본문 바로가기

리눅스

[LDAP] OpenLDAP 그룹 및 계정 생성

반응형

OpenLDAP 그룹 및 계정 생성

정보 확인

$ docker exec openldap ldapsearch -x -b dc=4wxyz,dc=com \
-D "cn=admin,dc=4wxyz,dc=com" \
-w ldappassword

--output--
# extended LDIF
#
# LDAPv3
# base <dc=4wxyz,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# 4wxyz.com
dn: dc=4wxyz,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: 4wxyz
dc: 4wxyz

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
$ docker exec openldap slapcat

--output--
dn: dc=4wxyz,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: 4wxyz
dc: 4wxyz
structuralObjectClass: organization
entryUUID: a8f0a940-6072-103b-9813-9597cb19f842
creatorsName: cn=admin,dc=4wxyz,dc=com
createTimestamp: 20210613090827Z
entryCSN: 20210613090827.781013Z#000000#000#000000
modifiersName: cn=admin,dc=4wxyz,dc=com
modifyTimestamp: 20210613090827Z

$ docker exec openldap slaptest
--output--
config file testing succeeded

organizationalRole admin

$ vim oR-admin.ldif
dn: cn=admin,dc=4wxyz,dc=com
cn: admin
roleOccupant: dc=4wxyz,dc=com
objectClass: organizationalRole
objectClass: top
description: LDAP Manager
$ docker exec openldap ldapadd -x -D cn=admin,dc=4wxyz,dc=com \
-w ldappassword \
-f /container/service/slapd/assets/custome/oR-admin.ldif \
-ZZ

--output--
adding new entry "cn=admin,dc=4wxyz,dc=com"

organizationalUnit Groups, People 생성

$ vim oU-groups.ldif
# Groups, 4wxyz.com
dn: ou=Groups,dc=4wxyz,dc=com
ou: Groups
objectClass: organizationalUnit
objectClass: top

# People, 4wxyz.com
dn: ou=People,dc=4wxyz,dc=com
ou: People
objectClass: organizationalUnit
objectClass: top
$ docker exec openldap ldapadd -x -D cn=admin,dc=4wxyz,dc=com \
-w ldappassword \
-f /container/service/slapd/assets/custome/oU-groups.ldif \
-ZZ

--output--
adding new entry "ou=Groups,dc=4wxyz,dc=com"

adding new entry "ou=People,dc=4wxyz,dc=com"

posixGroup infra,dev 생성

$ vim groups.ldif
# admin, Groups, 4wxyz.com
dn: cn=admin,ou=Groups,dc=4wxyz,dc=com
cn: admin
objectClass: posixGroup
objectClass: top
gidNumber: 1200
description: Administrator Team
#memberUid: 1201

# secu, Groups, 4wxyz.com
dn: cn=secu,ou=Groups,dc=4wxyz,dc=com
cn: secu
objectClass: posixGroup
objectClass: top
gidNumber: 1300
description: Security Team
#memberUid: 1301

# infra, Groups, 4wxyz.com
dn: cn=infra,ou=Groups,dc=4wxyz,dc=com
cn: infra
objectClass: posixGroup
objectClass: top
gidNumber: 1500
description: Infrastructure Team
#memberUid: 1501

# dev, Groups, 4wxyz.com
dn: cn=dev,ou=Groups,dc=4wxyz,dc=com
cn: dev
objectClass: posixGroup
objectClass: top
gidNumber: 1600
description: Development Team
#memberUid: 1601

# plan, Groups, 4wxyz.com
dn: cn=plan,ou=Groups,dc=4wxyz,dc=com
cn: plan
objectClass: posixGroup
objectClass: top
gidNumber: 1700
description: Planning Team
#memberUid: 1701

# design, Groups, 4wxyz.com
dn: cn=design,ou=Groups,dc=4wxyz,dc=com
cn: design
objectClass: posixGroup
objectClass: top
gidNumber: 1800
description: Design Team
#memberUid: 1801

# publisher, Groups, 4wxyz.com
dn: cn=publisher,ou=Groups,dc=4wxyz,dc=com
cn: publisher
objectClass: posixGroup
objectClass: top
gidNumber: 1900
description: Publisher Team
#memberUid: 1901
$ docker exec openldap ldapadd -x -D cn=admin,dc=4wxyz,dc=com \
-w ldappassword \
-f /container/service/slapd/assets/custome/groups.ldif \
-ZZ

--output--
adding new entry "cn=admin,ou=Groups,dc=4wxyz,dc=com"

adding new entry "cn=secu,ou=Groups,dc=4wxyz,dc=com"

adding new entry "cn=infra,ou=Groups,dc=4wxyz,dc=com"

adding new entry "cn=dev,ou=Groups,dc=4wxyz,dc=com"

adding new entry "cn=plan,ou=Groups,dc=4wxyz,dc=com"

adding new entry "cn=design,ou=Groups,dc=4wxyz,dc=com"

adding new entry "cn=publisher,ou=Groups,dc=4wxyz,dc=com"

posixAccount testuser1 생성

$ vim new-user.ldif
dn: uid=testuser1,ou=People,dc=4wxyz,dc=com
uid: testuser1
cn: testuser1
sn: 3
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: shadowAccount
loginShell: /bin/bash
homeDirectory: /home/testuser1
uidNumber: 1501
gidNumber: 1500
userPassword: {SSHA}j3lBh1Seqe4rqF1+NuWmjhvtAni1JC5A
mail: testuser1@4wxyz.com
gecos: testuser1 User
$ docker exec openldap ldapadd -x -D cn=admin,dc=4wxyz,dc=com \
-w ldappassword \
-f /container/service/slapd/assets/custome/new-user.ldif \
-ZZ

--output--
adding new entry "uid=testuser1,ou=People,dc=4wxyz,dc=com"

기본 계정 생성

$ docker exec openldap cp container/service/slapd/assets/test/new-user.ldif \
container/service/slapd/assets/custome/new-user.ldif

$ docker exec openldap ldapadd -x -D "cn=admin,dc=4wxyz,dc=com" \
-w ldappassword \
-f /container/service/slapd/assets/custome/testuser.ldif -ZZ

$ docker exec openldap ldappasswd -s password \
-w ldappassword \
-D "cn=admin,dc=4wxyz,dc=com" \
-x "uid=testuser,dc=4wxyz,dc=com"

$ docker exec openldap ldapsearch -x -b "uid=testuser,dc=4wxyz,dc=com" \
-D "cn=admin,dc=4wxyz,dc=com" \
-w ldappassword

LDAP 클라이언트 설정

LDAP enable

$ authconfig --enableldap \
--enableshadow \
--enableldapauth \
--enablelocauthorize \
--disableldaptls \
--ldapserver=192.168.56.101 \
--ldapbasedn="dc=4wxyz,dc=com" \
--disablecache \
--enablemkhomedir \
--update

LDAP 계정 조회

$ getent passwd

LDAP disable

$ authconfig --disableldap --disableldapauth --update

 

728x90
반응형