​000-www.sluug.org
 +
 +<​code>​
 +
 +</​code>​
 +
 +
 +Switch Order allow,deny
 +Allow from 127.0.0.1
 +Deny from all
 +
 +Test with apache2ctl configtest
 +
 +if OK
 +
 +apache2ctl restart
 +
 +You should now not be able to access the site except with an ssh tunnel
 +<​code>​
 +ssh -Nf -L8080:​localhost:​80 bud.sluug.org -l //​username//​
 +</​code>​
 +
 +Now to connect surf to the phpadmin page:
 +<​code>​http://​127.0.0.1:​8080/​phpldapadmin/</​code>​
 +
 +====== Initial Server ======
 +Access server by [[http://​localhost:​8080]]
 +
 +Login with admin credentials from /​etc/​ldap/​slapd.conf
 +
 +At first the base entry does not exist. Create it by clicking **Create It** in left pane.
 +
 +<​code>​
 +ldapadd -x -W -H  ldap://​127.0.0.1 "​cn=admin,​dc=sluug,​dc=org"​ -f sluug.ldif
 +</​code>​
 +
 +vi phpldapadmin.conf
 +<​code>​
 +$ldapservers->​SetValue($i,'​server','​name','​SLUUG LDAP Server'​);​
 +$ldapservers->​SetValue($i,'​server','​host','​127.0.0.1'​);​
 +</​code>​
 +
 +====== xml file ======
 +Created an xml file that allows common and known data to be pre filled. This fills in things such as home directory, uid, virtual mail ids for postfix.
 +
 +The sluugAccount.xml file is located in /​etc/​phpadmin/​templates/​
 +
 +The file was created from an existinf template.
 +
 +
 +
 +
 +
  
  
ldap_study_group.1194400544.txt.gz · Last modified: 2007/11/06 19:55 by 206.197.251.70

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki