From 8081a5520a441b43a8a7a73f3a90c7aacfaa8e10 Mon Sep 17 00:00:00 2001
From: Timotej Lazar How to setup a LDAP Server, to add entries to a LDAP Server, and to change users' rights to be able to add entries and change the attributes of entries.
-ldap_search
-Purpose of the exercise
-How To
-
-
-
-
-
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/1.png b/kpov_judge/tasks/ldap_search/howtos/images/1.png
deleted file mode 100644
index f4edca8..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/1.png and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/2.png b/kpov_judge/tasks/ldap_search/howtos/images/2.png
deleted file mode 100644
index 4d4ebb5..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/2.png and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic1.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic1.jpg
deleted file mode 100644
index fecb706..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic1.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic2.1.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic2.1.jpg
deleted file mode 100644
index 085f1cc..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic2.1.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic2.2.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic2.2.jpg
deleted file mode 100644
index cb9975c..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic2.2.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic2.3.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic2.3.jpg
deleted file mode 100644
index 1069e1a..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic2.3.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.1.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic3.1.jpg
deleted file mode 100644
index 0c00ddd..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.1.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.2.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic3.2.jpg
deleted file mode 100644
index d488e43..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.2.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.3.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic3.3.jpg
deleted file mode 100644
index 2ea916c..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.3.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.4.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic3.4.jpg
deleted file mode 100644
index 24db305..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.4.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.5.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic3.5.jpg
deleted file mode 100644
index d2ff304..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.5.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.6.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic3.6.jpg
deleted file mode 100644
index 0ab07d0..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.6.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.7.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic3.7.jpg
deleted file mode 100644
index 44ca494..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.7.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.8.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic3.8.jpg
deleted file mode 100644
index 855353b..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic3.8.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic4.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic4.jpg
deleted file mode 100644
index 4aab71d..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic4.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic5.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic5.jpg
deleted file mode 100644
index 07a60de..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic5.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic6.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic6.jpg
deleted file mode 100644
index 48c6606..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic6.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic7.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic7.jpg
deleted file mode 100644
index 58b8bdf..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic7.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/images/Pic8.jpg b/kpov_judge/tasks/ldap_search/howtos/images/Pic8.jpg
deleted file mode 100644
index c9d053e..0000000
Binary files a/kpov_judge/tasks/ldap_search/howtos/images/Pic8.jpg and /dev/null differ
diff --git a/kpov_judge/tasks/ldap_search/howtos/si/index.html b/kpov_judge/tasks/ldap_search/howtos/si/index.html
deleted file mode 100644
index 7370099..0000000
--- a/kpov_judge/tasks/ldap_search/howtos/si/index.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
During the LDAP server installation you'll have to provide the password for the user "admin", the administrator of the server and confirm the password chosen.
-
-
-
-
-
-
-
-
-
a) If you will configure the "slapd" again don't forget to remove the old database "rm -rf /var/backups/unknown-2.4.44+dfsg-2.ldapdb".
-
Because you will be using a lot the domain name to access the LDAP server you can set the environment variable "D", which will allow for quicker typing of commands.
-
"export D=dc=ceres-20,dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si"
-
"ldapsearch -D cn=admin,$D -wvaje -b $D"
-
-
Execute the following command to add users to the LDAP server:
-
"ldapadd -D cn=admin,$D -wvaje -f users.ldif"
-
Add password to the users added to the LDAP server:
-
"ldappasswd -D cn=admin,$D -wvaje -sj2531e cn=ninavidmar,ou=users,$D"
-
"ldappasswd -D cn=admin,$D -wvaje -scTyRM0 cn=natalijaribnikar39,ou=users,$D"
-
Execute command "ldapsearch -D cn=natalijaribnikar39,ou=users,$D -wcTyRM0 -b $D" to bind to the LDAP server with the newly added user "natalijaribnikar39" and to see the entries currently in the LDAP server.
-
-
To see which backend database is used and other settings related to the users' rights execute command "ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config" as root user in the system, which does not need the user authentication to the LDAP server.
-
-
The settings in the acl.ldif file:
-
-
Now to change users' rights run the command "ldapmodify -Y EXTERNAL -H ldapi:/// -f acl.ldif" as user "root" in the system.
-
Now try to bind to the LDAP server using "natalijaribnikar39" user's credentials and add a new user to the server directory.
-
"ldapadd -D cn=natalijaribnikar39,ou=users,$D -wcTyRM0 -f newuser.ldif"
- Naloga: ldap search
-Povzetek naloge
-Ustvari 2 virtualna sistema SimpleArbiterDhcp ter LDAPServer ter se s SimpleArbiterDhcp povezi na LDAP server na drugem virtualnem sistemu. Ustvari uporabnika.
-
-
-Ustvari dva navidezna računalnika: SimpleArbiter in LDAPServer. - -
-Na LDAPServer namesti strežnik LDAP. Strežnik naj skrbi za domeno - -
DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
-
--V imeniku ustvari uporabnika - -
CN={{LDAP_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
-
-
-z geslom {{LDAP_PASSWORD}}
in uporabnika
-
-
CN={{BIND_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
-
-
-z geslom {{BIND_PASSWORD}}
.
-
-
-Poskrbi, da se bo lahko klient s SimpleArbiter povezal na LDAP strežnik na LDAPServer.
-V primeru, da se klient poveže kot {{BIND_USERNAME}}
z geslom {{BIND_PASSWORD}}
,
-naj strežnik omogoči spreminjanje podatkov za objekt
-
-
CN={{LDAP_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
-
--ter ustvarjanje novih objektov v - -
DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
-
-CN = Common Name
-O = Organization
-OU = Organizational Unit
-DC = Domain Component
-
-''',
- 'en': '''\
--Create two virtual machines: SimpleArbiter and LDAPServer. - -
-Set up an LDAP server on LDAPServer. Make it responsible for - -
DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
-
--Create a user - -
CN={{LDAP_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
-
-
-with the password {{LDAP_PASSWORD}}
, and a user
-
-
CN={{BIND_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
-
-
-with the password {{LDAP_PASSWORD}}
.
-
-
-Make sure that a client from SimpleArbiter can connect to the LDAP server on LDAPServer. If the client identifies themself as {{BIND_USERNAME}}
with the password {{BIND_PASSWORD}}
, allow it to change data for the object
-
-
CN={{LDAP_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
-
--and to create objects in - -
DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
-
-CN = Common Name
-O = Organization
-OU = Organizational Unit
-DC = Domain Component
-
-''',
-}
-
-computers = {
- 'LDAPServer': {
- 'disks': [
- { 'name': 'student-LDAPServer',
- },
- #{ 'name': 'CDROM',
- # 'options':{'readonly': True},
- # 'parts': [],# no parts, no mounting.
- #}
- ],
- 'network_interfaces': [{'network': 'net1'}],
- 'flavor': 'm1.tiny',
- 'config_drive': False
-
- },
- 'SimpleArbiter': {
- 'disks': [
- { 'name': 'simpleArbiterDhcpGWLDAP',
- # attempt automount
- },
- #{ 'name': 'CDROM',
- # 'options': {'readonly': True},
- # 'parts': [{'dev': 'b1', 'path': '/cdrom'}],
- #},
- ],
- 'network_interfaces': [{'network': 'net1'}, {'network': 'test-net'}],
- 'flavor': 'm1.tiny',
- 'config_drive': False
- }
-}
-
-networks = { 'net1': {'public': False}, 'test-net': {'public': True} }
-
-params_meta = {
- 'LDAP_IP': {'descriptions': {'si': 'IP strežnika', 'en': 'Server IP'}, 'w': True, 'public':True, 'type': 'IP', 'generated': False},
- 'DOMAIN': {'descriptions': {'si': 'Domena (poddomena kpov.lusy.fri.uni-lj.si)', 'en': 'Domain (subdomain of kpov.lusy.fri.uni-lj.si)'}, 'w': False, 'public':True, 'type': 'username', 'generated': True},
- 'LDAP_USERNAME': {'descriptions': {'si': 'Uporabniško ime v LDAP', 'en': 'Username in LDAP'}, 'w': False, 'public':True, 'type': 'username', 'generated': True},
- 'LDAP_PASSWORD': {'descriptions': {'si': 'Geslo v LDAP', 'en': 'LDAP password'}, 'w': False, 'public':True, 'type': 'password', 'generated': True},
- 'BIND_USERNAME': {'descriptions': {'si': 'Uporabniško ime za dostop do LDAP (bind)', 'en': 'Bind username in LDAP'}, 'w': False, 'public':True, 'type': 'username', 'generated': True},
- 'BIND_PASSWORD': {'descriptions': {'si': 'Geslo za dostop do LDAP (bind)', 'en': 'Bind password in LDAP'}, 'w': False, 'public':True, 'type': 'password', 'generated': True},
-}
-
-def task(LDAP_IP, DOMAIN, LDAP_USERNAME, LDAP_PASSWORD, BIND_USERNAME, BIND_PASSWORD):
- from pexpect import pxssh
- import pexpect
- results = dict()
- FULLDOMAIN = "dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si".format(
- **locals())
- BIND_DN = "cn={BIND_USERNAME},ou=Users,{FULLDOMAIN}".format(**locals())
- s = "ldapsearch -D {BIND_DN} -b {FULLDOMAIN} -w {BIND_PASSWORD}\
- -h {LDAP_IP}".format(
- **locals())
- results['ldapsearch_before'] = pexpect.run(s)
- s = "ldapmodify -D {BIND_DN} -w {BIND_PASSWORD} -h {LDAP_IP}".format(
- **locals())
- modify = pexpect.spawn(s)
- FORTUNE = kpov_util.hostname_gen(random.Random(str(LDAP_USERNAME)))
- results['fortune'] = FORTUNE
- s1 = """
-dn: cn={LDAP_USERNAME},ou=Users,{FULLDOMAIN}
-changetype: modify
-replace: description
-description: {FORTUNE}
-""".format(**locals())
- modify.write(s1)
- modify.sendeof()
- modify.expect(pexpect.EOF)
- results['modify'] = modify.before
- s = "ldapsearch -D {BIND_DN} -b {FULLDOMAIN} -w {BIND_PASSWORD}\
- -h {LDAP_IP}".format(**locals())
- results['ldapsearch_after'] = pexpect.run(s)
- return results
-
-def gen_params(user_id, params_meta):
- params = dict()
- r = random.Random(user_id)
- params['DOMAIN'] = kpov_util.hostname_gen(r)
- params['LDAP_USERNAME'] = kpov_util.username_gen(r)
- params['LDAP_PASSWORD'] = kpov_util.alnum_gen(r, 6)
- params['BIND_USERNAME'] = kpov_util.username_gen(r)
- params['BIND_PASSWORD'] = kpov_util.alnum_gen(r, 6)
- return params
-
-def task_check(results, params):
- import re
- score = 0
- hints = []
- s = """.*dn: dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si\r[^#]*
-objectClass: top\r
-objectClass: dcObject\r
-objectClass: organization\r
-.*""".format(**params)
-#dc: {DOMAIN}\r
- if re.match(s, results['ldapsearch_before'], re.DOTALL):
- score += 2
- else:
- hints += ["domain missing in ldapsearch result"]
- s = ".*cn: {}.*".format(re.escape(params['LDAP_USERNAME']))
- if re.search(s, results['ldapsearch_before']):
- score += 2
- else:
- hints += ["LDAP_USERNAME missing in: " + s + str(results['ldapsearch_before'])]
- fortune = kpov_util.hostname_gen(random.Random(str(params['LDAP_USERNAME'])))
- s = ".*cn: {0}.*description: {1}.*".format(
- re.escape(params['LDAP_USERNAME']), re.escape(fortune))
- if re.match(s, results['ldapsearch_after'], re.DOTALL):
- score += 2
- else:
- hints += ["description missing after update:" + fortune + "\n" + s + str(results['modify']) + str(results['ldapsearch_after'])]
- if results['ldapsearch_before'][:100] == results['ldapsearch_after'][:100]:
- score += 2
- else:
- hints += ["ldapsearch before equals after. This should not happen."]
- s = '.*\r\nmodifying entry "cn={LDAP_USERNAME},ou=Users,dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si".*'.format(
- **params)
- if re.match(s, results['modify'], re.DOTALL):
- score += 2
- else:
- hints += ['Modify error' + s + str(results['modify'])]
- return score, hints
-
-def prepare_disks(templates, task_params, global_params):
- write_default_config(templates['simpleArbiterDhcpGWLDAP'], global_params)
--
cgit v1.2.1