From 8081a5520a441b43a8a7a73f3a90c7aacfaa8e10 Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Sun, 24 Feb 2019 21:05:27 +0100 Subject: Move everything one level up --- kpov_judge/tasks/ldap_search/howtos/en/index.html | 74 ----------------------- 1 file changed, 74 deletions(-) delete mode 100644 kpov_judge/tasks/ldap_search/howtos/en/index.html (limited to 'kpov_judge/tasks/ldap_search/howtos/en/index.html') diff --git a/kpov_judge/tasks/ldap_search/howtos/en/index.html b/kpov_judge/tasks/ldap_search/howtos/en/index.html deleted file mode 100644 index 31bb1e9..0000000 --- a/kpov_judge/tasks/ldap_search/howtos/en/index.html +++ /dev/null @@ -1,74 +0,0 @@ - - - - ldap_search - - - - -

ldap_search

-

Purpose of the exercise

-

How to setup a LDAP Server, to add entries to a LDAP Server, and to change users' rights to be able to add entries and change the attributes of entries.

- -

How To

- -
    -
  1. Create two virtual machines, SimpleArbiterDhcpGWLDAP(simpleArbiterDhcpGWLDAP.vdi) and LDAPServer(student-LDAPServer.vdi). -
    No img
    2. -
    -
  2. Change the network settings to both virtual machines. SimpleArbiterDhcpGWLDAP: Adapter 1 is set to "NAT" for internet access and - adapter 2 to "internal network" for local network. LDAPServer: Adapter 1 set to "internal network" sot that it is in the same internal network as SimpleArbiterDhcpGWLDAP. -
    No img -
    No img -
    No img
    3. -
    -
  3. In SimpleArbiterDhcpGWLDAP log in as user "tester", in LDAPServer log in as user "root", run the command "apt-get update" to update the list of packages and - open up another terminal by pressing "ALT+F2" and log in as user "student".
    4. -
    -
  4. In LDAPServer run the command "apt-get install slapd ldap-utils" to install these packages which are the LDAP server and tools to access and manage the LDAP server. -
    During the LDAP server installation you'll have to provide the password for the user "admin", the administrator of the server and confirm the password chosen.
    5. -
    -
  5. Configure the LDAP server by choosing the appropriate domain name and other configuration parameters. Execute the commmand "dpkg-reconfigure slapd". -
    No img -
    No img -
    No img -
    No img -
    No img -
    No img -
    No img -
    No img -
    a) If you will configure the "slapd" again don't forget to remove the old database "rm -rf /var/backups/unknown-2.4.44+dfsg-2.ldapdb".
    6. -
    -
  6. Now that the LDAP server is configured for use, try to open a third console and log in as user "student" and execute the command "ldapsearch -D cn=admin,dc=ceres-20,dc=kpov, - dc=lusy,dc=fri,dc=uni-lj,dc=si -W -b dc=ceres-20,dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si", which will show the entries in the server. -
    Because you will be using a lot the domain name to access the LDAP server you can set the environment variable "D", which will allow for quicker typing of commands. -
    "export D=dc=ceres-20,dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si" -
    "ldapsearch -D cn=admin,$D -wvaje -b $D"
    7. -
    -
  7. Create the file(LDIF format) "users.ldif" which will contain the objects(users) that we want to add to the LDAP server database. -
    No img -
    Execute the following command to add users to the LDAP server: -
    "ldapadd -D cn=admin,$D -wvaje -f users.ldif" -
    Add password to the users added to the LDAP server: -
    "ldappasswd -D cn=admin,$D -wvaje -sj2531e cn=ninavidmar,ou=users,$D" -
    "ldappasswd -D cn=admin,$D -wvaje -scTyRM0 cn=natalijaribnikar39,ou=users,$D" -
    Execute command "ldapsearch -D cn=natalijaribnikar39,ou=users,$D -wcTyRM0 -b $D" to bind to the LDAP server with the newly added user "natalijaribnikar39" and to see the entries currently in the LDAP server. -
    No img
    8. -
    -
  8. In order to change the users' rights settings, which allows a user to add entries to the directory and change values of attributes of entries in the directory you need to create an additional file acl.ldif: -
    To see which backend database is used and other settings related to the users' rights execute command "ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config" as root user in the system, which does not need the user authentication to the LDAP server. -
    No img -
    The settings in the acl.ldif file: -
    No img -
    Now to change users' rights run the command "ldapmodify -Y EXTERNAL -H ldapi:/// -f acl.ldif" as user "root" in the system.
    9. -
    -
  9. The user "natalijaribnikar39" has the right to add or change objects in the LDAP server. -
    Now try to bind to the LDAP server using "natalijaribnikar39" user's credentials and add a new user to the server directory. -
    "ldapadd -D cn=natalijaribnikar39,ou=users,$D -wcTyRM0 -f newuser.ldif"
    10. -
    -
  10. Now to test your result go to the SimpleArbiterDhcpGWLDAP virtual machine and run "./test_task.py" to run the test and see your score. -
    No img
    11. - -
- - -- cgit v1.2.1