Trump, Tariffs, and the Canadian Economy
5 days ago
Visitors
Popular Posts
-
Please read my previous post before you watch this video. 1. Setting Your Own Website On CentOS 6 (PHP 5 & MySQL 5) 2. Instal...
-
In my previous post, I showed you how to build an website from scratch with PHP and MySQL. Now, I will start to build my forum using phpB... -
This guide will help you to create a Task Schedule to Shutdown or Restart Windows Server Automatically. First, you have to download PSshu... -
It is so sad that the graphic management VMware ESXi is not support Linux OS so today I will write about how to use vCLI on Linux. -
There are many solutions that help typing Vietnamese on Linux (RedHat/Fedora/CentOS). One of those is SCIM. It is very simple to install Sc...
My Blog List
Configure Windows And Linux Central Authentication With LDAP (Not Secure)
Monday, July 18, 2011
The Lightweight Directory Access Protocol (LDAP) is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. This service allow you to store your users and passwords in a central location. Now, I will guide you how to setup network authentication with LDAP.
1- Prepare LDAP Server
Step 1. Install required LDAP Server packages
# yum install -y openldap openldap-servers openldap-clients openldap-devel nss_ldap
Step 2. Create directory to store LDAP database. This directory will hold all the bdb database files.
# mkdir /var/lib/ldap/itbox4vn.com # chown ldap:ldap /var/lib/ldap/itbox4vn.com |
Step 3. Create ldap admin password
Step 4. Edit /etc/openldap/slapd.conf
database bdb suffix "dc=itbox4vn,dc=com" rootdn "cn=Manager,dc=itbox4vn,dc=com" rootpw {SSHA}rwfbf8wrOQiXtbzWQeYBWu97RPju+7kH directory /var/lib/ldap/itbox4vn.com |
Step 5. Create a test account named ldapuser
Step 6. Create LDAP Database
The password conversion script is named migrate_common.ph. Edit the file and replace all instances of the string “padl” with the string “itbox4vn”.
# vi /usr/share/openldap/migration/migrate_common.ph # updatedb # cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/itbox4vn.com/DB_CONFIG # /usr/share/openldap/migration/migrate_all_offline.sh |
Step 7. Start the LDAP Server
2- Configure Linux Clients
Step 1. Install the necessary packages:
# yum install -y openldap nss_ldap openldap_clients openldap-devel
Step 2. Choose LDAP authentication
# authconfig-tui
The /etc/nsswitch.conf and /etc/ldap.conf file is automatically edited for you. There is no LDAP client service that needs to be started. When the config file is in place, you are all set to start authenticating via the network. When troubleshooting network client authentication, check the /var/log/secure file for the errors.
Step 3. Create The Home Directory For ldapuser On The LDAP Client
Step 4. Login and change password of ldapuser
3- Configure Windows Clients
pGina and LDAPAuth plugin are very useful applications for Windows System join LDAP Server. You can down load these from www.pgina.org.
After installation, we start to configure:
Now we restart Windows System and login to LDAP Server. I created a user called ldapwin for Windows using.
4- Common LDAP Administrative Tasks
Step 1. Change user password
Step 2. Create Modify LDAP User Script
#!/bin/bash grep $1 /etc/passwd > /tmp/modifyldapuser.tmp /usr/share/openldap/migration/migrate_passwd.pl /tmp/modifyldapuser.tmp /tmp/modifyldapuser.ldif.tmp cat /tmp/modifyldapuser.ldif.tmp > /tmp/modifyldapuser.ldif ldapmodify -x -D "cn=Manager,dc=itbox4vn,dc=com" -W -f /tmp/modifyldapuser.ldif rm -f /tmp/modifyldapuser.* |
Step 3. Create Add User Script
#!/bin/bash grep $1 /etc/passwd > /tmp/changeldappasswd.tmp /usr/share/openldap/migration/migrate_passwd.pl /tmp/changeldappasswd.tmp /tmp/changeldappasswd.ldif.tmp cat /tmp/changeldappasswd.ldif.tmp > /tmp/changeldappasswd.ldif ldapadd -x -D "cn=Manager,dc=itbox4vn,dc=com" -W -f /tmp/changeldappasswd.ldif rm -f /tmp/changeldappasswd.* |
Step 4. Create Delete User Script
#!/bin/bash ldapdelete -x -W -D "cn=Manager,dc=itbox4vn,dc=com" "uid=$1,ou=People,dc=itbox4vn,dc=com" |
Have fun!
