Sie sind auf Seite 1von 15

OpenLDAP

Deixar um comentário
Ir para os comentários

*******************************************************************************
Instalar e Configurar o OpenLDAP Server no Debian 4.0 (Etch)
Criado por: Alessandro C. M. Kuramoto
Data: 25/06/2009
Modificado em: 18/04/2010-23:40
v.20100418-23:40
Palavras-chaves: OpenLDAP, LDAP, Autenticando o Linux
Por favor, matenham o nome do autor deste arquivo.
*******************************************************************************
http://pt.wikipedia.org/wiki/EOF
############################################################################
###
# Avisos!!!
############################################################################
###
http://memovirtual.worpress.com
## Atenção no site memovirtual:
## As opções passadas com – - (menos,menos) no site podem ter ficado
## com um — (travessão), assim use o “man” para confirmar a opção utilizada
## Desculpem-me pelos erros de português, mas vocês sabem…
## nossa lingua é fácil … e às vezes ao escrever o pensamento está
## lá na frente, enquanto que a digitação…
|##########^ Avisos!!! #######################################################|
############################################################################
###
# Ver Também:
############################################################################
###
## MemoVirtual:
PAM
|##########^ Ver Também
######################################################|
############################################################################
###
# Temp:
############################################################################
###
ESTUDAR SUDO no OpenLDAP:
http://www.gentoo-wiki.info/HOWTO_LDAP_auth_and_SUDO
http://www.secure-computing.net/wiki/index.php/OpenLDAP/sudo
Bom:
http://www.michael-hammer.at/blog/ldap_sudo/
http://www.gratisoft.us/sudo/readme_ldap.html
ESTUDA O SSH no OpenLDAP:
## Directory:
http://directory.fedoraproject.org/
VER:
https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html
|##########^ Temp
############################################################|
############################################################################
###
# Servidor:
############################################################################
###
SO: Debian 4.0 Etch
Servidor: OpenLDAP Server
Serviço:
Instalação básica (modo texto).
RAM
Swap
/boot
/
/usr
/var
############################################################################
###
# Conceitos:
############################################################################
###
|##########^ Conceitos #######################################################|
############################################################################
###
# Instalando um Servidor OpenLDAP:
############################################################################
###
## Para instalar o servidor de OpenLDAP e o cliente OpenLDAP:
sudo apt-get install ldap-server ldap-client
#### Debian 5.0 Lenny
### Que de fato deve ser:
## (Fonte: http://www.debianhelp.co.uk/ldap.htm)
sudo apt-get install slapd ldap-utils
#> Será solicitado a senha para o adim do OpenLDAP
|#########^ Instalando o OpenLDAP ############################################|
############################################################################
###
# Arquivos de Configuração:
############################################################################
###
|#########^ Arquivos de Configuração##########################################|
############################################################################
###
# Configurando o Servidor de OpenLDAP:
############################################################################
###
========================================================================
=======
Configuração Geral – Explicação:
========================================================================
=======
Our OpenLDAP server is already running, so let’s first configure /etc/ldap/ldap.conf, a common
configuration file for all LDAP clients. This will allow us to run ldapsearch and other commands
without having to list all the basic parameters by hand each time.
vim /etc/ldap/ldap.conf
____________________________________________________________________________
___
SO: Debian 5.0 Lenny
Arquivo: /etc/ldap/ldap.conf (Permissões: -rw-r–r– 1 root root)
————————————————————————-
.
..

#>>>> Modificado:
BASE dc=dominio,dc=com,dc=br
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#>>>> Modificado:
URI ldap://10.161.1.14

..
.
|———-^ Arquivo: /etc/ldap/ldap.conf ———————————–|
|<<<<<<<<<<<<<< #### Configurando o Servidor de OpenLDAP ####
vim /etc/ldap/slapd.conf
____________________________________________________________________________
___
SO: Debian 5.0 Lenny
Arquivo: /etc/ldap/slapd.conf (Permissões: -rw-r—– 1 root openldap)
————————————————————————-
.
..

### Nível de detalhes do Log:
loglevel 256
### Iremos configurar qual é a base padrão para pesquisas, para isto:
# The base of your directory in database #1
#>>>> Modificado:
suffix “dc=dominio,dc=com,dc=br”
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
#>>>> Modificado:
rootdn “cn=admin,dc=dominio,dc=com,dc=br”

..
.
|———-^ Arquivo: /etc/ldap/slapd.conf ———————————–|
|<<<<<<<<<<<<<< #### Configurando o Servidor de OpenLDAP ####
———————————————————–
### Erro:
adding new entry “ou=grupos,dc=testdomain,dc=net,dc=br”
ldap_add: Naming violation (64)
additional info: value of naming attribute ‘ou’ is not present in entry
## Este erro aconteceu pelo erro do nome do grupo em “ou”:
dn: ou=grupos,dc=testdomain,dc=net,dc=br
ou: grupo
objectClass: organizationalUnit
———————————————————–
———————————————————–
### Erro:
adding new entry “ou=empresa,dc=testdomain,dc=net,dc=br”
ldap_add: Already exists (68)
## Este erro aconteceu porque a OU empresa já existia
———————————————————–
|#########^ Configurando o Servidor de OpenLDAP ##############################|
############################################################################
###
# Administrando o Servidor de OpenLDAP:
############################################################################
###
========================================================================
=======
Criando Contas de Usuários:
========================================================================
=======
Criar um arquivo LDIF:
vim usuario.ldif
____________________________________________________________________________
___
Arquivo: usuario.ldif
————————————————————————-
## DN do grupo
dn: cn=administradores,ou=empresa,dc=testdomain,dc=net,dc=br
cn: administradores
gidNumber: 20000
objectClass: top
objectClass: posixGroup
dn: uid=alessandro,ou=empresa,dc=testdomain,dc=net,dc=br
uid: alessandro
uidNumber: 20000
gidNumber: 20000
cn: Alessandro
sn: Alessandro
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
loginShell: /bin/false
homeDirectory: /home/alessandro
|———-^ Arquivo: usuario.ldif ———————————–|
|<<<<<<<<<<<<<< #### Administrando o Servidor de OpenLDAP ####
## Executar o comando para criar o usuário e grupos:
ldapadd -c -x -D cn=admin,dc=testdomain,dc=net,dc=br -W -f /root/usuario.ldif
Enter LDAP Password:
adding new entry “cn=administradores,ou=empresa,dc=testdomain,dc=net,dc=br”
adding new entry “uid=alessandro,ou=empresa,dc=testdomain,dc=net,dc=br”
ldapsearch -x alessandro
ldapsearch -LLLx empresa
### Opções Gerais:
# -b – caminho onde quer consultar (Base DN)
# -H – servidor LDAP
# -L – pesquisa mais “enxuta”, retira as informações desnecessárias
# -x – usa a autenticação simples ao invés de usar SASL
|<<<<<<<<<<<<<< #### Administrando o Servidor de OpenLDAP ####
ldapsearch -x -H ldap://10.161.1.14 -LLL -b ou=empresa,dc=testdomain,dc=net,dc=br
cn=alessandro
ldapsearch -x -H ldap://ldap.dominio.net.br -LLL -b ou=empresa,dc=dominio,dc=net,dc=br
cn=*Kuramoto*
## Erro:
adding new entry “cn=administradores,ou=grupo,ou=empresa,dc=testdomain,dc=net,dc=br”
ldap_add: No such object (32)
# A OU grupo especificada no arquivo LDIF não existia
|<<<<<<<<<<<<<< #### Administrando o Servidor de OpenLDAP ####
ldappasswd -x -D cn=admin,dc=testdomain,dc=net,dc=br -W -S
uid=alessandro,ou=empresa,dc=testdomain,dc=net,dc=br
|<<<<<<<<<<<<<< #### Administrando o Servidor de OpenLDAP ####
### Opções Gerais:
# -b – caminho onde quer consultar (Base DN)
# -H – servidor LDAP
# -L – pesquisa mais “enxuta”, retira as informações desnecessárias
# -W – para solicitar a senha
# -x – usa a autenticação simples ao invés de usar SASL
|#########^ Administrando o Servidor de OpenLDAP #############################|
## Pesquisa de usuário destro de grupos:
ldapsearch -H ldap://ldap.domino.net.br -LLL -x -b ‘ou=groups,o=dominio’ ‘cn=’grupos.nome” |
grep usuario.
Ou
## Pesquisa de usuário destro de grupos:
ldapsearch -H ldap://ldap.dominio.net.br -LLL -x -b
‘ou=Groups,ou=empresa,dc=dominio,dc=net,dc=br’ ‘cn=’grupos.nome” | grep usuario
### Opções
# -H – servidor LDAP
# -b – caminho onde quer consultar (Base DN)
# -x – usa a autenticação simples ao invés de usar SASL
ldapsearch -x -H ldap://ldap.dominio.net.br -LLL -b ou=empresa,dc=dominio,dc=net,dc=br
ldapsearch -x -H ldap://ldap.dominio.net.br -LLL -b ou=empresa,dc=dominio,dc=net,dc=br
uid=alessandro
ldapsearch -x -H ldap://ldap.dominio.net.br -LLL -b ou=empresa,dc=dominio,dc=net,dc=br
cn=*Kuramoto*
ldapsearch -x -H ldap://ldap.dominio.net.br -LLL -b ou=empresa,dc=dominio,dc=net,dc=br
givenName=*Kuramoto*
ldapsearch -x -H ldap://ldap.dominio.com.br -b
ou=groups,ou=oudodominio,dc=dominio,dc=com,dc=br cn=grupo.nome | grep usuario.usa
(Fonte: http://www.istf.com.br/vb/autenticacao-e-controle-de-acesso/13873-pesquisa-ldap-com-
o-ldapsearch.html)
# ldapsearch -x -h 10.3.7.32 -D cn=Administrator,cn=users,dc=timlig,dc=com -W -b
“cn=users,dc=timlig,dc=com” ‘(sAMAccountName=*)’
onde:
-x = autenticacao simples sem tls
-h = host ou nome do server
-D = usuario pra logar no AD
-W = senha do usuario q vai logar la
-b = caminho onde quer consultar (Base DN)
ai o SAMAAccountName=* vai me retornar todos os nomes de login la dentro!
no meu caso esse comando retornou 2 usuarios:
http://www.cesarkallas.net/arquivos/tutoriais/linux/activedirectory/AutenticarLinuxAD.html
LDAP password audit and general hackery:
http://midnightresearch.com/pages/ldap-password-audit-and-general-hackery/
tcpdump -i <if> -n -p -s65535 -w ldapsearch.pcap port 389
Como integrar o Firewall Aker com um servidor LDAP:
http://www1.aker.com.br/108/10802002.asp?ttCD_CHAVE=266
Autenticando com LDAP Suse:
pam_ldap
nss_ldap
LDAP user cannot login with GUI desktop
https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html
############################################################################
###
# Configurar Clientes para Autenticar em um Servidor OpenLDAP:
############################################################################
###
Configurar o Debian para Autenticar em um Servidor OpenLDAP
————————————————————————-
[ No Cliente ]
|
(Fonte: https://help.ubuntu.com/community/LDAPClientAuthentication)
### Instalar
sudo apt-get update
sudo apt-get install libpam-ldap libnss-ldap nscd
———————————————————————
### Reponder às perguntas:
Configuring libnss-ldap (Digitar o endereço do servidor de OpenLDAP):
Exemplo, ldap://ldap.dominio.com.br
Distinguished name of the search base:
Exemplo: dc=dominio,dc=com,dc=br
LDAP version to use: 3
LDAP account for root: (deixar como está. Em princípio não será necessário)
LDAP root account password: (deixar como está. Em princípio não será necessário)
———————————————————————
|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
##### Name Service:
1/1 – Name Service)
vim /etc/nsswitch.conf
____________________________________________________________________________
___
SO: Debian, Ubuntu
Arquivo: /etc/nsswitch.conf (Permissões: -rw-r–r– 1 root root)
——————————————————————————
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference’ and `info’ packages installed, try:
# `info libc “Name Service Switch”‘ for information about this file.
#>>>> Adicionar ldap:
passwd: compat ldap #winbind
#passwd: compat winbind
#>>>> Adicionar ldap
group: compat ldap #winbind
#group: compat winbind
#>>>> Adicionar ldap (não é obrigatório, checar!!!)
shadow: compat ldap
#shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
|———-^ Arquivo: /etc/nsswitch.conf ————————————|
|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
##### LDAP (No Cliente):
1/1 – LDAP no Cliente)
vim /etc/pam_ldap.conf
____________________________________________________________________________
___
Arquivo: /etc/pam_ldap.conf (Permissões: -rw-r–r– 1 root root)
SO: Debian, Ubuntu
——————————————————————————
.
..

#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
### Caminho para Base LDAP
# The distinguished name of the search base.
base dc=dominio,dc=com,dc=br
#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
### Servidor do OpenLDAP
# Another way to specify your LDAP server is to provide an
uri ldap://ldap.dominio.com.br
#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
## Versão do OpenLDAP
# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3
#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
### Filtro PAM Adicionado:
# Filter to AND with uid=%s
#pam_filter objectclass=account
pam_filter | (&(loginShell=/bin/bash))
# Do not hash the password at all; presume
# the directory server will do it, if
# necessary. This is the default.
pam_password crypt

..
.
|———-^ Arquivo: /etc/pam_ldap.conf ————————————|
|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
##### PAM (No Cliente):
1/4 – PAM no Cliente)
vim /etc/pam.d/common-account
____________________________________________________________________________
___
SO: Debian, Ubuntu
Arquivo: /etc/pam.d/common-account (Permissões: -rw-r–r– 1 root root)
——————————————————————————
#
# /etc/pam.d/common-account – authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
### Linha adicionada:
## config=/etc/pam_ldap.conf – indica o arquivo de configuração do LDAP
## normalmente o arquivo padrão é o /etc/ldap.conf
account sufficient pam_ldap.so config=/etc/pam_ldap.conf
#account sufficient pam_ldap.so
account required pam_unix.so
|———-^ Arquivo: /etc/pam.d/common-account ——————————|
|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
2/4 – PAM no Cliente)
vim /etc/pam.d/common-auth
____________________________________________________________________________
___
SO: Debian, Ubuntu
Arquivo: /etc/pam.d/common-auth (Permissões: -rw-r–r– 1 root root)
——————————————————————————
#
# /etc/pam.d/common-auth – authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
### Linha Adicionada:
### Linha para realizar autenticação no OpenLDAP, ver arquivos:
### common-account e common-session
#auth sufficient pam_ldap.so
auth sufficient pam_ldap.so config=/etc/pam_ldap.conf
auth required pam_unix.so nullok_secure
|———-^ Arquivo: /etc/pam.d/common-auth ——————————–|
|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
3/4 – PAM no Cliente)
vim /etc/pam.d/common-password
____________________________________________________________________________
___
SO: Debian, Ubuntu
Arquivo: /etc/pam.d/common-password (Permissões: -rw-r–r– 1 root root)
——————————————————————————
#
# /etc/pam.d/common-password – password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
#used to change user passwords. The default is pam_unix
# The “nullok” option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
#
# (Add `md5′ after the module name to enable MD5 passwords)
#
# The “obscure” option replaces the old `OBSCURE_CHECKS_ENAB’ option in
# login.defs. Also the “min” and “max” options enforce the length of the
# new password.
#password sufficient pam_ldap.so
#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
auth sufficient pam_ldap.so config=/etc/pam_ldap.conf
password required pam_unix.so nullok obscure min=4 max=8 md5
# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
# (Replaces the `OBSCURE_CHECKS_ENAB’, `CRACKLIB_DICTPATH’)
#
# password required pam_cracklib.so retry=3 minlen=6 difok=3
# password required pam_unix.so use_authtok nullok md5
|———-^ Arquivo: /etc/pam.d/common-password —————————–|
|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
4/4 – PAM no Cliente)
vim /etc/pam.d/common-session
____________________________________________________________________________
___
SO: Debian, Ubuntu
Arquivo: /etc/pam.d/common-session (Permissões: -rw-r–r– 1 root root)
——————————————————————————
.
..

#>>>> Verficar se está configurado
#>>>> Se não estiver configurado adicionar/alterar
## A linha abaixo permitirá a criação do diretório do usuário no momento do
## Login
## Adicionar esta linha:
session required pam_mkhomedir.so umask=0022 skel=/etc/skel

..
.
|———-^ Arquivo: /etc/pam.d/common-session ——————————|
|
[Cliente - Fim]
|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
————————————–|
## Erro:
Mar 5 09:08:52 ns2 sshd[23971]: pam_ldap: could not open secret file /etc/pam_ldap.secret
(No such file or directory)
## Solução:
# Cria o arquivo /etc/pam_ldap.secret
————————————–|
Mar 6 15:48:44 firewall-server sshd[2784]: pam_unix(sshd:auth): authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=10.7.3.212 user=alessandro
Mar 6 15:48:47 firewall-server sshd[2784]: Failed password for alessandro from 10.7.3.212 port
34671 ssh2
|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
========================================================================
=======
Configurando o Cliente para fazer Cache das Autenticações:
========================================================================
=======
(Fonte: https://help.ubuntu.com/community/LDAPClientAuthentication)
(Fonte: https://help.ubuntu.com/community/PamCcredsHowto)
#### Option: Caching Name Service directories (Armazenar as credenciais)
#### PamCcredsHowto
## Instalando os pacotes necessários:
sudo apt-get install nss-updatedb libnss-db libpam-ccreds
##
sudo nss_updatedb ldap
No Debian 4.0 Etch está aparecendo o erro:
Failed to enumerate nameservice: Success
passwd… nameservice unavailable.
|<<<<<<<< #### Configurar Clientes para Autenticar em um Servidor OpenLDAP ####
|<<<<<<<< ==== Configurando o Cliente para fazer Cache das Autenticações ====
## Criar um script para fazer a atualização da base local:
echo ‘#!/bin/sh’ | sudo tee /etc/cron.daily/upd-local-nss-db
echo `which nss_updatedb` ldap | sudo tee -a /etc/cron.daily/upd-local-nss-db
## Configurar o arquivo /etc/nsswitch.conf:
passwd: files ldap [NOTFOUND=return] db
group: files ldap [NOTFOUND=return] db
## Configurar:
vim /etc/pam.d/common-auth
|==========^ Configurando o Cliente para fazer Cache das Autenticações =======|
|##########^ Configurar Clientes para Autenticar em um Servidor OpenLDAP #####|
############################################################################
###
# Troubleshooting
############################################################################
###
>Troubleshooting
——————————————————————————-
### Erros conhecidos:
## Questão/ Problema: (Question/Issue)
Não consegue logar via SSH e aparece o erro no log /var/log/auth.log.
## Sintoma: (Symptoms)
Não consegue logar via SSH e aparece o erro no log /var/log/auth.log:
Mar 4 11:15:07 nagios sshd[3545]: reverse mapping checking getaddrinfo for
maquina81260.dominio.com.br failed – POSSIBLE BREAK-IN ATTEMPT!
Mar 4 11:15:07 nagios sshd[3545]: User alessandro from 10.161.1.217 not allowed because
not listed in AllowUsers
Mar 4 11:15:07 nagios sshd[3545]: Failed none for invalid user alessandro from 10.161.1.217
port 47355 ssh2
Mar 4 11:15:11 nagios sshd[3545]: pam_ldap: could not open secret file /etc/pam_ldap.secret
(No such file or directory)
Mar 4 11:15:11 nagios sshd[3545]: pam_ldap: error trying to bind as user
“uid=alessandro,ou=usuarios,ou=dominio,dc=com,dc=br” (Invalid credentials)
Mar 4 11:15:11 nagios sshd[3545]: (pam_unix) authentication failure; logname= uid=0 euid=0
tty=ssh ruser= rhost=10.161.1.217 user=alessandro
Mar 4 11:15:11 nagios sshd[3545]: pam_ldap: error trying to bind as user
“uid=alessandro,ou=usuarios,ou=dominio,dc=com,dc=br” (Invalid credentials)
Mar 4 11:15:11 nagios sshd[3545]: pam_ldap: error trying to bind as user
“uid=alessandro,ou=usuarios,ou=dominio,dc=com,dc=br” (Invalid credentials)
Mar 4 11:15:14 nagios sshd[3545]: Failed password for invalid user alessandro from
10.161.1.217 port 47355 ssh2
## Causa: (Cause)
O usuário não está na diretiva AllowUsers do arquivo: /etc/ssh/sshd_config
## Solução: (Solution)
Adicione o usuário na diretiva AllowUsers do arquivo: /etc/ssh/sshd_config
|—————————————————————————–|
——————————————————————————-
### Erros conhecidos:
## Questão/ Problema: (Question/Issue)
Ao executar o comando “ls -la” no diretório raíz de um usuário, demora aparecer o resultado.
## Sintoma: (Symptoms)
- Ao executar o comando “ls -la” no diretório raíz de um usuário,
demora aparecer o resultado.;
- O usuário autenticou usando a base de dados do OpenLDAP;
- O usuário não existe no arquivo /etc/passwd;
## Causa: (Cause)
Este problema está relacionado ao GRUPO que o usuário pertence não
existir no sistema local. Ao exectuar o comando “ls -la” é mostrado
o usuário dono e grupo dono do arquivo/diretório, se o GRUPO não existir
no Sistema o resultado do comando demorará porque será feito uma consulta
no OpenLDAP e se o grupo não existir no OpenLDAP, o resultado demorará;
## Solução: (Solution)
Pesquisando.
|—————————————————————————–|
ls -lah
|##########^ Troubleshooting #################################################|
############################################################################
###
# Referências:
############################################################################
###
>Referência
|<<<<<<<<<<<<<< #### Referências ####
Configurando Linux Ubuntu 8.04 para autenticar no LDAP:
http://www.vivaolinux.com.br/artigo/Configurando-Ubuntu-Linux-8.04-para-autenticar-no-LDAP
Debian LDAP Client Setup:
http://cworld.wikidot.com/adm:debian-ldap-client-setup
LDAPClientAuthentication: (Muito bom site)
https://help.ubuntu.com/community/LDAPClientAuthentication
OpenLDAP installation on Debian:
http://www.debian-administration.org/article/OpenLDAP_installation_on_Debian
The ldapmodify Tool
http://docs.sun.com/source/816-6400-10/lmodify.html
|<<<<<<<<<<<<<< #### Referências ####
Ldap Authentication on Debian: (Muito bom site)
http://www.jukie.net/~bart/ldap/ldap-authentication-on-debian/
http://www.jukie.net/~bart/ldap/ldap-authentication-on-debian/#NSS
|<<<<<<<<<<<<<< #### Referências ####
http://www.securityfocus.com/infocus/1428
http://wiki.freaks-unidos.net/linux%20ldap%20howto
LDAP or OpenLDAP Configuration in Debian:
http://www.debianhelp.co.uk/ldap.htm
LDAP Series Part IV – Installing OpenLDAP on Debian Plus Some LDAP Commentary:
http://www.linuxjournal.com/node/1000115
Making a Debian or Ubuntu Machine an LDAP Authentication Client:
http://mcwhirter.com.au/node/25
OpenLDAP Software 2.4 Administrator’s Guide:
http://www.openldap.org/doc/admin24/
Howto setup user authentication on the LDAP server and on the Client:
http://en.opensuse.org/Howto_LDAP_userAuth
Mão na massa OpenLDAP:
http://www2.savant.com.br/index.php/eventos/mao-na-massa-openldap
MAIS:
http://www.linux-cd.com.ar/manuales/rh8.0/rhl-sg-en-8.0/s1-wstation-privileges.html
|#########^ Referências ######################################################|
## Para ver a versão do Suse:
yast2
Network Services > LDAP Client
Pacotes necessários:
yast2-slp
pam_ldap
nss_ldap
zypper sa -t nomedorepositório.
zypper addrepo http://packman.iu-bremen.de/suse/10.3/ ‘Packman Repository’
VER:
http://mirrors.uol.com.br/pub/opensuse/update/10.3/
ftp5.gwdg.de/pub/opensuse/repositories/YaST:/Backport/openSUSE_10.3/i586/yast2-slp-
2.16.0-2.35.i586.rpm