Since we already defined the admin Bind DN, simply enter the password and login;. Enter name of the group, which in this case we set it to be same as the uid of the user we are going to create. If you noticed, the group is autopopulated. If you want any other users to be part of the group, select their usernames.
Click Create Object once done and commit the changes. Once you have a user group created, proceed to create the user account. Select the Generic: User Account template for creating user object. If you need to verify if the password matches the pasted hash, click check password. When you set the password, select ssha and paste the hash above as the password.
Note, to be able to have bash among the shell options, edit the posixAccount creation template and add bash option by running the command;. Now, its time to initialize the LDAP database.
First, you need to copy given example schema to a another working directory. Next, go into the directory where we generate the Certificate in above step. Then apply basic security. Its time to add the details that govern our LDAP service. You should take a note on the domain because LDAP always binds to a domain once built. Finally, we will need to setup a base to work with LDAP service. During the installation, you will be asked to select and confirm an administrator password for LDAP.
The reason for this is that while the package has the ability to ask a lot of important configuration questions, these are skipped over in the installation process.
We can gain access to all of the prompts though by telling our system to reconfigure the package:. There are quite a few new questions that will be asked as you go through this process. Although it is very possible to administer LDAP through the command line, most users will find it easier to use a web interface. This should install the administration interface, enable the necessary Apache virtual hosts files, and reload Apache. The web server is now configured to serve your application, but we will make some additional changes.
We need to configure phpLDAPadmin to use the domain schema we configured for LDAP, and we are also going to make some adjustments to secure our configuration a little bit. Now that the package is installed, we need to configure a few things so that it can connect with the LDAP directory structure that was created during the OpenLDAP configuration stage.
In this file, we need to add the configuration details that we set up for our LDAP server. This parameter should reflect the way you plan on accessing the web interface:.
Remember, in our example we selected test. We need to translate this into LDAP syntax by replacing each domain component everything not a dot into the value of a dc specification.
All this means is that instead of writing test. We should find the parameter that sets the server base parameter and use the format we just discussed to reference the domain we decided on:.
This is correct. We just need to adjust the dc portions again, just as we did above:. The last thing that we need to adjust is a setting that control the visibility of warning messages.
By default phpLDAPadmin will throw quite a few annoying warning messages in its web interface about the template files that have no impact on the functionality. This is the last thing that we need to adjust. You can save and close the file when you are finished.
We just need to secure the external connection to our browser when we connect. To do this, we just need to set up a self-signed SSL certificate that our server can use. This will not help us validate the identity of the server, but it will allow us to encrypt our messages.
The OpenSSL packages should be installed on your system by default. First, we should create a directory to hold our certificate and key:. You will have to answer some questions in order for the utility to fill out the fields in the certificate correctly. The only one that really matters is the prompt that says Common Name e. We also want to password protect our phpLDAPadmin location. Editor's Picks.
The best programming languages to learn in Check for Log4j vulnerabilities with this simple-to-use script. TasksBoard is the kanban interface for Google Tasks you've been waiting for. Paging Zefram Cochrane: Humans have figured out how to make a warp bubble.
Show Comments. Hide Comments.
0コメント