curs 3-Elemente comp ale puntii din fata,sist de directie.ppt
Curs 1 - Serviciul LDAP -...
Transcript of Curs 1 - Serviciul LDAP -...
![Page 1: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/1.jpg)
Curs 1Serviciul LDAP
Servicii avansate pentru ISP
20 februarie 2017
SAISP Curs 1, Serviciul LDAP 1/47
![Page 2: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/2.jpg)
Outline
Prezentare curs
Serviciul LDAP
Directory Services
LDAP
Clientul LDAP
Integrare client de LDAP
Incheiere
Intrebari
SAISP Curs 1, Serviciul LDAP 2/47
![Page 3: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/3.jpg)
Servicii Avansate pentru ISP
I fancy name pentru Advanced Network System Administration
I LDAP, virtualizare, volume management, scalabilitate,automatizare
I destinat profilului de sysdevops (system administration /development / operations)
SAISP Curs 1, Serviciul LDAP 3/47
![Page 4: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/4.jpg)
Servicii de ret,ea pentru ISP (cont.)
I http://ocw.cs.pub.ro/saisp/
I curs, luni, 18-20, PR706
I laborator, luni, 16-18, 20-22, PR706
I primul curs are loc luni, 20 februarie 2017
I primul laborator are loc luni, 27 februarie 2017
SAISP Curs 1, Serviciul LDAP 4/47
![Page 5: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/5.jpg)
Cont, inut curs
1. Serviciul LDAP
2. Administrarea LDAP
3. Monitorizare
4. Gestiunea scalabila a dispozitivelor de stocare
5. Redundant, a s, i load balancing
6. Sisteme de fis, iere ın ret,ea
7. Containere
8. Virtualizare nativa
9. Accelerarea accesului web
10. Automatizarea scalabila a sistemelor
11. Limitarea traficului
12. Recapitulare
SAISP Curs 1, Serviciul LDAP 5/47
![Page 6: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/6.jpg)
Cont, inut curs (cont.)
I continuarea cursului de GSR
I platforma suport: Debian s, i solut, ii de virtualizare (KVM)I cerint,e
I familiarizarea cu mediul LinuxI elemente de baza de ret,elisticaI elemente de administrareI concepte de virtualizareI cunos, tint,e de baza de programareI cunos, tint,e de baza de inginerie software
SAISP Curs 1, Serviciul LDAP 6/47
![Page 7: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/7.jpg)
Notare
I laborator – 2p (activitate)I teste practice – 5p
I test practic 1 – 2.5p (dupa laboratorul 5)I test practic 2 – 2.5p (ın sesiune)
I teste de curs – 2p (5 teste x 0.4 puncte/test)
I test grila – 2p (ın sesiune)
SAISP Curs 1, Serviciul LDAP 7/47
![Page 8: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/8.jpg)
Outline
Prezentare curs
Serviciul LDAP
Directory Services
LDAP
Clientul LDAP
Integrare client de LDAP
Incheiere
Intrebari
SAISP Curs 1, Serviciul LDAP 8/47
![Page 9: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/9.jpg)
Moto
The secret of all victory lies in the organization of the non-obvious.
Marcus Aurelius
If you don’t know how to do something, you don’t know how to doit with a computer.
SAISP Curs 1, Serviciul LDAP 9/47
![Page 10: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/10.jpg)
Prezentare curs
Serviciul LDAP
Directory Services
LDAP
Clientul LDAP
Integrare client de LDAP
Incheiere
Intrebari
SAISP Curs 1, Serviciul LDAP 10/47
![Page 11: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/11.jpg)
Suport
I “Unix and Linux System Administration”I Chapter 19 – Sharing System Files
I Section 19.3 – LDAP: The Lightweight Directory AccessProtocol
I “Professional Linux System Administration”I Chapter 16 – Directory Services
SAISP Curs 1, Serviciul LDAP 11/47
![Page 12: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/12.jpg)
Outline
Prezentare curs
Serviciul LDAP
Directory Services
LDAP
Clientul LDAP
Integrare client de LDAP
Incheiere
Intrebari
SAISP Curs 1, Serviciul LDAP 12/47
![Page 13: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/13.jpg)
Directory
I mecanism de organizare a informat, iei
I mapare/asociere ıntre nume s, i valoare
I ın general o organizare ierarhicaI noduri (nodes) de informat, ie s, i tipuri de date
I ın telefonie: nume s, i numere de telefonI ın DNS: nume de domeniu (nod) s, i adrese IP, alias-uri, servere
de mail (tipuri de date)
I directory service / naming service
I DIT – Directory Information Tree
SAISP Curs 1, Serviciul LDAP 13/47
![Page 14: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/14.jpg)
Directory Services
I naming services
I localizarea unei resurse ın ret,ea pe baza unui nume
I informat, ii despre o resursa – obiect cu atributeI interfat, a de localizare s, i gestiune a resurselor ıntr-o ret,ea
I directoare, fis, iere, utilizatori, grupuri, dispozitive, numere detelefon
I similar cu un RDBMS, dar . . .I citiri mult mai frecvente decat scrieriI redundant,a datelor pentru performant, a (de exemplu DNS
caching)
SAISP Curs 1, Serviciul LDAP 14/47
![Page 15: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/15.jpg)
Exemple de directory services
I DNS – Domain Name SystemI NIS – Network Information Service
I ınlocuit din ce ın ce mai mult cu LDAP
I LDAP/X.500I Directory Access ProtocolI A set of such systems, together with the directory information
that they hold, can be viewed as an integrated whole, calledthe Directory
SAISP Curs 1, Serviciul LDAP 15/47
![Page 16: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/16.jpg)
Folosire directory services pe Unix
I /etc/nsswitch.confI Name Service SwitchI serviciile/fis, ierele folosite de ,,baze de date” ale sistemuluiI /lib/libnss_*
I system databasesI passwd, group, hosts, networks, protocols, services, shadow
I getent – interogarea bazelor de dateI getent passwdI getent passwd razvanI getent networksI getent services ldaps
SAISP Curs 1, Serviciul LDAP 16/47
![Page 17: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/17.jpg)
X.500
I set de standarde pentru servicii de director
I DAP, DSP, DISP, DOP
I foloses, te stiva OSII alternative care sa foloseasca stiva TCP/IP
I alternativa la DAP – Lightweight Directory Access Protocol(LDAP)
I un singur DIT – Directory Information TreeI a hierarchical organization of entries which is distributed across
one or more servers
I fiecare intrare identificata unic de un DN (DistinguishedName)
I prea complex
SAISP Curs 1, Serviciul LDAP 17/47
![Page 18: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/18.jpg)
Implementari LDAP/X.500
I ActiveDirectory (Microsoft)
I eDirectory (Novell)
I Red Hat Directory Server
I OpenLDAP
I OpenDirectory (Apple) – construit peste OpenLDAP
I Apache Directory Server
I 389 Directory Service (RedHat) – fork din OpenLDAP
SAISP Curs 1, Serviciul LDAP 18/47
![Page 19: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/19.jpg)
Active Directory
I bazat pe Novell eDirectory
I LDAP, Kerberos
I zona centrala de administrare s, i delegare de autoritate
I scalabilitate
I ın Windows Server 2008 – Active Directory Domain ServicesI ierarhie de obiecte
I resourcesI security principals (utilizatori s, i grupuri) – au asociat un
identificator unic (SID – security identifier)
I OU – Organization Unit – container de obiecte aferente unuidomeniu
I ıntr-un domeniu un utilizator dispune de un atribut cu valoareunica (sAMAccountName pre-2000, userPrincipalName)
SAISP Curs 1, Serviciul LDAP 19/47
![Page 20: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/20.jpg)
Outline
Prezentare curs
Serviciul LDAP
Directory Services
LDAP
Clientul LDAP
Integrare client de LDAP
Incheiere
Intrebari
SAISP Curs 1, Serviciul LDAP 20/47
![Page 21: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/21.jpg)
LDAP
I Lightweight Directory Access Protocol
I ,,Lightweight” ın contextul X.500
I forma simplificata a DAP ın X.500
I organizare ierarhica
I foloses, te DNS pentru nivelurile topmost
I cont, ine intrari reprezentand persoane, grupuri, imprimante,documente etc.
I LDAPv3 – RFC 4510
I peste 30 de RFC-uri
SAISP Curs 1, Serviciul LDAP 21/47
![Page 22: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/22.jpg)
Operat, ii client, i
I TCP 389I TCP 636 pentru LDAP over SSL (ldaps)
I Operat, iiI Start TLS – disponibil de la LDAPv3I Bind (autentificare)I SearchI CompareI Add entryI Delete entryI Modify entryI Unbind (ınchide conexiunea; nu este opusul Bind)
SAISP Curs 1, Serviciul LDAP 22/47
![Page 23: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/23.jpg)
Directory Information Tree
I organizarea informat, iei – schema
I ierarhie
I fiecare intrare identificata de un DN (Distinguished Name)
I ın general, numele cont, ine o componenta ımprumutata dinDNS (dc=test,dc=cs,dc=pub,dc=ro)
I ın general, flat namespacesI namespace pentru persoane – cont, ine lista de persoaneI namespace pentru grupuri – cont, ine lista de grupuri
SAISP Curs 1, Serviciul LDAP 23/47
![Page 24: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/24.jpg)
Intrari s, i atribute
I un director este o colect, ie de intrariI o intrare este data de o colect, ie de atribute
I un atribut cont, ine un nume s, i una sau mai multe valoriI atributele sunt definite ın schemaI atributele pot fi de forma MUST sau MAY
I o intrare este identificata de un DN (Distinguished Name)I compus din mai multe elemente, parte din care sunt DC
(domain component)I uid=gsclipici,dc=test,dc=cs,dc=pub,dc=ro
SAISP Curs 1, Serviciul LDAP 24/47
![Page 25: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/25.jpg)
LDIF
I LDAP Data Interchange FormatI format de reprezentare pentru
I cont, inutul directorului (listare, adaugare)
dn: cn=The Postmaster,dc=example,dc=com
objectClass: organizationalRole
cn: The Postmaster
I cereri de actualizare (modificare)
dn: cn=gsclipici,ou=People,dc=test,dc=cs,dc=pub,dc=ro
changetype: modify
replace: mail
mail: [email protected]
-
replace: initials
initials: GS
-
I format numeAtribut: valoare atribut
SAISP Curs 1, Serviciul LDAP 25/47
![Page 26: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/26.jpg)
Acronime LDAP
I DN – Distinguished NameI RDN (Relative Distinguished Name) + Parent DNI dn: cn=Ana Popa,dc=rd,dc=ro
I RDN: cn=Ana PopaI Parent DN: dc=rd,dc=ro
I DC – Domain Componenent
I CN – Common Name
I OU – Organizational Unit
I LDIF – LDAP Data Interchange Format
SAISP Curs 1, Serviciul LDAP 26/47
![Page 27: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/27.jpg)
Cautare/comparare ın LDAP
I se cauta atribute
I uid
I uid=gsclipici
I sn=P*
I (&(sn=P*)(cn=A*))
I (|(&(sn=P*)(cn=A*))(&(sn=C*)(cn=S*)))I Polish notation
SAISP Curs 1, Serviciul LDAP 27/47
![Page 28: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/28.jpg)
URI-uri ın LDAP
I ldap://swarm.cs.pub.ro
I ldaps://swarm.cs.pub.ro:636
I ldap://swarm.cs.pub.ro/ou=People,dc=swarm,dc=cs,dc=pub,dc=ro
I ldap://swarm.cs.pub.ro/ou=People,dc=swarm,dc=cs,dc=pub,dc=ro?uid
I ldap://swarm.cs.pub.ro/ou=People,dc=swarm,dc=cs,dc=pub,dc=ro?uid?base?(givenName=Daniel)
I ldaps:// pentru LDAP peste SSL
I ldap:// pentru LDAP peste TLS (foloses,te STARTTLS)
SAISP Curs 1, Serviciul LDAP 28/47
![Page 29: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/29.jpg)
URI-uri ın LDAP (2)
I ldap://host:port/DN?attributes?scope?filter?extensions
I scope – base (cautare singulara), one – cautare pe nivel, sub –cautare ın ierarhie
I filter – (givenName=Daniel),(&(givenName=Daniel)(sn=Popescu))
SAISP Curs 1, Serviciul LDAP 29/47
![Page 30: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/30.jpg)
Implementari client, i LDAP
I OpenLDAP (server + utilities)
I Apache Directory Server/Studio
I LDAPAdminTool (Linux/Windows, comercial)
I web2ldap (web, Python)
I phpLDAPadmin
SAISP Curs 1, Serviciul LDAP 30/47
![Page 31: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/31.jpg)
Outline
Prezentare curs
Serviciul LDAP
Directory Services
LDAP
Clientul LDAP
Integrare client de LDAP
Incheiere
Intrebari
SAISP Curs 1, Serviciul LDAP 31/47
![Page 32: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/32.jpg)
LDAP CLI
I OpenLDAP
I apt-get install ldap-utils
I ldap*
I /etc/ldap/ldap.confI configurat, iile impliciteI BASE, URII TLS_REQCERT=never: pentru a nu verifica certificatele
SAISP Curs 1, Serviciul LDAP 32/47
![Page 33: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/33.jpg)
ldapsearch
I cautarea informat, iilor ın baza de date LDAP
I ldapsearch -x
I ldapsearch -x uid
I ldapsearch -x uid=gsclipici
I ldapsearch -x &(cn=A*)(sn=B*)
I ldapsearch -x -b dc=test,dc=cs,dc=pub,dc=ro –specificarea base-ului
I ldapsearch -x -H ldap://test.cs.pub.ro – specificareaURI-ului
I ldapsearch -x -D
dc=binder,ou=Gods,dc=test,dc=cs,dc=pub,dc=ro -W –specificarea utilizatorului care face bind (autentificare)
I informat, iile sunt afis,ate ın format LDIF
SAISP Curs 1, Serviciul LDAP 33/47
![Page 34: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/34.jpg)
ldappasswd
I schimbarea parolei pentru intrari de tipul utilizator
I necesita autentificare (binding) (-D, -W)
I ldappasswd -D cn=admin,dc=test,dc=cs,dc=pub,dc=ro
-W uid=gsclipici,dc=test,dc=cs,dc=pub,dc=ro –serverul genereaza parola
I ldappasswd ...-S uid=gsclipici... – solicita parolautilizatorului
I ldappasswd -D cn=admin,dc=test,dc=cs,dc=pub,dc=ro
-w $admin_pass -s $clear_pass
uid=gsclipici,dc=test,dc=cs,dc=pub,dc=ro – utilizareın mod neinteractiv
SAISP Curs 1, Serviciul LDAP 34/47
![Page 35: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/35.jpg)
ldapadd
I adaugarea unei intrariI se specifica ın format LDIF
dn: uid=test,ou=people,dc=swarm,dc=cs,dc=pub,dc=ro
uid: test
cn: test test
sn: test
mail: [email protected]
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
loginShell: /bin/bash
uidNumber: 1230
gidNumber: 100
homeDirectory: /home/test
I necesita autentificare (-D, -W/-w)I ldapadd ...-f /etc/ldap/ldif/test.ldif
SAISP Curs 1, Serviciul LDAP 35/47
![Page 36: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/36.jpg)
ldapdelete
I s, tergerea unei intrari
I necesita autentificare (-D, -W/-w)
I ldapdelete
...uid=gsclipici,dc=test,dc=cs,dc=pub,dc=ro
SAISP Curs 1, Serviciul LDAP 36/47
![Page 37: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/37.jpg)
ldapmodify
I modificarea unei intrari precizata tot printr-un fis, ier LDIF
dn: cn=Modify Me,dc=example,dc=com
changetype: modify
replace: mail
mail: [email protected]
-
add: title
title: Grand Poobah
-
add: jpegPhoto
jpegPhoto:< file:///tmp/modme.jpeg
-
delete: description
I “atribut” de specificare a tipului modificarii (add, delete,replace)
SAISP Curs 1, Serviciul LDAP 37/47
![Page 38: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/38.jpg)
LDAP scripts
I folosite pentru gestiunea facila a conturilor de utilizator ınLDAP
I apt-get install ldapscripts
I ldapaddgroup, ldapadduser, ldapdeleurser,ldapdeletegroup
SAISP Curs 1, Serviciul LDAP 38/47
![Page 39: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/39.jpg)
Outline
Prezentare curs
Serviciul LDAP
Directory Services
LDAP
Clientul LDAP
Integrare client de LDAP
Incheiere
Intrebari
SAISP Curs 1, Serviciul LDAP 39/47
![Page 40: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/40.jpg)
Autentificare Unix prin LDAP
I apt-get install libnss-ldap nscd libpam-ldap
I /etc/libnss-ldap.conf
root@valhalla:/etc/ldap# cat /etc/nsswitch.conf | grep ’^\(passwd\|group\)’
passwd: compat files ldap
group: compat files ldap
I /etc/pam_ldap.conf
I /etc/pam.d/common-session
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
SAISP Curs 1, Serviciul LDAP 40/47
![Page 41: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/41.jpg)
Configurare LDAP ın Apache
AuthType Basic
AuthName "Windows Research Kernel (use curs.cs.pub.ro account)"
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldaps://ldap.grid.pub.ro/ou=People,dc=cs,dc=curs,dc=pub,dc=ro?uid"
AuthLDAPBindDN "uid=xxx,ou=yyy,dc=cs,dc=curs,dc=pub,dc=ro"
AuthLDAPBindPassword "zzz"
Require valid-user
SAISP Curs 1, Serviciul LDAP 41/47
![Page 42: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/42.jpg)
Configurare LDAP ın Dokuwiki
$conf[’authtype’] = ’ldap’;
$conf[’auth’][’ldap’][’port’] = 636;
$conf[’auth’][’ldap’][’server’] = ’ldaps://swarm.cs.pub.ro’;
$conf[’auth’][’ldap’][’usertree’] = ’ou=People,dc=swarm,dc=cs,dc=pub,dc=ro’;
$conf[’auth’][’ldap’][’grouptree’] = ’ou=Group,dc=swarm,dc=cs,dc=pub,dc=ro’;
$conf[’auth’][’ldap’][’userfilter’] = ’(&(uid=%{user})(objectClass=posixAccount))’;
$conf[’auth’][’ldap’][’groupfilter’] = ’(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))’;
# This is optional but may be required for your server:
$conf[’auth’][’ldap’][’version’] = 3;
SAISP Curs 1, Serviciul LDAP 42/47
![Page 43: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/43.jpg)
LDAP for developers
I libldap2-dev – C
I http://php.net/manual/en/book.ldap.php – PHP
I http://pypi.python.org/pypi/python-ldap/ – Python
I http://ruby-ldap.sourceforge.net/ – Ruby
SAISP Curs 1, Serviciul LDAP 43/47
![Page 44: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/44.jpg)
Outline
Prezentare curs
Serviciul LDAP
Directory Services
LDAP
Clientul LDAP
Integrare client de LDAP
Incheiere
Intrebari
SAISP Curs 1, Serviciul LDAP 44/47
![Page 45: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/45.jpg)
Cuvinte cheie
I Directory
I DIT
I X.500
I /etc/nsswitch.conf
I getent
I LDAP
I Active Directory
I Distinguished Name (DN)
I intrari
I atribute
I LDIF
I DN, RDN, DC, CN, OU
I cautare
I LDAP URL
I base
I filters
I ldapsearch
I ldapadd
I ldappasswd
I ldapmodify
I ldapdelete
SAISP Curs 1, Serviciul LDAP 45/47
![Page 46: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/46.jpg)
Resurse utile
I http://en.wikipedia.org/wiki/LDAP
I http://tldp.org/HOWTO/LDAP-HOWTO/
I http://www.howtoforge.com/linux_ldap_authentication
I Understanding LDAP – Design and Implementation:http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg244986.pdf
I http://www.zytrax.com/books/ldap/
SAISP Curs 1, Serviciul LDAP 46/47
![Page 47: Curs 1 - Serviciul LDAP - repository.grid.pub.rorepository.grid.pub.ro/cs/saisp/cursuri/curs-01.pdf · I familiarizarea cu mediul Linux I elemente de baz a de ret, elistic a I elemente](https://reader030.fdocument.pub/reader030/viewer/2022040711/5e133cc95a81431d8824aa82/html5/thumbnails/47.jpg)
Outline
Prezentare curs
Serviciul LDAP
Directory Services
LDAP
Clientul LDAP
Integrare client de LDAP
Incheiere
Intrebari
SAISP Curs 1, Serviciul LDAP 47/47