페도라 31의 389ds

설치




[johnny2020@localhost Documents]$ sudo dnf install 389-ds-base


389ds docs

로컬 DNS




vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.74 myhost myhost.tech.com


설정




[root@myhost Documents]# dscreate interactive
Install Directory Server (interactive mode)
===========================================

Enter system's hostname [myhost.tech.com]:

Enter the instance name [myhost]:

Enter port number [389]:

Create self-signed certificate database [yes]:

Enter secure port number [636]:

Enter Directory Manager DN [cn=Directory Manager]:

Enter the Directory Manager password:
Confirm the Directory Manager Password:

Enter the database suffix (or enter "none" to skip) [dc=myhost,dc=tech,dc=com]:

Create sample entries in the suffix [no]: yes

Do you want to start the instance after the installation? [yes]: 

Are you ready to install? [no]: yes
Starting installation...
Starting installation...
Completed installation for myhost



그룹 생성(sn)




Cant provide gidNumber

[root@papaitan Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" group create
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Enter value for cn : Family
Successfully created Family



Posix 그룹 생성




Can provide gidNumber

[root@papaitan Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" posixgroup create
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Enter value for cn : Family2
Enter value for gidNumber : 1010
Successfully created Family2



PosixGroup gidNumber 수정




[root@papaitan Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" posixgroup modify Family2 replace:gidNumber:1011
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Successfully modified cn=Family2,ou=groups,dc=myhost,dc=tech,dc=com



사용자 생성




[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" user create
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Enter value for uid : jonnny2020
Enter value for cn : jonnny2020
Enter value for displayName : Johnny
Enter value for uidNumber : 1010
Enter value for gidNumber : 1010
Enter value for homeDirectory : /home/johnny2020
Successfully created johnny2020



사용자 가져오기




[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" user get johnny2020
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
dn: uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
cn: johnny2020
displayName: Johnny
gidNumber: 1010
homeDirectory: /home/johnny2020
objectClass: top
objectClass: nsPerson
objectClass: nsAccount
objectClass: nsOrgPerson
objectClass: posixAccount
uid: johnny2020
uidNumber: 1010



사용자에 그룹 추가




[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" group add_member Family uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
added member: uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com



사용자에게 PosixGroup 추가




[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" group add_member Family2 uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
added member: uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com



사용자에 대한 그룹 제거




[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" group remove_member Family uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
removed member: uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com



암호를 재설정




[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" account reset_password uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Enter new password for uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com :
CONFIRM - Enter new password for uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com :
reset password for uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com



LDAP 검색




[root@myhost Documents]# ldapsearch -x -b "dc=myhost,dc=tech,dc=com"



플러그인 멤버 활성화



sssd 활성화에 필요




[root@myhost Documents]# dsconf ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" plugin memberof status
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Plugin 'MemberOf Plugin' is disabled
[root@myhost Documents]# dsconf ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" plugin memberof enable
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Enabled plugin 'MemberOf Plugin'

[root@myhost Documents]# dsctl myhost restart
Instance "myhost" has been restarted

[root@myhost Documents]# dsconf ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" plugin memberof set --scope "dc=myhost,dc=tech,dc=com"
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Successfully changed the cn=MemberOf Plugin,cn=plugins,cn=config

[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" user modify kirsten add:objectclass:nsmemberof
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Successfully modified uid=kirsten,ou=people,dc=myhost,dc=tech,dc=com


[root@myhost Documents]# dsconf ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" plugin memberof fixup "dc=myhost,dc=tech,dc=com"
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Attempting to add task entry...
Successfully added task entry




389-ds LDAP를 사용하여 로그인




[root@myhost Documents]# dnf install sssd
Last metadata expiration check: 1:40:56 ago on Sat 28 Mar 2020 09:31:30 PM +08.
Package sssd-2.2.3-13.fc31.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" client_config sssd.conf
389-admin-1.1.46-3.fc30.2.x86_64.rpm     -h                                       sfayn/
389-ds-console-1.2.16-8.fc30.noarch.rpm  --help                                   sfayn_gqlserver/
code/                                    ldap.ldif                                stunnel/
cookbook/                                .ldap.ldif.swp                           subscription.js
djcms_blogs/                             my-app/                                  test1/
docker-files/                            mysite/                                  test_api.py
env/                                     mysqld_kill_or_term.stp                  testdocker/
env3/                                    new_group.ldif                           test_r/
filereader/                              ng5/                                     test_sse/
flask_sse/                               ng-carpark/                              testvim
graphene-django/                         ng-reactive-forms/                       tmuxp_test.yaml
graphql/                                 out.csv


사용자에게 loginShell /bin/bash 추가




[root@myhost jay2020]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" user modify johnny2020 add:loginShell:/bin/bash
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Successfully modified uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com



집을 자동 생성하려면 Authselect




998  authselect select sssd with-mkhomedir --force
  999  systemctl enable oddjobd.service
 1000  systemctl start oddjobd.service



[root@myhost jay2020]# authselect apply-changes
Changes were successfully applied.



ssh를 할 수 없는 경우 문제



벡. TLS 인증서를 찾을 수 없습니다. 그동안 TLS 요구 인증서를 할당하지 않음으로 비활성화하십시오.




[root@myhost jay2020]# systemctl restart sssd



참조



389ds-how-to-users-and-groups

좋은 웹페이지 즐겨찾기