Ldap server installieren

Aus metasec wiki
Wechseln zu: Navigation, Suche
apt-get install unixodbc libmyodbc  slapd ldap-utils
<pre>

/etc/odbc.ini
<pre>
[zphone]
Description = MySQL Asterisk
Driver      = MySQL
SERVER      = localhost
USER        = zphone
PASSWORD    = zphone
PORT        = 3306
DATABASE    = zphone
Option      = 3

/etc/odbcinst.ini

[MySQL]
Description             = MySQL driver
Driver          = /usr/lib/odbc/libmyodbc.so
Setup           = /usr/lib/odbc/libodbcmyS.so
CPTimeout               =
CPReuse         =
UsageCount              = 1

/etc/ldap/slapd.conf

# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

#######################################################################
# Global Directives:

# Features to permit
#allow bind_v2

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel        255

# Where the dynamically loaded modules are stored
modulepath      /usr/lib/ldap
moduleload      back_bdb
moduleload      back_sql


# The maximum number of entries that is returned for a search operation
sizelimit 500

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1

#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend         bdb
checkpoint 512 30

#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend                <other>

#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database        bdb

# The base of your directory in database #1
suffix          "dc=zphone,dc=local"

# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
# rootdn          "cn=admin,dc=zphone,dc=local"

# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"

# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0

# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057
# for more information.

# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500

# Indexing options for database #1
index           objectClass eq

# Save the time that the entry gets modified, for database #1
lastmod         on

# Where to store the replica logs for database #1
# replogfile    /var/lib/ldap/replog

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange
        by dn="cn=admin,dc=zphone,dc=local" write
        by anonymous auth
        by self write
        by * none

# Ensure read access to the base for things like
# supportedSASLMechanisms.  Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.
access to *
        by dn="cn=admin,dc=zphone,dc=local" write
        by * read

# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
#        by dn="cn=admin,dc=zphone,dc=local" write
#        by dnattr=owner write

#######################################################################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database        <other>

# The base of your directory for database #2
#suffix         "dc=debian,dc=org"

#######################################################################
# sql database definitions
#######################################################################
loglevel 255
# backend sql
database        sql

suffix          "dc=zphone2,dc=local"
# Only need if not using the ldbm/bdb stuff below
#rootdn         "cn=admin,dc=zphone,dc=local"
#rootpw  zphone

dbname          zphone # That's the name of the ODBC.INI key in section [ODBC data sources]
dbuser  zphone
dbpasswd  zphone
subtree_cond    "upper(ldap_entries.dn) LIKE CONCAT('%',?)"
insentry_query  "INSERT INTO ldap_entries (dn,oc_map_id,parent,keval) VALUES (?,?,?,?)"
has_ldapinfo_dn_ru      no

access to attrs=userPassword
        by dn="cn=admin,dc=zphone,dc=local" write
        by anonymous auth
        by self write
        by * none

access to *
        by dn="cn=admin,dc=zphone,dc=local" write
        by * read


ldap_sql.sql

-- MySQL dump 10.11
--
-- Host: localhost    Database: zphone
-- ------------------------------------------------------
-- Server version       5.0.32-Debian_7etch12-log

/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;

--
-- Table structure for table `persons`
--

DROP TABLE IF EXISTS `persons`;
CREATE TABLE `persons` (
  `id` bigint(20) unsigned NOT NULL auto_increment,
  `name` varchar(255) NOT NULL,
  `surname` varchar(255) NOT NULL,
  `password` varchar(64) default NULL,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `id` (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=4 DEFAULT CHARSET=latin1;

--
-- Dumping data for table `persons`
--

LOCK TABLES `persons` WRITE;
/*!40000 ALTER TABLE `persons` DISABLE KEYS */;
INSERT INTO `persons` VALUES (1,'Mitya','Kovalev','mit'),(2,'Torvlobnor','Puzdoy',NULL),(3,'Akakiy','Zinberstein',NULL);
/*!40000 ALTER TABLE `persons` ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table `phones`
--

DROP TABLE IF EXISTS `phones`;
CREATE TABLE `phones` (
  `id` bigint(20) unsigned NOT NULL auto_increment,
  `phone` varchar(255) NOT NULL,
  `pers_id` int(11) NOT NULL,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `id` (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=4 DEFAULT CHARSET=latin1;

--
-- Dumping data for table `phones`
--

LOCK TABLES `phones` WRITE;
/*!40000 ALTER TABLE `phones` DISABLE KEYS */;
INSERT INTO `phones` VALUES (1,'332-2334',1),(2,'222-3234',2),(3,'545-4563',2);
/*!40000 ALTER TABLE `phones` ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table `referrals`
--

DROP TABLE IF EXISTS `referrals`;
CREATE TABLE `referrals` (
  `id` bigint(20) unsigned NOT NULL auto_increment,
  `name` varchar(255) NOT NULL,
  `url` varchar(255) NOT NULL,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `id` (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;

--
-- Dumping data for table `referrals`
--

LOCK TABLES `referrals` WRITE;
/*!40000 ALTER TABLE `referrals` DISABLE KEYS */;
INSERT INTO `referrals` VALUES (1,'Referral','ldap://localhost:9012/');
/*!40000 ALTER TABLE `referrals` ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table `ldap_attr_mappings`
--

DROP TABLE IF EXISTS `ldap_attr_mappings`;
CREATE TABLE `ldap_attr_mappings` (
  `id` bigint(20) unsigned NOT NULL auto_increment,
  `oc_map_id` int(11) NOT NULL,
  `name` varchar(255) NOT NULL,
  `sel_expr` varchar(255) NOT NULL,
  `sel_expr_u` varchar(255) default NULL,
  `from_tbls` varchar(255) NOT NULL,
  `join_where` varchar(255) default NULL,
  `add_proc` varchar(255) default NULL,
  `delete_proc` varchar(255) default NULL,
  `param_order` int(11) NOT NULL,
  `expect_return` int(11) NOT NULL,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `id` (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=7 DEFAULT CHARSET=latin1;

--
-- Dumping data for table `ldap_attr_mappings`
--

LOCK TABLES `ldap_attr_mappings` WRITE;
/*!40000 ALTER TABLE `ldap_attr_mappings` DISABLE KEYS */;
INSERT INTO `ldap_attr_mappings` VALUES (1,1,'cn','text(persons.name||\' \'||persons.surname)',NULL,'persons',NULL,'SELECT update_person_cn(?,?)','SELECT 1 FROM persons WHERE persons.name=? AND persons.id=? AND 1=0',3,0),(2,1,'telephoneNumber','phones.phone',NULL,'persons,phones','phones.pers_id=persons.id','SELECT add_phone(?,?)','DELETE FROM phones WHERE phone=? AND pers_id=?',3,0),(3,1,'givenName','persons.name',NULL,'persons',NULL,'UPDATE persons SET name=? WHERE id=?','UPDATE persons SET name=\'\' WHERE (name=? OR name=\'\') AND id=?',3,0),(4,1,'sn','persons.surname',NULL,'persons',NULL,'UPDATE persons SET surname=? WHERE id=?','UPDATE persons SET surname=\'\' WHERE (surname=? OR surname=\'\') AND id=?',3,0),(5,1,'userPassword','persons.password',NULL,'persons','persons.password IS NOT NULL','UPDATE persons SET password=? WHERE id=?','UPDATE persons SET password=NULL WHERE password=? AND id=?',3,0),(6,1,'seeAlso','seeAlso.dn',NULL,'ldap_entries AS seeAlso,documents,authors_docs,persons','seeAlso.keyval=documents.id AND seeAlso.oc_map_id=2 AND authors_docs.doc_id=documents.id AND authors_docs.pers_id=persons.id',NULL,'DELETE from authors_docs WHERE authors_docs.doc_id=(SELECT documents.id FROM documents,ldap_entries AS seeAlso WHERE seeAlso.keyval=documents.id AND seeAlso.oc_map_id=2 AND seeAlso.dn=?) AND authors_docs.pers_id=?',3,0);
/*!40000 ALTER TABLE `ldap_attr_mappings` ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table `ldap_entries`
--

DROP TABLE IF EXISTS `ldap_entries`;
CREATE TABLE `ldap_entries` (
  `id` bigint(20) unsigned NOT NULL auto_increment,
  `dn` varchar(255) NOT NULL,
  `oc_map_id` int(11) NOT NULL,
  `parent` int(11) NOT NULL,
  `keyval` int(11) NOT NULL,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `id` (`id`),
  UNIQUE KEY `oc_map_id` (`oc_map_id`,`keyval`),
  UNIQUE KEY `dn` (`dn`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Dumping data for table `ldap_entries`
--

LOCK TABLES `ldap_entries` WRITE;
/*!40000 ALTER TABLE `ldap_entries` DISABLE KEYS */;
/*!40000 ALTER TABLE `ldap_entries` ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table `ldap_entry_objclasses`
--

DROP TABLE IF EXISTS `ldap_entry_objclasses`;
CREATE TABLE `ldap_entry_objclasses` (
  `entry_id` int(11) NOT NULL,
  `oc_name` varchar(64) default NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Dumping data for table `ldap_entry_objclasses`
--

LOCK TABLES `ldap_entry_objclasses` WRITE;
/*!40000 ALTER TABLE `ldap_entry_objclasses` DISABLE KEYS */;
INSERT INTO `ldap_entry_objclasses` VALUES (4,'pkiUser'),(7,'extensibleObject');
/*!40000 ALTER TABLE `ldap_entry_objclasses` ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table `ldap_oc_mappings`
--

DROP TABLE IF EXISTS `ldap_oc_mappings`;
CREATE TABLE `ldap_oc_mappings` (
  `id` bigint(20) unsigned NOT NULL auto_increment,
  `name` varchar(64) NOT NULL,
  `keytbl` varchar(64) NOT NULL,
  `keycol` varchar(64) NOT NULL,
  `create_proc` varchar(255) default NULL,
  `delete_proc` varchar(255) default NULL,
  `expect_return` int(11) NOT NULL,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `id` (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=5 DEFAULT CHARSET=latin1;

--
-- Dumping data for table `ldap_oc_mappings`
--

LOCK TABLES `ldap_oc_mappings` WRITE;
/*!40000 ALTER TABLE `ldap_oc_mappings` DISABLE KEYS */;
INSERT INTO `ldap_oc_mappings` VALUES (1,'inetOrgPerson','persons','id','SELECT create_person()','DELETE FROM persons WHERE id=?',0),(2,'document','documents','id','SELECT create_doc()','DELETE FROM documents WHERE id=?',0),(3,'organization','institutes','id','SELECT create_o()','DELETE FROM institutes WHERE id=?',0),(4,'referral','referrals','id','SELECT create_referral()','DELETE FROM referrals WHERE id=?',0);
/*!40000 ALTER TABLE `ldap_oc_mappings` ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table `authors_docs`
--

DROP TABLE IF EXISTS `authors_docs`;
CREATE TABLE `authors_docs` (
  `pers_id` int(11) NOT NULL,
  `doc_id` int(11) NOT NULL,
  PRIMARY KEY  (`pers_id`,`doc_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Dumping data for table `authors_docs`
--

LOCK TABLES `authors_docs` WRITE;
/*!40000 ALTER TABLE `authors_docs` DISABLE KEYS */;
INSERT INTO `authors_docs` VALUES (1,1),(1,2),(2,1);
/*!40000 ALTER TABLE `authors_docs` ENABLE KEYS */;
UNLOCK TABLES;

--
-- Table structure for table `documents`
--

DROP TABLE IF EXISTS `documents`;
CREATE TABLE `documents` (
  `id` bigint(20) unsigned NOT NULL auto_increment,
  `title` varchar(255) NOT NULL,
  `abstract` varchar(255) default NULL,
  PRIMARY KEY  (`id`),
  UNIQUE KEY `id` (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;

--
-- Dumping data for table `documents`
--

LOCK TABLES `documents` WRITE;
/*!40000 ALTER TABLE `documents` DISABLE KEYS */;
INSERT INTO `documents` VALUES (1,'book1','abstract1'),(2,'book2','abstract2');
/*!40000 ALTER TABLE `documents` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;

/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

-- Dump completed on 2010-03-26  9:55:50