====== OpenLDAP ======
==== Ajuste no sistema ====
**Hostname e arquivo hosts:**
root@ldap:~# cat /etc/hostname
ldap
root@ldap:~# cat /etc/hosts
127.0.0.1 localhost
198.51.100.250 ldap.exemplo.org ldap
[...]
**ConfiguraĆ§Ć£o de rede:**
root@ldap:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 198.51.100.250
netmask 255.255.255.0
gateway 198.51.100.254
dns-nameservers 198.51.100.200
==== Instalando o OpenLDAP ====
root@ldap:~# aptitude update
root@ldap:~# aptitude install slapd ldap-utils
Configurando
root@ldap:~# systemctl stop slapd
root@ldap:~# ls /var/lib/ldap/
data.mdb lock.mdb
root@ldap:~# rm -rf /var/lib/ldap/*
root@ldap:~# cp /usr/share/doc/slapd/examples/slapd.conf /etc/ldap/
root@ldap:~# chown openldap.openldap /etc/ldap/slapd.conf
Schema qmail
root@ldap:~# cd /etc/ldap/schema/
root@ldap:/etc/ldap/schema# wget https://raw.githubusercontent.com/amery/qmail/master/qmail.schema
root@ldap:~# egrep -v "^#|^$" /etc/ldap/slapd.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/qmail.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 256
modulepath /usr/lib/ldap
moduleload back_hdb
sizelimit 500
tool-threads 1
backend hdb
database hdb
suffix "dc=exemplo,dc=org"
rootdn "cn=admin,dc=exemplo,dc=org"
rootpw "{SSHA}Ph4deQZmYrIcP48I9lYemmhS+OGF8yM/"
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass eq
index cn,sn,ou eq,sub,approx
index uid,uidNumber,gidNumber eq
index mail,mailAlternateAddress,mailMessageStore,mailHost eq,pres,sub
index default eq,pres,sub
lastmod on
checkpoint 512 30
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=exemplo,dc=org" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=exemplo,dc=org" write
by * read
root@ldap:~# egrep -v "^#|^$" /etc/default/slapd
SLAPD_CONF=/etc/ldap/slapd.conf
SLAPD_USER="openldap"
SLAPD_GROUP="openldap"
SLAPD_PIDFILE=
SLAPD_SERVICES="ldap:/// ldapi:///"
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
SLAPD_OPTIONS=""
root@ldap:~# systemctl start slapd
Estrutura
root@ldap:~# slappasswd
New password:
Re-enter new password:
{SSHA}jq8mEH1UvLyxWKMVhMDOT5/ImZ7vTAch
root@ldap:~# cat estrutura.ldif
dn: dc=exemplo,dc=org
dc: exemplo
o: exemplo
objectClass: top
objectClass: dcObject
objectClass: organization
dn: ou=Usuarios,dc=exemplo,dc=org
ou: Usuarios
objectClass: top
objectClass: organizationalUnit
dn: cn=Alice Schneier,ou=Usuarios,dc=exemplo,dc=org
telephoneNumber: (11)3333-9999
displayName: Alice Schneier
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: qmailUser
o: Exemplo LTDA.
mobile: (94)3333-9999
sn: Schneier
mail: alice@exemplo.org
homePhone: (94)3333-9999
givenName: Alice
cn: Alice Schneier
mailHost: localhost
mailMessageStore: maildir:/home/vmail/alice/Maildir/
homeDirectory: /home/vmail/alice/
accountStatus: A
mailAlternateAddress: alice.schneier@exemplo.org
userPassword: {SSHA}jq8mEH1UvLyxWKMVhMDOT5/ImZ7vTAch
dn: cn=Bob Schneier,ou=Usuarios,dc=exemplo,dc=org
telephoneNumber: (11)3333-9999
displayName: Bob Schneier
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: qmailUser
o: Exemplo LTDA.
mobile: (94)3333-9999
sn: Schneier
mail: bob@exemplo.org
homePhone: (94)3333-9999
givenName: Bob
cn: Bob Schneier
mailHost: localhost
mailMessageStore: maildir:/home/vmail/bob/Maildir/
homeDirectory: /home/vmail/bob/
accountStatus: A
mailAlternateAddress: bob.schneier@exemplo.org
userPassword: {SSHA}jq8mEH1UvLyxWKMVhMDOT5/ImZ7vTAch
root@ldap:~# ldapadd -x -D cn=admin,dc=exemplo,dc=org -W -h localhost -f estrutura.ldif
Enter LDAP Password:
adding new entry "dc=exemplo,dc=org"
adding new entry "ou=Usuarios,dc=exemplo,dc=org"
adding new entry "cn=Alice Schneier,ou=Usuarios,dc=exemplo,dc=org"
adding new entry "cn=Bob Schneier,ou=Usuarios,dc=exemplo,dc=org"
root@ldap:~# ldapsearch -x -D cn=admin,dc=exemplo,dc=org -b dc=exemplo,dc=org -W -h localhost -LLL
Enter LDAP Password:
dn: dc=exemplo,dc=org
dc: exemplo
o: exemplo
objectClass: top
objectClass: dcObject
objectClass: organization
dn: ou=Usuarios,dc=exemplo,dc=org
ou: Usuarios
objectClass: top
objectClass: organizationalUnit
dn: cn=Alice Schneier,ou=Usuarios,dc=exemplo,dc=org
telephoneNumber: (11)3333-9999
displayName: Alice Schneier
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: qmailUser
o: Exemplo LTDA.
mobile: (94)3333-9999
sn: Schneier
mail: alice@exemplo.org
homePhone: (94)3333-9999
givenName: Alice
cn: Alice Schneier
mailHost: localhost
mailMessageStore: maildir:/home/vmail/alice/Maildir/
homeDirectory: /home/vmail/alice/
accountStatus: A
mailAlternateAddress: alice.schneier@exemplo.org
userPassword:: e1NTSEF9anE4bUVIMVV2THl4V0tNVmhNRE9UNS9JbVo3dlRBY2g=
dn: cn=Bob Schneier,ou=Usuarios,dc=exemplo,dc=org
telephoneNumber: (11)3333-9999
displayName: Bob Schneier
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: qmailUser
o: Exemplo LTDA.
mobile: (94)3333-9999
sn: Schneier
mail: bob@exemplo.org
homePhone: (94)3333-9999
givenName: Bob
cn: Bob Schneier
mailHost: localhost
mailMessageStore: maildir:/home/vmail/bob/Maildir/
homeDirectory: /home/vmail/bob/
accountStatus: A
mailAlternateAddress: bob.schneier@exemplo.org
userPassword:: e1NTSEF9anE4bUVIMVV2THl4V0tNVmhNRE9UNS9JbVo3dlRBY2g=