pudgecon / pudgecon.github.com Goto Github PK
View Code? Open in Web Editor NEWwww.pudgecon.com
www.pudgecon.com
$ sudo apt-get udpate
$ sudo apt-get install slapd ldap-utils
$ cat backend.ldif
# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb.la
# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=example,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: password
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read
$ cat organization.ldif
# Create top-level object in domain
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Exmaple
dc: example
description: Comtech LDAP Configuration
# Admin user.
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: password
dn: ou=users,dc=example,dc=com
objectClass: organizationalUnit
ou: users
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
dn: uid=bill,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: bill
sn: Chu
givenName: Bill
cn: Bill Chu
displayName: Bill Chu
uidNumber: 1000
gidNumber: 10000
userPassword: password
gecos: Bill Chu
loginShell: /bin/bash
homeDirectory: /home/bill
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: [email protected]
l: Cardiff
o: Comtech
title: System Administrator
postalAddress:
initials: BC
dn: cn=example,ou=groups,dc=example,dc=com
objectClass: posixGroup
cn: comtech
gidNumber: 10000
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif
$ sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f organization.ldif
$ sudo apt-get install proftpd-mod-ldap
$ vi /etc/proftpd/modules.conf
$ vi /etc/proftpd/proftpd.conf
$ vi /etc/proftpd/ldap.conf
<IfModule mod_ldap.c>
LDAPServer ldap://192.168.1.100/??sub
LDAPBindDN "cn=admin,dc=example,dc=com" "adminPassword"
LDAPUsers ou=users,dc=example,dc=com (uid=%u)
LDAPForceDefaultGID on
LDAPForceDefaultUID on
# proftpd uid & gid
# $ id proftpd
LDAPDefaultGID 65534
LDAPDefaultUID 107
# 设置用户的主目录。设置为 /home/ftp 作为 LDAP 用户登录的主目录 注意:要事先创建 /home/ftp 目录,并正确授>
LDAPGenerateHomedir on
# $ sudo mkdir /home/ftp
# $ sudo chown proftpd:nogroup /home/ftp
LDAPGenerateHomedirPrefix /home/ftp
LDAPForceGeneratedHomedir on
# 在用户主目录下,创建用户个人目录。如果设置为 on,则所有用户共享同一主目录
LDAPGenerateHomedirPrefixNoUsername off
# 如果用户主目录不存在,创建它
CreateHome on
</IfModule>
sudo mkdir /home/username
sudo chown proftpd:nogroup /home/username
in /etc/proftpd/ldap.conf
:
LDAPForceDefaultUID on
LDAPForceDefaultGID on
LDAPDefaultUID 106 # uid of user proftpd
LDAPDefaultGID 65534
$ sudo apt-get install proftpd-mod-vroot
$ vi /etc/proftpd/modules.conf
LoadModule mod_vroot.c
$ vi /etc/proftpd/proftpd.conf
Include /etc/proftpd/virtuals.conf
$ vi /etc/proftpd/virtuals.conf
<IfModule mod_vroot.c>
VRootEngine on
DefaultRoot ~
VRootAlias /home/ftp/swap ~/swap
</IfModule>
$ service proftpd restart
https://help.ubuntu.com/lts/serverguide/openldap-server.html#openldap-server-logging
Logging
Activity logging for slapd is indispensible when implementing an OpenLDAP-based solution yet it must be manually enabled after software installation. Otherwise, only rudimentary messages will appear in the logs. Logging, like any other slapd configuration, is enabled via the slapd-config database.
OpenLDAP comes with multiple logging subsystems (levels) with each one containing the lower one (additive). A good level to try is stats. The slapd-config man page has more to say on the different subsystems.
Create the file logging.ldif with the following contents:
dn: cn=config
changetype: modify
add: olcLogLevel
olcLogLevel: stats
Implement the change:
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif
This will produce a significant amount of logging and you will want to throttle back to a less verbose level once your system is in production. While in this verbose mode your host's syslog engine (rsyslog) may have a hard time keeping up and may drop messages:
rsyslogd-2177: imuxsock lost 228 messages from pid 2547 due to rate-limiting
You may consider a change to rsyslog's configuration. In /etc/rsyslog.conf, put:
# Disable rate limiting
# (default is 200 messages in 5 seconds; below we make the 5 become 0)
$SystemLogRateLimitInterval 0
And then restart the rsyslog daemon:
sudo service rsyslog restart
sudo vi /opt/opendj/config/http-config.json
sudo /opt/opendj/bin/dsconfig set-connection-handler-prop --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword 123456 --handler-name "HTTP Connection Handler" --set enabled:true --no-prompt --trustAll
sudo /opt/opendj/bin/dsconfig set-log-publisher-prop --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword 123456 --publisher-name "File-Based HTTP Access Logger" --set enabled:true --no-prompt --trustAll
test:
curl http://bjensen:hifalutin@localhost:8080/rest2ldap/users/bjensen?_prettyPrint=true
{
"_rev" : "000000002ee3b764",
"schemas" : [ "urn:scim:schemas:core:1.0" ],
"contactInformation" : {
"telephoneNumber" : "+1 408 555 1862",
"emailAddress" : "[email protected]"
},
"_id" : "bjensen",
"name" : {
"familyName" : "Jensen",
"givenName" : "Barbara"
},
"userName" : "[email protected]",
"displayName" : "Barbara Jensen",
"manager" : [ {
"_id" : "trigden",
"displayName" : "Torrey Rigden"
} ]
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.