Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Instalación y configuración inicial de OpenLDAP
- root@sancho:~# hostname -f
- sancho.alvaro.gonzalonazareno.org
- root@sancho:~# apt update && apt upgrade && apt install slapd ldap-utils
- root@sancho:~# netstat -tlnp
- Active Internet connections (only servers)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 5019/slapd
- tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 662/mysqld
- tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 509/systemd-resolve
- tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 595/sshd: /usr/sbin
- tcp6 0 0 :::389 :::* LISTEN 5019/slapd
- tcp6 0 0 :::22 :::* LISTEN 595/sshd: /usr/sbin
- root@sancho:~# ldapsearch -x -b "dc=alvaro,dc=gonzalonazareno,dc=org"
- # alvaro.gonzalonazareno.org
- dn: dc=alvaro,dc=gonzalonazareno,dc=org
- objectClass: top
- objectClass: dcObject
- objectClass: organization
- o: alvaro.gonzalonazareno.org
- dc: alvaro
- # admin, alvaro.gonzalonazareno.org
- dn: cn=admin,dc=alvaro,dc=gonzalonazareno,dc=org
- objectClass: simpleSecurityObject
- objectClass: organizationalRole
- cn: admin
- description: LDAP administrator
- # search result
- search: 2
- result: 0 Success
- # Configuración LDAPs
- root@freston:~# scp -p /etc/ssl/certs/gonzalonazareno.crt ubuntu@sancho:
- root@freston:~# scp -p /etc/ssl/certs/openstack.crt ubuntu@sancho:
- root@freston:~# scp -p /etc/ssl/private/openstack.key ubuntu@sancho:
- root@sancho:~# ls -l /home/ubuntu/
- total 20
- -rw-r--r-- 1 ubuntu ubuntu 3634 Dec 15 16:22 gonzalonazareno.crt
- -rw-r--r-- 1 ubuntu ubuntu 10097 Dec 15 13:27 openstack.crt
- -r--r-x--- 1 ubuntu ubuntu 3247 Dec 14 11:53 openstack.key
- root@sancho:~# chown root:root /home/ubuntu/gonzalonazareno.crt
- root@sancho:~# chown root:root /home/ubuntu/openstack.crt
- root@sancho:~# chown root:root /home/ubuntu/openstack.key
- root@sancho:~# chmod 400 /home/ubuntu/openstack.key
- root@sancho:~# mv /home/ubuntu/gonzalonazareno.crt /etc/ssl/certs/
- root@sancho:~# mv /home/ubuntu/openstack.crt /etc/ssl/certs/
- root@sancho:~# mv /home/ubuntu/openstack.key /etc/ssl/private/
- root@sancho:~# ls -l /etc/ssl/certs/ | egrep '(openstack|gonzalonazareno)'
- -rw-r--r-- 1 root root 3634 Dec 15 16:22 gonzalonazareno.crt
- -rw-r--r-- 1 root root 10097 Dec 15 13:27 openstack.crt
- root@sancho:~# ls -l /etc/ssl/private/
- total 4
- -r-------- 1 root root 3247 Dec 14 11:53 openstack.key
- root@sancho:~# setfacl -m u:openldap:r-x /etc/ssl/private
- root@sancho:~# setfacl -m u:openldap:r-x /etc/ssl/private/openstack.key
- root@sancho:~# nano ldaps.ldif
- dn: cn=config
- changetype: modify
- replace: olcTLSCACertificateFile
- olcTLSCACertificateFile: /etc/ssl/certs/gonzalonazareno.crt
- -
- replace: olcTLSCertificateKeyFile
- olcTLSCertificateKeyFile: /etc/ssl/private/openstack.key
- -
- replace: olcTLSCertificateFile
- olcTLSCertificateFile: /etc/ssl/certs/openstack.crt
- root@sancho:~# ldapmodify -Y EXTERNAL -H ldapi:/// -f ldaps.ldif
- SASL/EXTERNAL authentication started
- SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
- SASL SSF: 0
- modifying entry "cn=config"
- root@sancho:~# nano /etc/default/slapd
- SLAPD_SERVICES="ldap:/// ldapi:///"
- SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"
- root@sancho:~# systemctl restart slapd
- root@sancho:~# systemctl status slapd
- ● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
- Loaded: loaded (/etc/init.d/slapd; generated)
- Drop-In: /usr/lib/systemd/system/slapd.service.d
- └─slapd-remain-after-exit.conf
- Active: active (running) since Thu 2020-12-17 15:16:24 CET; 4s ago
- Docs: man:systemd-sysv-generator(8)
- Process: 5642 ExecStart=/etc/init.d/slapd start (code=exited, status=0/SUCCESS)
- Tasks: 3 (limit: 533)
- Memory: 3.8M
- CGroup: /system.slice/slapd.service
- └─5660 /usr/sbin/slapd -h ldap:/// ldapi:/// ldaps:/// -g openldap -u openldap -F /etc/ldap/slapd.d
- Dec 17 15:16:24 sancho systemd[1]: slapd.service: Succeeded.
- Dec 17 15:16:24 sancho systemd[1]: Stopped LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
- Dec 17 15:16:24 sancho systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
- Dec 17 15:16:24 sancho slapd[5642]: * Starting OpenLDAP slapd
- Dec 17 15:16:24 sancho slapd[5659]: @(#) $OpenLDAP: slapd (Ubuntu) (Nov 16 2020 13:39:57) $
- Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
- Dec 17 15:16:24 sancho slapd[5660]: slapd starting
- Dec 17 15:16:24 sancho slapd[5642]: ...done.
- Dec 17 15:16:24 sancho systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
- root@sancho:~# netstat -tlnp | egrep 'slapd'
- tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 5660/slapd
- tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 5660/slapd
- tcp6 0 0 :::636 :::* LISTEN 5660/slapd
- tcp6 0 0 :::389 :::* LISTEN 5660/slapd
- root@sancho:~# cp /etc/ssl/certs/gonzalonazareno.crt /usr/local/share/ca-certificates/
- root@sancho:~# update-ca-certificates
- Updating certificates in /etc/ssl/certs...
- rehash: warning: skipping duplicate certificate in gonzalonazareno.crt
- 1 added, 0 removed; done.
- Running hooks in /etc/ca-certificates/update.d...
- done.
- root@sancho:~# ldapsearch -x -b "dc=alvaro,dc=gonzalonazareno,dc=org" -H ldaps://localhost:636
- # alvaro.gonzalonazareno.org
- dn: dc=alvaro,dc=gonzalonazareno,dc=org
- objectClass: top
- objectClass: dcObject
- objectClass: organization
- o: alvaro.gonzalonazareno.org
- dc: alvaro
- # admin, alvaro.gonzalonazareno.org
- dn: cn=admin,dc=alvaro,dc=gonzalonazareno,dc=org
- objectClass: simpleSecurityObject
- objectClass: organizationalRole
- cn: admin
- description: LDAP administrator
- # search result
- search: 2
- result: 0 Success
- root@sancho:~# nano /etc/ldap/ldap.conf
- #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
- URI ldaps://localhost
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement