Thursday, September 6, 2012

Openldap server and client configration in rhel6 with tls


lets see the openldap server setup configuration on rhel 6
 
In my setup 
my server name is:- node5.example.com
ipaddress is :- 192.168.0.100/24
domain name is:- example.com
openldap-server version is:- openldap-servers-2.4.23-20
my server os is:- RedHat Enterprise Linux 6.2



Step 1: first we need to install the required packages:

#yum install openldap-servers openldap-clients

here the openldap-server for configure the ldapserver and openldap-clients for configure the client..

Step2: As the configuration for LDAP is stored inside the LDAP server itself the configuration is in this /etc/openldap/slapd.d/ directory.


First of all we need set the password for administrator(we called it Manager) by using this command.

#slappasswd
password: mypasswd
retype-password: mypasswd

you’ll get something like this ”{SSHA}r2or9f2vYlvieCu0LP6wTnSdYfrddsuV” as a result. This is the string we will have to add into config file. So we need to copy it.

Now time to open configuration file..


# vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif

here we need to change domain name..

substitute “my-domain.com” with “example.com”
replace the domain by using “sed” other wise we can replace the domain in file manualy.
We can use this command to chabge this

:%s/dc=my-domain,dc=com/dc=example,dc=com/g

We now set the administrator(Manager) password..
and if you want make that encrypt then we need to add those line's over there

add these 3 lines at the end of the file “bdb.ldif” file:

olcRootPW: {SSHA}r2or9f2vYlvieCu0LP6wTnSdYfrddsuV
olcTLSCertificateFile: /etc/pki/tls/certs/example.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/examplekey.pem

Step 4: Now we have to specify the monitoring privileges
if you want to monitoring then we need to specify those lines in this file..


#vim /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{1\}monitor.ldif

again, we have to replace the default domain name with our domain name

now can replace the default domain name manualy or by using “sed”

:%s/cn=manager,dc=my-domain,dc=com/cn=Manager,dc=example,dc=com/g

Step 5: Now its time for the Database Cache

#updatedb

othere wise automatic calculation of cache we need to copy that file in this location

#cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

now set the permission for ldap user also.

#chown -Rf ldap:ldap /var/lib/ldap/


Step 6: Now we will need to set up a certificate for TLS. First we need to edit /etc/sysconfig/ldap and change SLAPD_LDAPS= options in this manner

#vim /etc/sysconfig/ldap
SLAPD_LDAPS=yes -----(default is no)

Now we need to create certificate.

There is lots of options for gen rate the certificate we can use any method.
I am going with this command.


#openssl req -new -x509 -nodes -out /etc/pki/tls/certs/example.pem -keyout /etc/pki/tls/certs/examplekey.pem -days 365

fill the required information of command

This will create the two required keys in the /etc/pki/tls/certs/ directory. We need to make them readable for the ldap user.

# chown -Rf root:ldap /etc/pki/tls/certs/example.pem
# chmod -Rf root:ldap /etc/pki/tls/certs/examplekey.pem
check the read permission for ldap user........


Step 7: Time to test our configuration

Now time to check the ldap configuration

# slaptest -u

“config file testing succeeded” answer should we come..



Step 8:  Start the ldap server

#service sladp start

lets check if our ldap server really works:

#ldapsearch -x -b ”dc=example,dc=com”

if you get a search: 2 then your on track!

Step 9: Configure the base domain
you can create this file manualy other wise download from this link

http://www.4shared.com/file/TtQTedYv/base.html

#vim /root/base.ldif


dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Hosts,dc=example,dc=com
ou: Hosts
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Rpc,dc=example,dc=com
ou: Rpc
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Services,dc=example,dc=com
ou: Services
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: nisMapName=netgroup.byuser,dc=example,dc=com
nismapname: netgroup.byuser
objectClass: top
objectClass: nisMap
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Mounts,dc=example,dc=com
ou: Mounts
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Networks,dc=example,dc=com
ou: Networks
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=People,dc=example,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Group,dc=example,dc=com
ou: Group
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Netgroup,dc=example,dc=com
ou: Netgroup
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Protocols,dc=example,dc=com
ou: Protocols
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: ou=Aliases,dc=example,dc=com
ou: Aliases
objectClass: top
objectClass: organizationalUnit
objectClass: domainRelatedObject
associatedDomain: example.com

dn: nisMapName=netgroup.byhost,dc=example,dc=com
nismapname: netgroup.byhost
objectClass: top
objectClass: nisMap
objectClass: domainRelatedObject
associatedDomain: example.com




now we import our base information to the ldap directory:

#ldapadd -x -W -D ”cn=Manager,dc=example,dc=com” -f /root/base.ldif


Step 10: add the users in ldap
now time to add the users into ldap database. Fo Do that only we need to create a .ldif file and we can add it into ldap.
download the users file.

http://www.4shared.com/file/tYZhCL47/users.html


# vim /root/users.ldif

dn: uid=vishvendra,ou=People,dc=example,dc=com
uid: vishvendra
cn: vishvendra Chauhan
givenName: vishvendra Singh Chauhan
sn: 1
mail: vishvendra.singh.chauhan@example.com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {SSHA}2RxVB3Cb+JZxqLDD4EucbGKEew9bhXNB
shadowLastChange: 12797
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 911
gidNumber: 911
homeDirectory: /home/vishvendra
gecos: Vishvendra's user
#ldapadd -x -W -D ”cn=Manager,dc=example,dc=com” -f /root/users.ldif

Now test this user's List.



Step 11: Testing the ldap server. We check is user vishvendra exists

#ldapsearch -x ”cn=vishvendra”  -b ”dc=example,dc=com”

it should be receive success result.



Ldap Client Configuration



there is only few steps for connect the client with ldap server.


First pf all we need to install the required package's on client side.

Step first:-


#yum install openldap-clients


Step Two:-
simple run the authentication command.


#authconfig-gtk or authconfig-tui or system-config-authentication

put the url of certificate. which is already shared from your server...


Now should be able to find the users in the ldap database..


#ldapsearch -x -ZZ


Ldap users migration and connectivity with outher "directories services" will coming soon......

****************************************All The Best**************************************************








Posted by at No comments :

Tuesday, September 4, 2012

website Downloading by wget command in linux

we have need to download an entire Web site, perhaps for off-line viewing,
so for do that we are using so diffrence tools. In linux we can download the entire site by using wget.
 wget can do the
use those command......

$ wget \
     --recursive \
     --no-clobber \
     --page-requisites \
     --html-extension \
     --convert-links \
     --restrict-file-names=windows \
     --domains chauhan-rhce.blogspot.com \
     --no-parent \
                   www.chauhan-rhce.blogspot.com
This command downloads the Web site www.chauhan-rhce.blogspot.com.
The options are:
  • --recursive: download the entire Web site.
  • --domains chuahan-rhce.blogspot.com: don't follow links outside website.org.
  • --no-parent: don't follow links outside the directory tutorials/html/.
  • --page-requisites: get all the elements that compose the page (images, CSS and so on).
  • --html-extension: save files with the .html extension.
  • --convert-links: convert links so that they work locally, off-line.
  • --restrict-file-names=windows: modify filenames so that they will work in Windows as well.
  • --no-clobber: don't overwrite any existing files (used in case the download is interrupted and
    resumed).


    after download the complete site you can get fun with offline site..




Posted by at No comments :
Subscribe to: Posts ( Atom )