{"id":178,"date":"2012-01-12T16:42:32","date_gmt":"2012-01-12T18:42:32","guid":{"rendered":"http:\/\/linuxrs.com.br\/?p=178"},"modified":"2012-01-12T16:44:02","modified_gmt":"2012-01-12T18:44:02","slug":"configurando-um-servidor-ldap-no-debian","status":"publish","type":"post","link":"https:\/\/blog.clusterweb.com.br\/?p=178","title":{"rendered":"Configurando um Servidor Ldap no Debian"},"content":{"rendered":"<div>\n<p><strong>Observa\u00e7\u00f5es:<\/strong><\/p>\n<ul>\n<li>\n<div>Iremos levar em considera\u00e7\u00e3o que voc\u00ea possui uma instala\u00e7\u00e3o \u201climpa\u201d do S.O. Debian GNU\/Linux.<\/div>\n<\/li>\n<li>\n<div>Os servi\u00e7os que est\u00e3o sendo usandos na solu\u00e7\u00e3o tamb\u00e9m devem estar devidamente configurados e em opera\u00e7\u00e3o.<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<h2>Instalando o Servidor LDAP<\/h2>\n<div>\n<p>Antes de instalar o Ldap, precisamos ajustar o arquivo hosts.<\/p>\n<pre>root@debian:~# vi \/etc\/hosts\r\n\r\n127.0.0.1       localhost.localdomain    localhost\r\n10.0.0.22       nome.dominio.com.br      nome<\/pre>\n<p>Em seguida, vamos instalar os pacotes.<\/p>\n<pre>root@debian:~# aptitude install slapd ldap-utils\r\n\r\nOmitir a configura\u00e7\u00e3o do servidor OpenLDAP: &lt;N\u00e3o&gt;\r\nInforme o nome do dom\u00ednio DNS: dominio.com.br\r\nInforme o nome de sua organiza\u00e7\u00e3o: dominio.com.br\r\nSenha do admin: *********\r\nConfirme a senha: *********\r\nPermitir protocolo LDAPv2? &lt;N\u00e3o&gt;<\/pre>\n<p>Em seguida<\/p>\n<pre>root@debian:~# aptitude install libnss-ldap libpam-ldap\r\n\r\nIdentificador de Recurso Uniforme (URI) do Servidor LDAP: ldap:\/\/localhost:389\r\nO nome distinto (\"distinguished name\") da base de procura: dc=dominio,dc=com,dc=br\r\nVers\u00e3o LDAP a ser utilizada: 3\r\nA base de dados LDAP requer login? &lt;N\u00e3o&gt;\r\nPrivil\u00e9gios especiais LDAP para o root? &lt;N\u00e3o&gt;\r\nPermitir a leitura\/escrita no ficheiro de configura\u00e7\u00e3o apenas para o dono? &lt;N\u00e3o&gt;\r\nO nsswitch.conf n\u00e3o \u00e9 gerido automaticamente. &lt;OK&gt;\r\nTornar a conta root local o administrador da base de dados. &lt;N\u00e3o&gt;\r\nA base de dados LDAP requer autentica\u00e7\u00e3o? &lt;N\u00e3o&gt;\r\nCriptografia local a ser utilizada na mudan\u00e7a de senhas. md5<\/pre>\n<\/div>\n<h2>Configurando o Servidor LDAP<\/h2>\n<div>\n<p>Agora vamos configurar o servidor <acronym title=\"Lightweight Directory Access Protocol\">LDAP<\/acronym> e habilitar o sistema operacional para realizar autentica\u00e7\u00e3o no mesmo. Verifique as seguintes linhas:<\/p>\n<pre>root@debian:~# vi \/etc\/ldap\/slapd.conf\r\n\r\n# Definindo classes de objetos\r\ninclude         \/etc\/ldap\/schema\/core.schema\r\ninclude         \/etc\/ldap\/schema\/cosine.schema\r\ninclude         \/etc\/ldap\/schema\/nis.schema\r\ninclude         \/etc\/ldap\/schema\/inetorgperson.schema\r\ninclude         \/etc\/ldap\/schema\/samba.schema\r\n\r\n# Habilitando LOGs\r\nloglevel        256\r\n\r\n# Specificando base de dados a ser usada\r\ndatabase        bdb\r\n\r\n# Base DN\r\nsuffix          \"dc=dominio,dc=com,dc=br\"\r\n\r\n# Root DN\r\n# rootdn        \"cn=admin,dc=dominio,dc=com,dc=br\"\r\n\r\n# Diretorio de armazenamento de dados\r\ndirectory       \"\/var\/lib\/ldap\"\r\n\r\n# \u00cdndices\r\nindex           objectClass eq\r\n\r\n# ACL's\r\naccess to attrs=userPassword,shadowLastChange\r\n        by dn=\"cn=admin,dc=dominio,dc=com,dc=br\" write\r\n        by anonymous auth\r\n        by self write\r\n        by * none\r\n\r\naccess to dn.base=\"\" by * read\r\n\r\naccess to *\r\n        by dn=\"cn=admin,dc=dominio,dc=com,dc=br\" write\r\n        by * read<\/pre>\n<pre>root@debian:~# vi \/etc\/ldap\/ldap.conf\r\n\r\nBASE    dc=dominio,dc=com,dc=br\r\nURI     ldap:\/\/127.0.0.1:389<\/pre>\n<p>N\u00e3o esquecendo de reiniciar o servi\u00e7o.<\/p>\n<pre>root@debian:~# \/etc\/init.d\/slapd stop\r\nroot@debian:~# \/etc\/init.d\/slapd stop<\/pre>\n<\/div>\n<h2>Configurando a PAM<\/h2>\n<div>\n<p>E agora vamos habilitar a PAM para autenticar no <acronym title=\"Lightweight Directory Access Protocol\">LDAP<\/acronym>, permitindo assim que o sistema operacional possa utilizar os usu\u00e1rios e grupos contidos no servidor.<\/p>\n<pre>root@debian:~# vi \/etc\/pam.d\/common-account\r\n#account    required      pam_unix.so\r\naccount     sufficient    pam_ldap.so\r\naccount     required      pam_unix.so try_first_pass<\/pre>\n<pre>root@debian:~# vi \/etc\/pam.d\/common-auth\r\n#auth       required      pam_unix.so nullok_secure\r\nauth        sufficient    pam_ldap.so\r\nauth        required      pam_unix.so nullok_secure use_first_pass<\/pre>\n<pre>root@debian:~# vi \/etc\/pam.d\/common-password\r\n#password   required      pam_unix.so nullok obscure min=4 max=8 md5\r\npassword    sufficient    pam_ldap.so\r\npassword    required      pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass<\/pre>\n<pre>root@debian:~# vi \/etc\/pam.d\/common-session\r\n#Adicionar\r\nsession     optional      pam_mkhomedir.so skel=\/etc\/skel umask=0027\r\n[...]<\/pre>\n<pre>root@debian:~# vi \/etc\/nsswitch.conf\r\n[...]\r\npasswd:         compat ldap\r\ngroup:          compat ldap\r\nshadow:         compat ldap\r\n[...]<\/pre>\n<pre>root@debian:~# vi \/etc\/pam_ldap.conf\r\n[...]\r\nbase dc=dominio,dc=com,dc=br\r\nuri ldap:\/\/127.0.0.1\r\nldap_version 3\r\n[...]<\/pre>\n<pre>root@debian:~# vi \/etc\/libnss-ldap.conf\r\n[...]\r\nbase dc=dominio,dc=com,dc=br\r\nuri ldap:\/\/127.0.0.1\r\nldap_version 3\r\nrootbinddn cn=admin,dc=dominio,dc=com,dc=br\r\n[...]<\/pre>\n<pre>root@debian:~# vi \/etc\/libnss-ldap.secret\r\nsenha_de_admin_da_base_ldap<\/pre>\n<\/div>\n<h2>Instalando o phpLdapAdmin<\/h2>\n<div>\n<p>Agora iremos realizar o download do utilit\u00e1rio phpLdapAdmin para que a administra\u00e7\u00e3o do <acronym title=\"Lightweight Directory Access Protocol\">LDAP<\/acronym> seja facilitada. O download de uma vers\u00e3o justada para melhor administra\u00e7\u00e3o com templates em portugu\u00eas pode ser obtida em <a title=\"http:\/\/downloads.fabriciovc.eti.br\/ldap\/phpldapadmin-1.1.0.5.tar.gz\" href=\"http:\/\/downloads.fabriciovc.eti.br\/ldap\/phpldapadmin-1.1.0.5.tar.gz\" rel=\"nofollow\" target=\"_blank\">http:\/\/downloads.fabriciovc.eti.br\/ldap\/phpldapadmin-1.1.0.5.tar.gz<\/a>.<\/p>\n<p>root@debian:\/home\/viaza132\/www# wget -c http:\/\/downloads.fabriciovc.eti.br\/ldap\/phpldapadmin-1.1.0.5.tar.gz<\/p>\n<\/div>\n<h4>Pacotes extras necess\u00e1rios:<\/h4>\n<div>\n<ul>\n<li>\n<div>apache2<\/div>\n<\/li>\n<li>\n<div>php5<\/div>\n<\/li>\n<li>\n<div>php5-ldap<\/div>\n<\/li>\n<\/ul>\n<pre>root@debian:~# aptitude install &lt;pacotes&gt;<\/pre>\n<p>Realizado o download e instalado os pacotes do <em>apache2<\/em> e do <em>php5<\/em> necess\u00e1rios, descompacte o pacote do phpLdapAdmin na \u00e1rea de hospedagem (\/home\/viaza132\/www). Lembre-se que essa aplica\u00e7\u00e3o precisa ser configurada.<\/p>\n<pre>root@debian:\/home\/viaza132\/www# tar xzvf phpldapadmin-1.1.0.5.tar.gz\r\nroot@debian:\/home\/viaza132\/www# mv phpldapadmin-1.1.0.5 phpldapadmin\r\nroot@debian:\/home\/viaza132\/www# cd phpldapadmin\/config\r\nroot@debian:\/home\/viaza132\/www\/phpldapadmin\/config# cp config.php.example config.php\r\nroot@debian:\/home\/viaza132\/www\/phpldapadmin\/config# vi config.php<\/pre>\n<p>Configure as seguintes linhas.<\/p>\n<pre>$ldapservers-&gt;SetValue($i,'server','name','DN LDAP Server');\r\n$ldapservers-&gt;SetValue($i,'server','host','127.0.0.1');\r\n$ldapservers-&gt;SetValue($i,'server','port','389');\r\n$ldapservers-&gt;SetValue($i,'server','base',array('dc=dominio,dc=com,dc=br'));\r\n$ldapservers-&gt;SetValue($i,'server','auth_type','session');\r\n$ldapservers-&gt;SetValue($i,'login','dn','cn=admin,dc=dominio,dc=com,dc=br');\r\n$ldapservers-&gt;SetValue($i,'server','sasl_auth',false);\r\n$ldapservers-&gt;SetValue($i,'server','low_bandwidth',false);\r\n$ldapservers-&gt;SetValue($i,'appearance','password_hash','md5');\r\n$ldapservers-&gt;SetValue($i,'appearance','show_create',true);\r\n$ldapservers-&gt;SetValue($i,'auto_number','enable',true);\r\n$ldapservers-&gt;SetValue($i,'auto_number','mechanism','search');\r\n$ldapservers-&gt;SetValue($i,'auto_number','min','1000');\r\n$ldapservers-&gt;SetValue($i,'login','timeout',30);<\/pre>\n<\/div>\n<h2>Adicionando dados na base LDAP (com arquivos .ldif)<\/h2>\n<div><\/div>\n<h3>raiz.ldif<\/h3>\n<div>\n<pre>dn: dc=dominio,dc=com,dc=br\r\ndc: exemplo\r\nobjectClass: domain\r\nobjectClass: top<\/pre>\n<\/div>\n<h3>unidadeorganizacional.ldif<\/h3>\n<div>\n<pre>dn: ou=contatos,dc=dominio,dc=com,dc=br\r\nou: contatos\r\nobjectClass: organizationalUnit\r\nobjectClass: top\r\n\r\ndn: ou=usuarios,dc=dominio,dc=com,dc=br\r\nou: usuarios\r\nobjectClass: organizationalUnit\r\nobjectClass: top\r\n\r\ndn: ou=grupos,dc=dominio,dc=com,dc=br\r\nou: grupos\r\nobjectClass: organizationalUnit\r\nobjectClass: top<\/pre>\n<\/div>\n<h3>usuarios.ldif<\/h3>\n<div>\n<pre>dn: uid=fabricio,ou=usuarios,dc=dominio,dc=com,dc=br\r\ngivenName: Fabricio\r\nsn: Vaccari Constanski\r\ncn: Fabricio Vaccari Constanski\r\nuid: fabricio\r\nuserPassword: {MD5}F5dfrtvcmAMadsZZsjaasdsdspBQ==\r\nuidNumber: 1000\r\ngidNumber: 1000\r\nhomeDirectory: \/home\/usuarios\/fabricio\r\nloginShell: \/bin\/bash\r\nobjectClass: OpenLDAPperson\r\nobjectClass: posixAccount\r\nobjectClass: top<\/pre>\n<\/div>\n<h3>grupos.ldif<\/h3>\n<div>\n<pre>dn: cn=nome_do_grupo,ou=grupos,dc=dominio,dc=com,dc=br\r\ncn: nome_do_grupo\r\ngidNumber: 1000\r\nobjectClass: posixGroup\r\nobjectClass: top<\/pre>\n<\/div>\n<h3>Comando de adi\u00e7\u00e3o<\/h3>\n<div>\n<pre>root@debian:~# ldapadd -x -W -D \"cn=admin,dc=dominio,dc=com,dc=br\" -f arquivo.ldif<\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Observa\u00e7\u00f5es: Iremos levar em considera\u00e7\u00e3o que voc\u00ea possui uma instala\u00e7\u00e3o \u201climpa\u201d do S.O. Debian GNU\/Linux. Os servi\u00e7os que est\u00e3o sendo usandos na solu\u00e7\u00e3o tamb\u00e9m devem estar devidamente configurados e em opera\u00e7\u00e3o. Instalando o Servidor LDAP Antes de instalar o Ldap, precisamos ajustar o arquivo hosts. root@debian:~# vi \/etc\/hosts 127.0.0.1 localhost.localdomain localhost 10.0.0.22 nome.dominio.com.br nome Em [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[51],"tags":[40,17,71,73,72],"class_list":["post-178","post","type-post","status-publish","format-standard","hentry","category-linux-linuxrs","tag-configuracao","tag-debian","tag-ldap","tag-replicacao","tag-servidor"],"_links":{"self":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=178"}],"version-history":[{"count":3,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/178\/revisions"}],"predecessor-version":[{"id":180,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/178\/revisions\/180"}],"wp:attachment":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=178"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}