LDAP as Auth server for Users ---- With SSH and SVNThis HOW TO belongs to those, who have some funda about LDAP, SVN, Apache
Prepare LDAP Server:
yum install openldap{,-clients,-devel,} nss_ldap
make a host map in host file
in my case IP i used was,
192.168.1.3 directory.domain.com
root# slappasswd
pass:
confirm:
{SSHA}AuOU1S01Nj+gQ9FIHf8gCompENETugiT
vi /etc/openldap/slapd.conf
here in this file, you have to provide rootdn and ldap root password in SSHA (for ex. {SSHA}AuOU1S01Nj+gQ9FIHf8gCompENETugiT)
edit this section:
In my case i chose the domain "directory.domain.com"
database bdb
suffix "dc=directory,dc=domain,dc=com"
rootdn "cn=Manager,dc=directory,dc=domain,dc=com"
rootpw {SSHA}AuOU1S01Nj+gQ9FIHf8gCompENETugiT
directory /var/lib/ldap
Now start the ldap service.
service ldap start
now create some entry of root DN ldap database:
create a file by the name of "init.ldif" (file name not compulsary)
and append these:
dn: cn=Manager,dc=directory,dc=domain,dc=com
ou: People
description: All People in Organisation
objectClass: organizationalUnit
dn: ou=People,dc=directory,dc=domain,dc=com
ou: People
objectclass: organizationalUnit
dn: ou=Groups,dc=directory,dc=domain,dc=com
ou: Groups
description: All People in Organisation
objectClass: organizationalUnit
Now add these in ldap database:
ldapadd -x -D "cn=Manager,dc=directory,dc=domain,dc=com" -W -f init.ldif
it will ask for the rootdn passwd, provide that
Now import any user from linux passwd file
# useradd manish
# passwd manish
# grep manish /etc/passwd > passwd.manish
# /usr/share/openldap/migration/migrate_passwd.pl passwd.manish manish.ldif
ldapadd -x -D "cn=Manager,dc=directory,dc=domain,dc=com" -W -f manish.ldif
it will ask for the rootdn passwd, provide that
Ldap Test on server:
ldapsearch -x -b "dc=directory,dc=domain,dc=com"
Now setup the clients for authentication:
Linux Clients will need following packages:
yum install nss_ldap openldap-clients
Now run this command to enable Ldap authentication:
authconfig --useshadow --usemd5 --enableldap --enableldapauth --ldapserver=directory.domain.com --ldapbasedn="dc=directory,dc=domain,dc=com" --enablemkhomedir --updateall
and that's it.
Test Ldap server for auth:
1: ldapsearch -x (if successful the also run 2 one)
2: getent passwd | grep manish (though the user manish do not exists in client system, you shoukd get answer for this)
2: ssh -l manish 192.168.1.3
after provide the passwd, you should be able to login in as User manish, after that run this command to make sure u have got ur login home:
# pwd
/home/manish
For SVN Auth:
DAV svn
SVNPath /usr/local/svn/infra
SVNIndexXSLT http://192.168.1.4/svn/svnindex.xsl
AuthzSVNAccessFile /usr/local/svn/access/control
AuthName "Restricted"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://directory.domain.com:389/ou=People,dc=directory,dc=domain,dc=com?uid?sub?(objectClass=*)
AuthLDAPBindDN "cn=Manager,dc=directory,dc=domain,dc=com"
AuthLDAPBindPassword "rootdn_passwd"
require valid-user
For trac :
<Location "/trac/delta/login">
AuthType Basic
AuthName "Delta Trac LDAP Authentication"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://directory.domain.com:389/ou=People,dc=directory,dc=domain,dc=com?uid?sub?(objectClass=*)
AuthLDAPGroupAttribute memberUid
require valid-user
require ldap-group cn=Manager,ou=People,dc=directory,dc=domain,dc=com
No comments:
Post a Comment