PU.seminar

RHEL4 LDAP 異 Chris Tsai 精 逸 練 RHCE RHCE RHCX NCLP TCSE 1

LDAP OpenLDAP OpenLDAP Outlook Express 錄 OpenLDAP Samba DC OpenLDAP Active Directory OpenLDAP Q & A 2

IP station201 RHEL4 _ 1 192.168.0.201/24 station202 RHEL4 _ 2 192.168.0.202/24 station203 Windows NT4 192.168.0.203/24 station204 Windows 2000 Srv 192.168.0.204/24 station205 Windows XP 192.168.0.205/24 station206 Windows 2003 Srv 192.168.0.206/24 server1 RHEL3 ( dns + ftp ) 192.168.0.254/24 3

LDAP OpenLDAP LDAP 歷 來 料 LDAP LDAP LDAP OpenLDAP 4

LDAP 歷 來 錄 ( Directory Access Protocol ) 量 X.500 LDAP ( Lightweight ) a.com 1 2 3 4 5 6 7 CCITT example.com X.500 7 6 5 4 3 2 1 CCITT 5

料 LDAP 料 量 料 讀 讀 錄 料 讀 更 讀 度 量 6

LDAP ( Object ) [ ] RH-7893 CE-5168 類 ( Object Class ) [ 車 料 ] 車 量 ( Schema ) [ ] 2514-9191 (02) 2514-9191 886-2-2514-9191 7

LDAP 錄 ( Directory Info Tree ) ( Distinguish Name ) ( Domain Country ) ( Organization Unit ) ( Common Name ) 8

LDAP LDAP DC=Domain Country Example Com DIT dc=example,dc=com OU=Organization Unit ou=taichung ou=taipei CN=Common Name 9 Jane ou=mis

LDAP LDIF LDAP Data Interchange Format Attribute Object Schema Object 類 DNS s Domain OU OU DC DC DN dn: cn=jane,ou=mis,ou=taichung,dc=example,dc=com objectclass: person cn: Jane sn: Lin mail: jane_lin@example.com telephonenumber: 04-23456789 10

OpenLDAP OpenSource LDAP Server Red Hat Enterprise Linux 3 bundle 11

OpenLDAP LDAP Version 2 / 3 料 12

openldap*.rpm 389/ldap://, 636/ldaps:// /etc/ldap/slapd.conf 理 rootdn 理 rootpw slappasswd 13

LDAP LDAP service ldap start LDAP chkconfig ldap on chkconfig ldap --list 14

立 LDAP 立 ldapadd -x -D cn=manager,dc=example, dc=com -W -f sample.ldif ldapsearch -x -D cn=manager,dc=example, dc=com -W ( ) ldapdelete ldapmodify ldappasswd 15

LDAP Migration Tools /usr/share/openldap/migration/*.{sh,pl} perl LDAP Administrator ( ) http://www.ldapbrowser.com/download/index.php GQ GTK+ ( ) 數 16

量 立 LDAP 利 shell-script LDAP LDAP 錄 ( ).ldif ldapsearch -x -D cn=manager,dc=example, dc=com -W > backup.ldif ldapadd -x -D cn=manager,dc=example, dc=com -W < backup.ldif 17

OpenLDAP java php 料 MySQL PostgreSQL etc. Programming Language RHEL4 18 ( bdb )

錄 錄 類 Outlook Express 錄 欄.ldif 19

異 錄 OpenLDAP 錄 RHEL4 ( station201 ) 錄 錄 Windows XP ( station205 ) Outlook Express 20

識 錄 錄 類 {, } 錄 Outlook Express 錄 欄 21

錄 LDAP.ldif ( from /etc/passwd ) MigrationTools cd /usr/share/openldap/migration/./migrate_passwd.pl /etc/passwd > pwd.ldif 22

錄 LDAP (cont. cont.) 異欄 欄 異 Outlook Express 錄欄 IP LDAP URL IPPhone comment conferenceinformation 23

錄 LDAP ( ).ldif LDIF ( UTF-8 ) iconv -f big5 -t UTF-8 -o dst.ldif src.ldif 24

錄 LDAP ( ) (cont. cont.) 立 錄 ldapadd -x -D cn=manager,dc=example, dc=com -W -f dst.ldif 25

Microsoft AD / Linux LDAP Samba s daemon ( winbind NTLM ) AD4UNIX / MS-SFU ( Service For UNIX ) LDAP AD Kerberos 26

異 錄 Samba PDC LDAP Red Hat Enterprise Linux 4 ( station201; Samba PDC ) 錄 Windows XP ( station205 ) WinXP 27

整合 Samba 擔綱 DC 架構 2 本機驗證資源 1 3 OpenLDAP 28 加入 Domain 目錄驗證資源 Samba 4 取得驗證資源

Samba PDC 參 1. Samba PDC Windows Series Samba ( Join Domain ) 2. Samba 令 smbpasswd smb.conf LDAP passdb backend = ldapsam:ldap://192.168.0.# 3. 利 Samba PDC 參 4. Windows Samba PDC Samba 29

1. Samba OpenLDAP PDC OpenLDAP Samba NTLM ( 說 /usr/share/doc/ ) Include /etc/openldap/schema/samba.schema slapd.conf 理 Samba rootdn "cn=manager,o=samba,dc=example,dc=com" LDAP 理 #smbpasswd -w secret ( secret slapd.conf 理 ) 30

2. Samba Samba sambaacctflags #ldapsearch -x -D grep -i sambaacctflags Samba 錄 #ldapadd -x -D cn=manager,o=samba,dc=example,dc=com -w < sample.ldif ( ) Samba #smbpasswd -a username ( username 錄 ) sambaacctflags 31

3. Samba PDC Samba security = user domain master = yes preferred master = yes domain logons = yes Samba OpenLDAP ldap suffix = "dc=example,dc=com" ldap admin dn = "cn=manager,o=samba,dc=example,dc=com"... 32

4. XP Samba DC XP > 滑 > > 更 > 33 ( ) > EXAMPLE > XP Samba DC 路 > > \\192.168.0.201\ > share ( ) Samba DC #system-config-printer ( ) XP Samba DC

PAM PAM_LDAP 192.168.0.201 OpenLDAP Client Library NSS_LDAP nsswitch AD 料 192.168.0.206 34

異 錄 Microsoft DC AD Win2003 Server ( station206 ) 錄 Red Hat Enterprise Linux 4 RHEL4 ( AD ) telnet-server [ telnet-server ] RHEL4 ( telnet ) telnet 192.168.0.201 [ Win2003 ] 35

DC AD ( ) Microsoft DC C:\>dcpromo AD Schema AD4UNIX ( MKSADPlugins.msi ) Win2003 36

DC AD ( ) (cont. cont.) Linux OpenLDAP ( 1 ) LDAP AD 異 /etc/ldap.conf 37

DC AD ( ) (cont. cont.) Linux OpenLDAP ( 2 ) DC authconfig 38

DC AD ( ) (cont. cont.) Linux OpenLDAP ( 3 ) DC authconfig 39

OpenLDAP Mail Server ( Sendmail ) Web Server ( Apache ) KDC Server ( Kerberos ) Microsoft NT Series ( 2000 2003 ) 40

參 http://edu.uuu.com.tw/ LDAP 類 參 http://ldap.akbkhome.com OpenLDAP http://www.openldap.org/doc/admin22/ http://www.openldap.org/faq/data/cache/1.html 41

參 (cont. cont.) SFUv3 http://www.microsoft.com/technet/interopmig ration/unix/sfu/default.mspx AD4Unix http://ad4unix.sourceforge.net 42

RHCA RHS333 Security Network Service RH401 Deployment & System Management RH423 Directory Services & Authentication ( URH063 ) RH436 Storage Management RH442 System Monitoring & Performance Tuning 43

Red Hat Certified Architect RHCA ( ) RHCE 理 ( ) 44

45 Q & A

46 Thank You!