1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
<!DOCTYPE html>
<html>
<head>
<title>ldap_search</title>
<meta charset="utf-8">
</head>
<body>
</body>
<h1>ldap_search</h1>
<h2>Purpose of the exercise</h2>
<p>How to setup a LDAP Server, to add entries to a LDAP Server, and to change users' rights to be able to add entries and change the attributes of entries.</p>
<h2>How To</h2>
<ol>
<li>Create two virtual machines, <b>SimpleArbiterDhcpGWLDAP</b>(simpleArbiterDhcpGWLDAP.vdi) and <b>LDAPServer</b>(student-LDAPServer.vdi).
<br><img src="../images/Pic1.jpg" alt="No img" width=600 height=400></li>
<br>
<li>Change the network settings to both virtual machines. <b>SimpleArbiterDhcpGWLDAP</b>: Adapter 1 is set to "NAT" for internet access and
adapter 2 to "internal network" for local network. <b>LDAPServer</b>: Adapter 1 set to "internal network" sot that it is in the same internal network as SimpleArbiterDhcpGWLDAP.
<br><img src="../images/Pic2.1.jpg" alt="No img" width=600 height=400>
<br><img src="../images/Pic2.2.jpg" alt="No img" width=600 height=400>
<br><img src="../images/Pic2.3.jpg" alt="No img" width=600 height=400></li>
<br>
<li>In <b>SimpleArbiterDhcpGWLDAP</b> log in as user "tester", in <b>LDAPServer</b> log in as user "root", run the command <b>"apt-get update"</b> to update the list of packages and
open up another terminal by pressing <b>"ALT+F2"</b> and log in as user "student".</li>
<br>
<li>In <b>LDAPServer</b> run the command <b>"apt-get install slapd ldap-utils"</b> to install these packages which are the LDAP server and tools to access and manage the LDAP server.
<br>During the LDAP server installation you'll have to provide the password for the user "admin", the administrator of the server and confirm the password chosen.</li>
<br>
<li>Configure the LDAP server by choosing the appropriate domain name and other configuration parameters. Execute the commmand <b>"dpkg-reconfigure slapd"</b>.
<br><img src="../images/Pic3.1.jpg" alt="No img" width=600 height=400>
<br><img src="../images/Pic3.2.jpg" alt="No img" width=600 height=400>
<br><img src="../images/Pic3.3.jpg" alt="No img" width=600 height=400>
<br><img src="../images/Pic3.4.jpg" alt="No img" width=600 height=400>
<br><img src="../images/Pic3.5.jpg" alt="No img" width=600 height=400>
<br><img src="../images/Pic3.6.jpg" alt="No img" width=600 height=400>
<br><img src="../images/Pic3.7.jpg" alt="No img" width=600 height=400>
<br><img src="../images/Pic3.8.jpg" alt="No img" width=600 height=400>
<br>a) If you will configure the <b>"slapd"</b> again don't forget to remove the old database <b>"rm -rf /var/backups/unknown-2.4.44+dfsg-2.ldapdb"</b>.</li>
<br>
<li>Now that the LDAP server is configured for use, try to open a third console and log in as user "student" and execute the command <b>"ldapsearch -D cn=admin,dc=ceres-20,dc=kpov,
dc=lusy,dc=fri,dc=uni-lj,dc=si -W -b dc=ceres-20,dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si"</b>, which will show the entries in the server.
<br>Because you will be using a lot the domain name to access the LDAP server you can set the environment variable "D", which will allow for quicker typing of commands.
<br><b>"export D=dc=ceres-20,dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si"</b>
<br><b>"ldapsearch -D cn=admin,$D -wvaje -b $D"</b></li>
<br>
<li>Create the file(LDIF format) "users.ldif" which will contain the objects(users) that we want to add to the LDAP server database.
<br><img src="../images/Pic4.jpg" alt="No img" width=600 height=400>
<br>Execute the following command to add users to the LDAP server:
<br><b>"ldapadd -D cn=admin,$D -wvaje -f users.ldif"</b>
<br>Add password to the users added to the LDAP server:
<br><b>"ldappasswd -D cn=admin,$D -wvaje -sj2531e cn=ninavidmar,ou=users,$D"</b>
<br><b>"ldappasswd -D cn=admin,$D -wvaje -scTyRM0 cn=natalijaribnikar39,ou=users,$D"</b>
<br>Execute command <b>"ldapsearch -D cn=natalijaribnikar39,ou=users,$D -wcTyRM0 -b $D"</b> to bind to the LDAP server with the newly added user <b>"natalijaribnikar39"</b> and to see the entries currently in the LDAP server.
<br><img src="../images/Pic5.jpg" alt="No img" width=600 height=400></li>
<br>
<li>In order to change the users' rights settings, which allows a user to add entries to the directory and change values of attributes of entries in the directory you need to create an additional file acl.ldif:
<br>To see which backend database is used and other settings related to the users' rights execute command <b>"ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config"</b> as root user in the system, which does not need the user authentication to the LDAP server.
<br><img src="../images/Pic6.jpg" alt="No img" width=600 height=400>
<br>The settings in the acl.ldif file:
<br><img src="../images/Pic7.jpg" alt="No img" width=600 height=400>
<br>Now to change users' rights run the command <b>"ldapmodify -Y EXTERNAL -H ldapi:/// -f acl.ldif"</b> as user "root" in the system.</li>
<br>
<li>The user <b>"natalijaribnikar39"</b> has the right to add or change objects in the LDAP server.
<br>Now try to bind to the LDAP server using <b>"natalijaribnikar39"</b> user's credentials and add a new user to the server directory.
<br><b>"ldapadd -D cn=natalijaribnikar39,ou=users,$D -wcTyRM0 -f newuser.ldif"</b></li>
<br>
<li>Now to test your result go to the <b>SimpleArbiterDhcpGWLDAP</b> virtual machine and run <b>"./test_task.py"</b> to run the test and see your score.
<br><img src="../images/Pic8.jpg" alt="No img" width=600 height=400></li>
</ol>
</html>
|
