Arquivo hosts:
# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 192.0.2.150 ldap.laboratorio.com.br ldap ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 2001:db8:cafe::150 ldap.laboratorio.com.br ldap
Hostname:
# hostnamectl status | grep hostname
Static hostname: ldap.laboratorio.com.br
Caso não queira reiniciar o sistema depois de alterar o hostname faça assim:
# echo ldap > /proc/sys/kernel/hostname
# yum install openldap-servers openldap-clients
openldap-servers
# rpm -qil openldap-servers Name : openldap-servers Version : 2.4.39 Release : 6.el7 Architecture: x86_64 Install Date: Qua 07 Out 2015 20:21:41 BRT Group : System Environment/Daemons Size : 4887528 License : OpenLDAP Signature : RSA/SHA256, Sáb 14 Mar 2015 05:22:49 BRT, Key ID 24c6a8a7f4a80eb5 Source RPM : openldap-2.4.39-6.el7.src.rpm Build Date : Sex 06 Mar 2015 01:36:42 BRT Build Host : worker1.bsys.centos.org Relocations : (not relocatable) Packager : CentOS BuildSystem <http://bugs.centos.org> Vendor : CentOS URL : http://www.openldap.org/ Summary : LDAP server Description : OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. This package contains the slapd server and related files. /etc/openldap/check_password.conf /etc/openldap/schema /etc/openldap/schema/collective.ldif /etc/openldap/schema/collective.schema /etc/openldap/schema/corba.ldif /etc/openldap/schema/corba.schema /etc/openldap/schema/core.ldif /etc/openldap/schema/core.schema /etc/openldap/schema/cosine.ldif /etc/openldap/schema/cosine.schema /etc/openldap/schema/duaconf.ldif /etc/openldap/schema/duaconf.schema /etc/openldap/schema/dyngroup.ldif /etc/openldap/schema/dyngroup.schema /etc/openldap/schema/inetorgperson.ldif /etc/openldap/schema/inetorgperson.schema /etc/openldap/schema/java.ldif /etc/openldap/schema/java.schema /etc/openldap/schema/misc.ldif /etc/openldap/schema/misc.schema /etc/openldap/schema/nis.ldif /etc/openldap/schema/nis.schema /etc/openldap/schema/openldap.ldif /etc/openldap/schema/openldap.schema /etc/openldap/schema/pmi.ldif /etc/openldap/schema/pmi.schema /etc/openldap/schema/ppolicy.ldif /etc/openldap/schema/ppolicy.schema /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak /etc/openldap/slapd.d /etc/sysconfig/slapd /usr/lib/systemd/system/slapd.service /usr/lib/tmpfiles.d/slapd.conf /usr/lib64/openldap/accesslog-2.4.so.2 /usr/lib64/openldap/accesslog-2.4.so.2.10.2 /usr/lib64/openldap/accesslog.la /usr/lib64/openldap/auditlog-2.4.so.2 /usr/lib64/openldap/auditlog-2.4.so.2.10.2 /usr/lib64/openldap/auditlog.la /usr/lib64/openldap/back_dnssrv-2.4.so.2 /usr/lib64/openldap/back_dnssrv-2.4.so.2.10.2 /usr/lib64/openldap/back_dnssrv.la /usr/lib64/openldap/back_ldap-2.4.so.2 /usr/lib64/openldap/back_ldap-2.4.so.2.10.2 /usr/lib64/openldap/back_ldap.la /usr/lib64/openldap/back_meta-2.4.so.2 /usr/lib64/openldap/back_meta-2.4.so.2.10.2 /usr/lib64/openldap/back_meta.la /usr/lib64/openldap/back_null-2.4.so.2 /usr/lib64/openldap/back_null-2.4.so.2.10.2 /usr/lib64/openldap/back_null.la /usr/lib64/openldap/back_passwd-2.4.so.2 /usr/lib64/openldap/back_passwd-2.4.so.2.10.2 /usr/lib64/openldap/back_passwd.la /usr/lib64/openldap/back_perl-2.4.so.2 /usr/lib64/openldap/back_perl-2.4.so.2.10.2 /usr/lib64/openldap/back_perl.la /usr/lib64/openldap/back_relay-2.4.so.2 /usr/lib64/openldap/back_relay-2.4.so.2.10.2 /usr/lib64/openldap/back_relay.la /usr/lib64/openldap/back_shell-2.4.so.2 /usr/lib64/openldap/back_shell-2.4.so.2.10.2 /usr/lib64/openldap/back_shell.la /usr/lib64/openldap/back_sock-2.4.so.2 /usr/lib64/openldap/back_sock-2.4.so.2.10.2 /usr/lib64/openldap/back_sock.la /usr/lib64/openldap/check_password.so.1.1 /usr/lib64/openldap/collect-2.4.so.2 /usr/lib64/openldap/collect-2.4.so.2.10.2 /usr/lib64/openldap/collect.la /usr/lib64/openldap/constraint-2.4.so.2 /usr/lib64/openldap/constraint-2.4.so.2.10.2 /usr/lib64/openldap/constraint.la /usr/lib64/openldap/dds-2.4.so.2 /usr/lib64/openldap/dds-2.4.so.2.10.2 /usr/lib64/openldap/dds.la /usr/lib64/openldap/deref-2.4.so.2 /usr/lib64/openldap/deref-2.4.so.2.10.2 /usr/lib64/openldap/deref.la /usr/lib64/openldap/dyngroup-2.4.so.2 /usr/lib64/openldap/dyngroup-2.4.so.2.10.2 /usr/lib64/openldap/dyngroup.la /usr/lib64/openldap/dynlist-2.4.so.2 /usr/lib64/openldap/dynlist-2.4.so.2.10.2 /usr/lib64/openldap/dynlist.la /usr/lib64/openldap/memberof-2.4.so.2 /usr/lib64/openldap/memberof-2.4.so.2.10.2 /usr/lib64/openldap/memberof.la /usr/lib64/openldap/pcache-2.4.so.2 /usr/lib64/openldap/pcache-2.4.so.2.10.2 /usr/lib64/openldap/pcache.la /usr/lib64/openldap/ppolicy-2.4.so.2 /usr/lib64/openldap/ppolicy-2.4.so.2.10.2 /usr/lib64/openldap/ppolicy.la /usr/lib64/openldap/refint-2.4.so.2 /usr/lib64/openldap/refint-2.4.so.2.10.2 /usr/lib64/openldap/refint.la /usr/lib64/openldap/retcode-2.4.so.2 /usr/lib64/openldap/retcode-2.4.so.2.10.2 /usr/lib64/openldap/retcode.la /usr/lib64/openldap/rwm-2.4.so.2 /usr/lib64/openldap/rwm-2.4.so.2.10.2 /usr/lib64/openldap/rwm.la /usr/lib64/openldap/seqmod-2.4.so.2 /usr/lib64/openldap/seqmod-2.4.so.2.10.2 /usr/lib64/openldap/seqmod.la /usr/lib64/openldap/smbk5pwd-2.4.so.2 /usr/lib64/openldap/smbk5pwd-2.4.so.2.10.2 /usr/lib64/openldap/smbk5pwd.la /usr/lib64/openldap/sssvlv-2.4.so.2 /usr/lib64/openldap/sssvlv-2.4.so.2.10.2 /usr/lib64/openldap/sssvlv.la /usr/lib64/openldap/syncprov-2.4.so.2 /usr/lib64/openldap/syncprov-2.4.so.2.10.2 /usr/lib64/openldap/syncprov.la /usr/lib64/openldap/translucent-2.4.so.2 /usr/lib64/openldap/translucent-2.4.so.2.10.2 /usr/lib64/openldap/translucent.la /usr/lib64/openldap/unique-2.4.so.2 /usr/lib64/openldap/unique-2.4.so.2.10.2 /usr/lib64/openldap/unique.la /usr/lib64/openldap/valsort-2.4.so.2 /usr/lib64/openldap/valsort-2.4.so.2.10.2 /usr/lib64/openldap/valsort.la /usr/libexec/openldap/check-config.sh /usr/libexec/openldap/convert-config.sh /usr/libexec/openldap/functions /usr/libexec/openldap/generate-server-cert.sh /usr/libexec/openldap/upgrade-db.sh /usr/sbin/slapacl /usr/sbin/slapadd /usr/sbin/slapauth /usr/sbin/slapcat /usr/sbin/slapd /usr/sbin/slapdn /usr/sbin/slapindex /usr/sbin/slappasswd /usr/sbin/slapschema /usr/sbin/slaptest /usr/share/doc/openldap-servers-2.4.39 /usr/share/doc/openldap-servers-2.4.39/README.back_perl /usr/share/doc/openldap-servers-2.4.39/README.check_pwd /usr/share/doc/openldap-servers-2.4.39/README.schema /usr/share/doc/openldap-servers-2.4.39/README.smbk5pwd /usr/share/doc/openldap-servers-2.4.39/SampleLDAP.pm /usr/share/doc/openldap-servers-2.4.39/allmail-en.png /usr/share/doc/openldap-servers-2.4.39/allusersgroup-en.png /usr/share/doc/openldap-servers-2.4.39/config_dit.png /usr/share/doc/openldap-servers-2.4.39/config_local.png /usr/share/doc/openldap-servers-2.4.39/config_ref.png /usr/share/doc/openldap-servers-2.4.39/config_repl.png /usr/share/doc/openldap-servers-2.4.39/delta-syncrepl.png /usr/share/doc/openldap-servers-2.4.39/dual_dc.png /usr/share/doc/openldap-servers-2.4.39/guide.html /usr/share/doc/openldap-servers-2.4.39/intro_dctree.png /usr/share/doc/openldap-servers-2.4.39/intro_tree.png /usr/share/doc/openldap-servers-2.4.39/ldap-sync-refreshandpersist.png /usr/share/doc/openldap-servers-2.4.39/ldap-sync-refreshonly.png /usr/share/doc/openldap-servers-2.4.39/n-way-multi-master.png /usr/share/doc/openldap-servers-2.4.39/push-based-complete.png /usr/share/doc/openldap-servers-2.4.39/push-based-standalone.png /usr/share/doc/openldap-servers-2.4.39/refint.png /usr/share/doc/openldap-servers-2.4.39/set-following-references.png /usr/share/doc/openldap-servers-2.4.39/set-memberUid.png /usr/share/doc/openldap-servers-2.4.39/set-recursivegroup.png /usr/share/man/man5/slapd-bdb.5.gz /usr/share/man/man5/slapd-config.5.gz /usr/share/man/man5/slapd-dnssrv.5.gz /usr/share/man/man5/slapd-hdb.5.gz /usr/share/man/man5/slapd-ldap.5.gz /usr/share/man/man5/slapd-ldbm.5.gz /usr/share/man/man5/slapd-ldif.5.gz /usr/share/man/man5/slapd-mdb.5.gz /usr/share/man/man5/slapd-meta.5.gz /usr/share/man/man5/slapd-monitor.5.gz /usr/share/man/man5/slapd-ndb.5.gz /usr/share/man/man5/slapd-null.5.gz /usr/share/man/man5/slapd-passwd.5.gz /usr/share/man/man5/slapd-perl.5.gz /usr/share/man/man5/slapd-relay.5.gz /usr/share/man/man5/slapd-shell.5.gz /usr/share/man/man5/slapd-sock.5.gz /usr/share/man/man5/slapd-sql.5.gz /usr/share/man/man5/slapd.access.5.gz /usr/share/man/man5/slapd.backends.5.gz /usr/share/man/man5/slapd.conf.5.gz /usr/share/man/man5/slapd.overlays.5.gz /usr/share/man/man5/slapd.plugin.5.gz /usr/share/man/man5/slapo-accesslog.5.gz /usr/share/man/man5/slapo-auditlog.5.gz /usr/share/man/man5/slapo-chain.5.gz /usr/share/man/man5/slapo-collect.5.gz /usr/share/man/man5/slapo-constraint.5.gz /usr/share/man/man5/slapo-dds.5.gz /usr/share/man/man5/slapo-dyngroup.5.gz /usr/share/man/man5/slapo-dynlist.5.gz /usr/share/man/man5/slapo-memberof.5.gz /usr/share/man/man5/slapo-pbind.5.gz /usr/share/man/man5/slapo-pcache.5.gz /usr/share/man/man5/slapo-ppolicy.5.gz /usr/share/man/man5/slapo-refint.5.gz /usr/share/man/man5/slapo-retcode.5.gz /usr/share/man/man5/slapo-rwm.5.gz /usr/share/man/man5/slapo-sock.5.gz /usr/share/man/man5/slapo-sssvlv.5.gz /usr/share/man/man5/slapo-syncprov.5.gz /usr/share/man/man5/slapo-translucent.5.gz /usr/share/man/man5/slapo-unique.5.gz /usr/share/man/man5/slapo-valsort.5.gz /usr/share/man/man8/slapacl.8.gz /usr/share/man/man8/slapadd.8.gz /usr/share/man/man8/slapauth.8.gz /usr/share/man/man8/slapcat.8.gz /usr/share/man/man8/slapd.8.gz /usr/share/man/man8/slapdn.8.gz /usr/share/man/man8/slapindex.8.gz /usr/share/man/man8/slappasswd.8.gz /usr/share/man/man8/slapschema.8.gz /usr/share/man/man8/slaptest.8.gz /usr/share/openldap-servers /usr/share/openldap-servers/DB_CONFIG.example /usr/share/openldap-servers/slapd.ldif /var/lib/ldap /var/run/openldap
openldap-clients
# rpm -qil openldap-clients Name : openldap-clients Version : 2.4.39 Release : 6.el7 Architecture: x86_64 Install Date: Qua 07 Out 2015 20:21:43 BRT Group : Applications/Internet Size : 588433 License : OpenLDAP Signature : RSA/SHA256, Sáb 14 Mar 2015 05:22:43 BRT, Key ID 24c6a8a7f4a80eb5 Source RPM : openldap-2.4.39-6.el7.src.rpm Build Date : Sex 06 Mar 2015 01:36:42 BRT Build Host : worker1.bsys.centos.org Relocations : (not relocatable) Packager : CentOS BuildSystem <http://bugs.centos.org> Vendor : CentOS URL : http://www.openldap.org/ Summary : LDAP client utilities Description : OpenLDAP is an open-source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap-clients package contains the client programs needed for accessing and modifying OpenLDAP directories. /usr/bin/ldapadd /usr/bin/ldapcompare /usr/bin/ldapdelete /usr/bin/ldapexop /usr/bin/ldapmodify /usr/bin/ldapmodrdn /usr/bin/ldappasswd /usr/bin/ldapsearch /usr/bin/ldapurl /usr/bin/ldapwhoami /usr/share/man/man1/ldapadd.1.gz /usr/share/man/man1/ldapcompare.1.gz /usr/share/man/man1/ldapdelete.1.gz /usr/share/man/man1/ldapexop.1.gz /usr/share/man/man1/ldapmodify.1.gz /usr/share/man/man1/ldapmodrdn.1.gz /usr/share/man/man1/ldappasswd.1.gz /usr/share/man/man1/ldapsearch.1.gz /usr/share/man/man1/ldapurl.1.gz /usr/share/man/man1/ldapwhoami.1.gz
# systemctl enable slapd.service ln -s '/usr/lib/systemd/system/slapd.service' '/etc/systemd/system/multi-user.target.wants/slapd.service'
# systemctl list-unit-files --type=service | grep -e slapd.service
slapd.service enabled
# systemctl is-enabled slapd.service
enabled
Antes de iniciarmos as configurações vamos fazer um backup dos arquivos originais
# cp -ap /etc/openldap/slapd.d{,.org}
# ls -la /etc/openldap/ total 28 drwxr-xr-x. 7 root root 4096 Out 8 09:38 . drwxr-xr-x. 77 root root 8192 Out 8 09:06 .. drwxr-xr-x. 2 root root 85 Out 7 20:21 certs -rw-r--r--. 1 root root 121 Mar 6 2015 check_password.conf -rw-r--r--. 1 root root 363 Mar 6 2015 ldap.conf drwxr-xr-x. 2 root root 4096 Out 7 20:21 schema drwx------. 3 ldap ldap 43 Out 7 20:21 slapd.d drwx------. 3 ldap ldap 43 Out 7 20:21 slapd.d.org
Comparando os dois arquivos
# diff -r /etc/openldap/slapd.d /etc/openldap/slapd.d.org
Alterando entrada do cliente
# cat /etc/openldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CACERTDIR /etc/openldap/certs # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on
# cat /etc/openldap/ldap.conf # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 BASE dc=laboratorio,dc=com,dc=br URI ldap://ldap.laboratorio.com.br #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CACERTDIR /etc/openldap/certs # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on
Preparando o Backend
# cp -ap /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
Alterando a permissão e contexto
# chown -R ldap:ldap /var/lib/ldap # chcon -t slapd_db_t /var/lib/ldap/DB_CONFIG
# systemctl start slapd.service
Checando o processo slapd
# ps -ef | grep slapd ldap 2326 1 0 08:59 ? 00:00:00 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// root 12024 2474 0 09:49 pts/0 00:00:00 grep --color=auto slapd
Checando a porta do slapd
# ss -nat | grep 389 LISTEN 0 128 *:389 *:* LISTEN 0 128 :::389 :::*
Gerando o hash de senha:
# slappasswd -s senha123 {SSHA}V2PXUyj03NBO2435hzeM2R6d29UEicVr
Ldif com as modificações
# mkdir /etc/openldap/ldif # cd /etc/openldap/ldif/
# cat root.ldif dn: olcDatabase={0}config,cn=config changetype: modify replace: olcRootPW olcRootPW: {SSHA}V2PXUyj03NBO2435hzeM2R6d29UEicVr
Modificando
# sed -i 's/^ $//g' root.ldif # ldapmodify -H ldapi:/// -Y EXTERNAL -f root.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "olcDatabase={0}config,cn=config"
# ldapsearch -w senha123 -x -D cn=config -b cn=config "(objectclass=olcGlobal)" -LLL dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/openldap/slapd.args olcPidFile: /var/run/openldap/slapd.pid olcTLSCACertificatePath: /etc/openldap/certs olcTLSCertificateFile: "OpenLDAP Server" olcTLSCertificateKeyFile: /etc/openldap/certs/password
# ldapsearch -w senha123 -x -D cn=config -b olcDatabase={0}config,cn=config -LLL dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth" manage by * none olcRootPW: {SSHA}V2PXUyj03NBO2435hzeM2R6d29UEicVr
# ldapsearch -wsenha123 -x -D cn=config -b olcDatabase={-1}frontend,cn=config -LLL dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend
# ldapsearch -w senha123 -x -D cn=config -b olcDatabase={1}monitor,cn=config -LLL dn: olcDatabase={1}monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none
# ldapsearch -w senha123 -x -D cn=config -b olcDatabase={2}hdb,cn=config -LLL dn: olcDatabase={2}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=my-domain,dc=com olcRootDN: cn=Manager,dc=my-domain,dc=com olcDbIndex: objectClass eq,pres olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
Para uma visão geral use esse comando
# ldapsearch -w senha123 -x -D cn=config -b cn=config -LLL
# cat base.ldif dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=admin,dc=laboratorio,dc=com,dc=br" read by * none dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=laboratorio,dc=com,dc=br - replace: olcRootDN olcRootDN: cn=admin,dc=laboratorio,dc=com,dc=br
# sed -i 's/^ $//g' base.ldif # ldapmodify -x -D cn=config -w senha123 -f base.ldif modifying entry "olcDatabase={1}monitor,cn=config" modifying entry "olcDatabase={2}hdb,cn=config"
Senha para o admin
# slappasswd -s senha123 {SSHA}ETWZJQ5rwppUgj8ZezgCjmlvls923bqY
# cat admin.ldif dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}ETWZJQ5rwppUgj8ZezgCjmlvls923bqY
# sed -i 's/^ $//g' base.ldif # ldapmodify -x -D cn=config -w senha123 -f admin.ldif modifying entry "olcDatabase={2}hdb,cn=config"
# ldapsearch -w senha123 -x -D cn=config -b olcDatabase={1}monitor,cn=config -LLL dn: olcDatabase={1}monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth" read by dn.base="cn=admin,dc=laboratorio,dc=com,dc=br" read by * no ne
# ldapsearch -w senha123 -x -D cn=config -b olcDatabase={2}hdb,cn=config -LLL dn: olcDatabase={2}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcDbDirectory: /var/lib/ldap olcDbIndex: objectClass eq,pres olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub olcSuffix: dc=laboratorio,dc=com,dc=br olcRootDN: cn=admin,dc=laboratorio,dc=com,dc=br olcRootPW: {SSHA}ETWZJQ5rwppUgj8ZezgCjmlvls923bqY
Schemas existentes:
# ldapsearch -x -D cn=config -w senha123 -b cn=schema,cn=config -LLL dn dn: cn=schema,cn=config dn: cn={0}core,cn=schema,cn=config
Para a arvore de diretório precisamos de mais três schemas:
# ldapadd -x -D cn=config -w senha123 -f /etc/openldap/schema/cosine.ldif adding new entry "cn=cosine,cn=schema,cn=config"
# ldapadd -x -D cn=config -w senha123 -f /etc/openldap/schema/inetorgperson.ldif adding new entry "cn=inetorgperson,cn=schema,cn=config"
# ldapadd -x -D cn=config -w senha123 -f /etc/openldap/schema/nis.ldif adding new entry "cn=nis,cn=schema,cn=config"
# ldapsearch -x -D cn=config -w senha123 -b cn=schema,cn=config -LLL dn dn: cn=schema,cn=config dn: cn={0}core,cn=schema,cn=config dn: cn={1}cosine,cn=schema,cn=config dn: cn={2}inetorgperson,cn=schema,cn=config dn: cn={3}nis,cn=schema,cn=config
Senha para o administrador do LDAP
# slappasswd -h {SSHA} New password: Re-enter new password: {SSHA}p8tlsGNq6Wv/BSpybPQN2n/7XHY6tNAN
# cat arvore.ldif dn: dc=laboratorio,dc=com,dc=br objectClass: top objectClass: dcObject objectClass: organization o: laboratorio.com.br dc: laboratorio dn: cn=admin,dc=laboratorio,dc=com,dc=br objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword: {SSHA}p8tlsGNq6Wv/BSpybPQN2n/7XHY6tNAN dn: o=matriz,dc=laboratorio,dc=com,dc=br o: matriz objectClass: organization objectClass: top dn: o=filial,dc=laboratorio,dc=com,dc=br o: filial objectClass: organization objectClass: top dn: ou=Grupos,o=matriz,dc=laboratorio,dc=com,dc=br ou: Usuarios objectClass: organizationalUnit objectClass: top dn: ou=Grupos,o=filial,dc=laboratorio,dc=com,dc=br ou: Usuarios objectClass: organizationalUnit objectClass: top dn: ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=br ou: Usuarios objectClass: organizationalUnit objectClass: top dn: ou=Usuarios,o=filial,dc=laboratorio,dc=com,dc=br ou: Usuarios objectClass: organizationalUnit objectClass: top
# sed -i 's/^ $//g' arvore.ldif # ldapadd -x -D cn=admin,dc=laboratorio,dc=com,dc=br -w senha123 -f arvore.ldif adding new entry "dc=laboratorio,dc=com,dc=br" adding new entry "cn=admin,dc=laboratorio,dc=com,dc=br" adding new entry "o=matriz,dc=laboratorio,dc=com,dc=br" adding new entry "o=filial,dc=laboratorio,dc=com,dc=br" adding new entry "ou=Grupos,o=matriz,dc=laboratorio,dc=com,dc=br" adding new entry "ou=Grupos,o=filial,dc=laboratorio,dc=com,dc=br" adding new entry "ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=br" adding new entry "ou=Usuarios,o=filial,dc=laboratorio,dc=com,dc=br"
# ldapsearch -x -b dc=laboratorio,dc=com,dc=br -LLL dn: dc=laboratorio,dc=com,dc=br objectClass: top objectClass: dcObject objectClass: organization o: laboratorio.com.br dc: laboratorio dn: cn=admin,dc=laboratorio,dc=com,dc=br objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9cDh0bHNHTnE2V3YvQlNweWJQUU4ybi83WEhZNnROQU4= dn: o=matriz,dc=laboratorio,dc=com,dc=br o: matriz objectClass: organization objectClass: top dn: o=filial,dc=laboratorio,dc=com,dc=br o: filial objectClass: organization objectClass: top dn: ou=Grupos,o=matriz,dc=laboratorio,dc=com,dc=br ou: Usuarios ou: Grupos objectClass: organizationalUnit objectClass: top dn: ou=Grupos,o=filial,dc=laboratorio,dc=com,dc=br ou: Usuarios ou: Grupos objectClass: organizationalUnit objectClass: top dn: ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=br ou: Usuarios objectClass: organizationalUnit objectClass: top dn: ou=Usuarios,o=filial,dc=laboratorio,dc=com,dc=br ou: Usuarios objectClass: organizationalUnit objectClass: top
# slapcat 56168de4 The first database does not allow slapcat; using the first available one (2) dn: dc=laboratorio,dc=com,dc=br objectClass: top objectClass: dcObject objectClass: organization o: laboratorio.com.br dc: laboratorio structuralObjectClass: organization entryUUID: 925672fa-021d-1035-9a38-13f3c3b06d98 creatorsName: cn=admin,dc=laboratorio,dc=com,dc=br createTimestamp: 20151008153247Z entryCSN: 20151008153247.311086Z#000000#000#000000 modifiersName: cn=admin,dc=laboratorio,dc=com,dc=br modifyTimestamp: 20151008153247Z dn: cn=admin,dc=laboratorio,dc=com,dc=br objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9cDh0bHNHTnE2V3YvQlNweWJQUU4ybi83WEhZNnROQU4= structuralObjectClass: organizationalRole entryUUID: 92613730-021d-1035-9a39-13f3c3b06d98 creatorsName: cn=admin,dc=laboratorio,dc=com,dc=br createTimestamp: 20151008153247Z entryCSN: 20151008153247.381650Z#000000#000#000000 modifiersName: cn=admin,dc=laboratorio,dc=com,dc=br modifyTimestamp: 20151008153247Z dn: o=matriz,dc=laboratorio,dc=com,dc=br o: matriz objectClass: organization objectClass: top structuralObjectClass: organization entryUUID: 9263a754-021d-1035-9a3a-13f3c3b06d98 creatorsName: cn=admin,dc=laboratorio,dc=com,dc=br createTimestamp: 20151008153247Z entryCSN: 20151008153247.397627Z#000000#000#000000 modifiersName: cn=admin,dc=laboratorio,dc=com,dc=br modifyTimestamp: 20151008153247Z dn: o=filial,dc=laboratorio,dc=com,dc=br o: filial objectClass: organization objectClass: top structuralObjectClass: organization entryUUID: 92645da2-021d-1035-9a3b-13f3c3b06d98 creatorsName: cn=admin,dc=laboratorio,dc=com,dc=br createTimestamp: 20151008153247Z entryCSN: 20151008153247.402297Z#000000#000#000000 modifiersName: cn=admin,dc=laboratorio,dc=com,dc=br modifyTimestamp: 20151008153247Z dn: ou=Grupos,o=matriz,dc=laboratorio,dc=com,dc=br ou: Usuarios ou: Grupos objectClass: organizationalUnit objectClass: top structuralObjectClass: organizationalUnit entryUUID: 9264f2a8-021d-1035-9a3c-13f3c3b06d98 creatorsName: cn=admin,dc=laboratorio,dc=com,dc=br createTimestamp: 20151008153247Z entryCSN: 20151008153247.406111Z#000000#000#000000 modifiersName: cn=admin,dc=laboratorio,dc=com,dc=br modifyTimestamp: 20151008153247Z dn: ou=Grupos,o=filial,dc=laboratorio,dc=com,dc=br ou: Usuarios ou: Grupos objectClass: organizationalUnit objectClass: top structuralObjectClass: organizationalUnit entryUUID: 92675264-021d-1035-9a3d-13f3c3b06d98 creatorsName: cn=admin,dc=laboratorio,dc=com,dc=br createTimestamp: 20151008153247Z entryCSN: 20151008153247.421666Z#000000#000#000000 modifiersName: cn=admin,dc=laboratorio,dc=com,dc=br modifyTimestamp: 20151008153247Z dn: ou=Usuarios,o=matriz,dc=laboratorio,dc=com,dc=br ou: Usuarios objectClass: organizationalUnit objectClass: top structuralObjectClass: organizationalUnit entryUUID: 9267fc96-021d-1035-9a3e-13f3c3b06d98 creatorsName: cn=admin,dc=laboratorio,dc=com,dc=br createTimestamp: 20151008153247Z entryCSN: 20151008153247.426024Z#000000#000#000000 modifiersName: cn=admin,dc=laboratorio,dc=com,dc=br modifyTimestamp: 20151008153247Z dn: ou=Usuarios,o=filial,dc=laboratorio,dc=com,dc=br ou: Usuarios objectClass: organizationalUnit objectClass: top structuralObjectClass: organizationalUnit entryUUID: 9268b58c-021d-1035-9a3f-13f3c3b06d98 creatorsName: cn=admin,dc=laboratorio,dc=com,dc=br createTimestamp: 20151008153247Z entryCSN: 20151008153247.430761Z#000000#000#000000 modifiersName: cn=admin,dc=laboratorio,dc=com,dc=br modifyTimestamp: 20151008153247Z