Wednesday, March 17, 2010

Linux - OpenLDAP - 1

LDAP note
1. Là một hệ thống chứng thực tập trung, bao gồm user account, info, mail...

    a1. Hỗ trợ Directory Information Tree (DIT) - 1 kiểu kiến trúc dạng cây thư mục, kiểu như DNS, trong đó
        a1.1    Cung cấp DNS top level, kiểu như '.' là root cao nhất
        a1.2    Cung cấp sub-level. kiểu như abc.com.vn
    a2.    Mỗi object là duy nhất, có nhiều attributes
Open-LDAP tương tự AD trên M$ Windows, thực ra cả 2 cái này dùng chug 1 giao thức là LDAP
#######################Bây giờ bắt đầu với LDAP
1. Distinguished Names (DNs)
    Mỗi LDAP Object có 1 DN trong DIT
2. Object Class
    a. Xác định loại thuộc tính
    b. VD: ou=people là Organizational Unit group
3. Schemas - /etc/openldap/schema
    a Schemas định nghĩa object classes và attribute
4. Attributes
    a. Hỗ trợ đơn trị hoặc đa trị
#######################Cài đặt cấu hình DNS
Về lý thuyết thì không cần nhưng ta vẫn cần nó cho sau này, ( triển khai DC)
    yum install -y bind-chroot
    chmod 755 -R /var/named/
    cp /usr/share/doc/bind-9.3.6/sample/var/named/named.local /var/named/chroot/var/named/
    cp /usr/share/doc/bind-9.3.6/sample/var/named/named.root /var/named/chroot/var/named/
    cp /usr/share/doc/bind-9.3.6/sample/var/named/localhost.zone /var/named/chroot/var/named/
    touch /var/named/chroot/etc/named.conf
    chkconfig --level 35 named on
    service named start
    vim /etc/resolv.conf
        search hbn.local
        nameserver 192.168.232.100
        nameserver 192.168.232.2
    vim /var/named/chroot/etc/named.conf
options {
        directory "/var/named";

        forwarders {203.162.0.181; 203.162.0.11; 210.245.0.11; 210.245.0.58; 208.67.222.222; 208.67.220.220; 8.8.8.8; 8.8.4.4;};
};

zone "." IN {
        type hint;
        file "named.root";
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
};

zone "232.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.232.0.db";
};

zone "hbn.local" {
        type master;
        file "hbn.local";
};
    cd /var/named/chroot/var/named/
file 192.168.232.0.db
$TTL    86400
@       IN      SOA     hbn.local. root.hbn.local.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
        IN      NS      ns1.hbn.local.
100       IN      PTR     dns.hbn.local.

file hbn.local
$TTL 14400
@       IN      SOA     root.hbn.local.      hostmaster.hbn.local. (
                                                2009102800
                                                14400
                                                3600
                                                1209600
                                                86400 )

       IN      NS      hbn.local.
       IN      NS      hbn.local.

ftp        IN      A       192.168.232.100
hbn.local.       IN      A       192.168.232.100
localhost          IN      A       127.0.0.1
mail       IN      A       192.168.232.100
pop        IN      A       192.168.232.100
smtp       IN      A       192.168.232.100
www        IN      A       192.168.232.100
hbn.local.      IN      MX      10 mail



hbn.local.    14400   IN      TXT     "v=spf1 a mx ip4:192.168.153.100 ~all"

#####################Cài đặt Open-LDAP
    yum -y install openldap*
  
    Update /etc/openldap/slapd.conf
        Update: suffix          "dc=my-domain,dc=com"
        TO: suffix          "dc=hbn,dc=local"
        ###Super-User Info###
        #rootdn          "cn=Manager,dc=my-domain,dc=com"
        rootdn          "cn=Manager,dc=linuxcbt,dc=internal"
        rootpw          secret
        rootpw          abc123
    vim /etc/ldap.conf
        base dc=hbn,dc=local
    vi /etc/openldap/ldap.conf
        URI ldap://127.0.0.1/
        BASE dc=hbn,dc=local
##################Test LDAP
    ###LDAP ADD
    cd /usr/share/openldap/migration
    vi migrate_common.ph
        $DEFAULT_MAIL_DOMAIN = "hbn.local";
        $DEFAULT_BASE = "dc=hbn,dc=local";
    ./migrate_base.pl > base.ldif
    vi base.ldif

        dn: dc=server-linux,dc=info
        dc: server-linux
        objectClass: top
        objectClass: domain


        dn: ou=People,dc=server-linux,dc=info
        ou: People
        objectClass: top
        objectClass: organizationalUnit


        dn: ou=Group,dc=server-linux,dc=info
        ou: Group
        objectClass: top
        objectClass: organizationalUnit
    ldapadd -x -W -D "cn=Manager,dc=hbn,dc=local" -f base.ldif
  
    ###LDAPSEARCH###
    ldapsearch -x -b "dc=hbn,dc=local" "(objectclass=*)"
  
  
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.
  
   

No comments:

Install Xposed Inspector and Frida on Genymotion

Today i had some work with android. So i need trace application. I found 2 nice tool can help me: Xposed Inspector and Frida. To setup ther...