Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
slappasswd
openssl req -new -x509 -nodes -out /etc/openldap/certs/cert.pem -keyout /etc/openldap/certs/key.pem -days
365
ll /etc/openldap/certs/*.pem
cd /etc/openldap/slapd.d/cn=config
vim olcDatabase={2}hdb.ldif
olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc= example,dc=com
vim olcDatabase={1}monitor.ldif
slaptest –u
vim /root/base.ldif
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: example com
dc: example
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=example,dc=com
objectClass: organizationalUnit
ou: Group
useradd ldapuser1
useradd ldapuser2
cd /usr/share/migrationtools/
vim migrate_common.ph
$DEFAULT_MAIL_DOMAIN = "example.com";
$DEFAULT_BASE = "dc=example,dc=com";
$EXTENDED_SCHEMA = 1;
12. Filter out these user from /etc/passwd and /etc/group to another file
grep ":10[0-9][0-9]" /etc/passwd > /root/passwd
grep ":10[0-9][0-9]" /etc/group > /root/group
Now convert the Individual Users file to LDAP Data Interchange Format (LDIF)
cd /usr/share/migrationtools/
#vim /etc/exports
/home *(rw,sync)
Showmount -e
1. Ldap Client Configuration to use LDAP server
/etc/fstab
5. Automount
vim /etc/auto.master
/home /etc/auto.misc
vim /etc/auto.misc
* -rw,sync server0:/home/&
systemctl restart autofs
6. Test
ssh ldapuser1@localhost
vim /var/kerberos/krb5kdc/kdc.conf
master_key_type = aes256-cts
default_principal_flags = +preauth
vim /etc/krb5.conf
vim /var/kerberos/krb5kdc/kadm5.acl
kdb5_util create -s -r EXAMPLE.COM
useradd krbuser1
useradd krbuser2
kadmin.local
addprinc root/admin
addprinc krbuser1
addprinc krbuser1
listprincs
quit