반응형
OpenLDAP 클라이언트 설치
OpenLDAP 클라이언트 패키지 설치
$ yum install -y openldap-clients nss-pam-ldapd
...
Installing:
nss-pam-ldapd
openldap-clients
Installing for dependencies:
nscd
$ systemctl restart nscd
ldapsearch 명령어 확인
$ ldapsearch -h 192.168.56.101 -D cn=admin,dc=4wxyz,dc=com -b dc=4wxyz,dc=com -w ldappassword -s sub "(objectclass=*)"
--output--
# extended LDIF
#
# LDAPv3
# base <dc=4wxyz,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# 4wxyz.com
dn: dc=4wxyz,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: 4wxyz
dc: 4wxyz
# admin, 4wxyz.com
dn: cn=admin,dc=4wxyz,dc=com
cn: admin
roleOccupant: dc=4wxyz,dc=com
objectClass: organizationalRole
objectClass: top
description: LDAP Manager
# Groups, 4wxyz.com
dn: ou=Groups,dc=4wxyz,dc=com
ou: Groups
objectClass: organizationalUnit
objectClass: top
# People, 4wxyz.com
dn: ou=People,dc=4wxyz,dc=com
ou: People
objectClass: organizationalUnit
objectClass: top
# admin, Groups, 4wxyz.com
dn: cn=admin,ou=Groups,dc=4wxyz,dc=com
cn: admin
objectClass: posixGroup
objectClass: top
gidNumber: 1200
description: Administrator Team
# secu, Groups, 4wxyz.com
dn: cn=secu,ou=Groups,dc=4wxyz,dc=com
cn: secu
objectClass: posixGroup
objectClass: top
gidNumber: 1300
description: Security Team
# infra, Groups, 4wxyz.com
dn: cn=infra,ou=Groups,dc=4wxyz,dc=com
cn: infra
objectClass: posixGroup
objectClass: top
gidNumber: 1500
description: Infrastructure Team
# dev, Groups, 4wxyz.com
dn: cn=dev,ou=Groups,dc=4wxyz,dc=com
cn: dev
objectClass: posixGroup
objectClass: top
gidNumber: 1600
description: Development Team
# plan, Groups, 4wxyz.com
dn: cn=plan,ou=Groups,dc=4wxyz,dc=com
cn: plan
objectClass: posixGroup
objectClass: top
gidNumber: 1700
description: Planning Team
# design, Groups, 4wxyz.com
dn: cn=design,ou=Groups,dc=4wxyz,dc=com
cn: design
objectClass: posixGroup
objectClass: top
gidNumber: 1800
description: Design Team
# publisher, Groups, 4wxyz.com
dn: cn=publisher,ou=Groups,dc=4wxyz,dc=com
cn:: cHVibGlzaGVyIA==
objectClass: posixGroup
objectClass: top
gidNumber: 1900
description: Publisher Team
# testuser1, People, 4wxyz.com
dn: uid=testuser1,ou=People,dc=4wxyz,dc=com
uid: testuser1
cn: testuser1
sn: 3
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: shadowAccount
loginShell: /bin/bash
homeDirectory: /home/testuser1
uidNumber: 1501
gidNumber: 1500
userPassword:: e1NTSEF9ajNsQmgxU2VxZTRycUYxK051V21qaHZ0QW5pMUpDNUE=
mail: testuser1@4wxyz.com
gecos: testuser1 User
# Policies, 4wxyz.com
dn: ou=Policies,dc=4wxyz,dc=com
ou: Policies
objectClass: organizationalUnit
objectClass: extensibleObject
objectClass: top
# default, Policies, 4wxyz.com
dn: cn=default,ou=Policies,dc=4wxyz,dc=com
objectClass: pwdPolicy
objectClass: person
objectClass: top
cn: passwordDefault
cn: default
sn: passwordDefault
pwdAttribute: 2.5.4.35
pwdAllowUserChange: TRUE
pwdCheckQuality: 2
pwdExpireWarning: 600
pwdFailureCountInterval: 30
pwdGraceAuthNLimit: 5
pwdLockout: TRUE
pwdLockoutDuration: 0
pwdMaxAge: 0
pwdMaxFailure: 10
pwdMaxRecordedFailure: 10
pwdMinAge: 0
pwdMinLength: 8
pwdMustChange: FALSE
pwdSafeModify: FALSE
pwdInHistory: 2
# apart, Groups, 4wxyz.com
dn: cn=apart,ou=Groups,dc=4wxyz,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 2100
cn: apart
description: groups
# scbyun, People, 4wxyz.com
dn: uid=scbyun,ou=People,dc=4wxyz,dc=com
uid: scbyun
cn: sangchul
sn: sangchul
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
givenName: sangchul
mail: scbyun@4wxyz.com
gecos: sangchul
loginShell: /bin/bash
uidNumber: 2101
gidNumber: 2101
homeDirectory: /home/scbyun
userPassword:: e1NTSEF9VVpyV1JsaHhwWEsrYUFmUEd6NUIrd2xvUitJYXc5VFY=
description: User Create
# search result
search: 2
result: 0 Success
# numResponses: 17
# numEntries: 16
$ ldapsearch -h 192.168.56.101 -D cn=admin,dc=4wxyz,dc=com -b dc=4wxyz,dc=com -w ldappassword dn
--output--
# extended LDIF
#
# LDAPv3
# base <dc=4wxyz,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: dn
#
# 4wxyz.com
dn: dc=4wxyz,dc=com
# admin, 4wxyz.com
dn: cn=admin,dc=4wxyz,dc=com
# Groups, 4wxyz.com
dn: ou=Groups,dc=4wxyz,dc=com
# People, 4wxyz.com
dn: ou=People,dc=4wxyz,dc=com
# admin, Groups, 4wxyz.com
dn: cn=admin,ou=Groups,dc=4wxyz,dc=com
# secu, Groups, 4wxyz.com
dn: cn=secu,ou=Groups,dc=4wxyz,dc=com
# infra, Groups, 4wxyz.com
dn: cn=infra,ou=Groups,dc=4wxyz,dc=com
# dev, Groups, 4wxyz.com
dn: cn=dev,ou=Groups,dc=4wxyz,dc=com
# plan, Groups, 4wxyz.com
dn: cn=plan,ou=Groups,dc=4wxyz,dc=com
# design, Groups, 4wxyz.com
dn: cn=design,ou=Groups,dc=4wxyz,dc=com
# publisher, Groups, 4wxyz.com
dn: cn=publisher,ou=Groups,dc=4wxyz,dc=com
# testuser1, People, 4wxyz.com
dn: uid=testuser1,ou=People,dc=4wxyz,dc=com
# Policies, 4wxyz.com
dn: ou=Policies,dc=4wxyz,dc=com
# default, Policies, 4wxyz.com
dn: cn=default,ou=Policies,dc=4wxyz,dc=com
# apart, Groups, 4wxyz.com
dn: cn=apart,ou=Groups,dc=4wxyz,dc=com
# scbyun, People, 4wxyz.com
dn: uid=scbyun,ou=People,dc=4wxyz,dc=com
# search result
search: 2
result: 0 Success
# numResponses: 17
# numEntries: 16
LDAP enable
$ authconfig --enableldap \
--enableshadow \
--enableldapauth \
--enablelocauthorize \
--disableldaptls \
--ldapserver=192.168.56.101 \
--ldapbasedn="dc=4wxyz,dc=com" \
--disablecache \
--enablemkhomedir \
--update
LDAP 계정 조회
$ getent passwd
LDAP disable
$ authconfig --disableldap --disableldapauth --update
728x90
반응형
'리눅스' 카테고리의 다른 글
CentOS 7에서 OpenLDAP 서버를 삭제하는 방법 (0) | 2021.06.14 |
---|---|
[LDAP] phpLDAPadmin 설치 및 연동 (0) | 2021.06.14 |
[LDAP] OpenLDAP 스크립트로 그룹 생성 및 사용자 계정 (0) | 2021.06.13 |
[LDAP] OpenLDAP Password Policy overlay (ppolicy) (0) | 2021.06.13 |
[LDAP] OpenLDAP 그룹 및 계정 생성 (0) | 2021.06.13 |