problem s LDAP
miroslav.ludvik na centrum.cz
miroslav.ludvik na centrum.cz
Úterý Červen 25 21:54:15 CEST 2002
Ahoj vsem,
potrebuju rozbehnout autentikaci Apache proti LDAP.
Zatim jem udelal nasledujici:
1) nainstaloval jsem slapd a ldap util
2) Vytvoril jsem pomoci ldapadd nejake uzivatele (ASI bez hesla)
3) do httpd.con jsem pridal
<Location /test>
AuthType Basic
AuthName "Enter username and password"
# AuthLDAPURL ldap://snezka.luisoft.cz:389
# AuthUserFile /etc/apache/users
require valid-user
</Location>
4) uzivatele jsem vytvoril takto
ldapadd -xv -D "cn=Manager,o=rdm,c=cz" -W -f /home/ludvikm/pokus
5) Nedari se mi zmenit heslo uzivatele
zkousel jsem ldappasswd -xvW -D "cn=LJ,o=luisoft,c=cz"
samozrejme se me zeptal na heslo a ja mu napsal "secret" (je to v
konfiguraku a na vytvareni uzivatele to fungovalo. Na heslo
secret odvetil "Invalid Credentials" a kdyz jsem misto secret
stisknul pouze enter v domeni, ze uzivatel ma po vytvoreni
prazdne heslo napsal mi
"ldap_initialize( <DEFAULT> )
Result: Strong authentication required (8)
Additional info: only authenicated users may change passwords"
6) A kdyz zkusim napsat lynx snezka/test mi vraci chybu 401, ze
nejsem autorizovan.
Muzete prosim nekdo poradit
a) jak menit uzivateli heslo
b) co presne napsat do httpd.conf aby vzdy toho uzivatrlr nasel
c) co mam psat do toho username cn=username,o=firma,c=CZ nebo
jenom to cn nebo sn.
PS: Dulezite soubory prikladam
Vsem dekuji Mirek Ludvik
--------------------
Žena v centru pozornosti na http://zena.centrum.cz
------------- další část ---------------
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
HOST 127.0.0.1
BASE o=luisoft,c=cz
------------- další část ---------------
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
#include /etc/ldap/schema/redhat/rfc822-MailMember.schema
#include /etc/ldap/schema/redhat/autofs.schema
#include /etc/ldap/schema/redhat/kerberosobject.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile //var/run/slapd.pid
argsfile //var/run/slapd.args
# Create a replication log in /var/lib/ldap for use by slurpd.
replogfile /var/lib/ldap/master-slapd.replog
# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#
# The next two lines allow use of TLS for connections using a dummy test
# certificate, but you should generate a proper certificate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
#
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "o=luisoft,c=cz"
rootdn "cn=Manager,o=luisoft,c=cz"
#rootdn "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname eq,subinitial
# Replicas to which we should propagate changes
#replica host=ldap-1.example.com:389 tls=yes
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com na EXAMPLE.COM
------------- další část ---------------
dn: o=luisoft,c=cz
objectClass: dcObject
objectClass: organization
o: Luisoft, CZ
dn: cn=Miroslav_Ludvik,o=luisoft,c=cz
objectClass: person
cn: Mirek Ludvik
sn: Ludvik
Další informace o konferenci Linux