Yadda ake Sanya Abokin Ciniki na LDAP don Haɗa Tabbacin Waje

LDAP (gajeren Yarjejeniya Takardun Hannun Jagora Mai Sauƙi) ƙayyadaddun masana'antu ne, saitin ka'idojin da aka yi amfani da su sosai don samun damar sabis na directory.

Sabis na kundin adireshi a cikin sassauƙan kalmomi shi ne karkatacce, tushen bayanai na cibiyar sadarwa an inganta shi don samun damar karantawa. Yana adanawa kuma yana ba da damar samun bayanai waɗanda dole ne a raba su tsakanin aikace-aikace ko kuma ana rarraba su sosai.

Ayyukan jagora suna taka muhimmiyar rawa wajen haɓaka intranet da aikace-aikacen Intanet ta hanyar taimaka muku raba bayanai game da masu amfani, tsarin, cibiyoyin sadarwa, aikace-aikace, da ayyuka a cikin hanyar sadarwa.

Halin amfani na yau da kullun don LDAP shine bayar da ma'auni na tsakiya na sunayen mai amfani da kalmomin shiga. Wannan yana ba da damar aikace-aikace daban-daban (ko ayyuka) don haɗawa zuwa uwar garken LDAP don inganta masu amfani.

Bayan kafa uwar garken LDAP mai aiki, kuna buƙatar shigar da ɗakunan karatu akan abokin ciniki don haɗawa da shi. A cikin wannan labarin, za mu nuna yadda ake saita abokin ciniki LDAP don haɗawa zuwa tushen tabbatarwa na waje.

Ina fatan kun riga kun sami mahallin uwar garken LDAP mai aiki, idan ba saitin Sabar LDAP don Tabbacin tushen LDAP ba.

Yadda ake Shigar da Sanya Abokin Ciniki na LDAP a cikin Ubuntu da CentOS

A kan tsarin abokin ciniki, kuna buƙatar shigar da ƴan fakiti masu mahimmanci don yin aikin tantancewa daidai tare da sabar LDAP.

Da farko fara da shigar da buƙatun da suka dace ta hanyar gudanar da umarni mai zuwa.

$ sudo apt update && sudo apt install libnss-ldap libpam-ldap ldap-utils nscd

Yayin shigarwa, za a sa ku don cikakkun bayanai na uwar garken LDAP ɗinku (samar da ƙimar gwargwadon yanayin ku). Lura cewa fakitin ldap-auth-config wanda aka shigar da shi ta atomatik yana yin mafi yawan abubuwan daidaitawa dangane da abubuwan da kuka shigar.

Na gaba, shigar da sunan tushen bincike na LDAP, zaku iya amfani da sassan sunayen yankin su don wannan dalili kamar yadda aka nuna a hoton.

Hakanan zaɓi sigar LDAP don amfani kuma danna Ok.

Yanzu saita zaɓi don ba ku damar yin abubuwan amfani da kalmar wucewa waɗanda ke amfani da pam don nuna hali kamar kuna canza kalmomin shiga cikin gida kuma danna Ee don ci gaba.

Na gaba, musaki buƙatun shiga zuwa bayanan LDAP ta amfani da zaɓi na gaba.

Hakanan ayyana asusun LDAP don tushen kuma danna Ok.

Na gaba, shigar da kalmar wucewa don amfani lokacin da ldap-auth-config yayi ƙoƙarin shiga cikin kundin adireshin LDAP ta amfani da asusun LDAP don tushen.

Za a adana sakamakon maganganun a cikin fayil /etc/ldap.conf. Idan kuna son yin gyare-gyare, buɗe kuma shirya wannan fayil ta amfani da editan layin umarni da kuka fi so.

Na gaba, saita bayanan martaba na LDAP don NSS ta hanyar gudu.

$ sudo auth-client-config -t nss -p lac_ldap

Sannan saita tsarin don amfani da LDAP don tantancewa ta sabunta saitunan PAM. Daga menu, zaɓi LDAP da duk wasu hanyoyin tantancewa da kuke buƙata. Ya kamata yanzu ku sami damar shiga ta amfani da takaddun shaida na tushen LDAP.

$ sudo pam-auth-update

Idan kuna son a ƙirƙiri littafin adireshin gida na mai amfani ta atomatik, to kuna buƙatar yin ƙarin saiti ɗaya a cikin fayil ɗin PAM na gama-gari.

$ sudo vim /etc/pam.d/common-session

Ƙara wannan layi a ciki.

session required pam_mkhomedir.so skel=/etc/skel umask=077

Ajiye canje-canje kuma rufe fayil ɗin. Sannan sake kunna sabis ɗin NCSD (Sunan Cache Daemon) tare da umarni mai zuwa.

$ sudo systemctl restart nscd
$ sudo systemctl enable nscd

Lura: Idan kuna amfani da kwafi, abokan ciniki na LDAP zasu buƙaci komawa zuwa sabobin sabobin da aka ƙayyade a /etc/ldap.conf. Kuna iya ƙayyade duk sabar ta wannan fom:

uri ldap://ldap1.example.com  ldap://ldap2.example.com

Wannan yana nuna cewa buƙatar za ta ƙare kuma idan Mai bayarwa (ldap1.example.com) ya kasa amsawa, Mai amfani (ldap2.example.com) zai yi ƙoƙarin isa don aiwatar da shi.

Don bincika shigarwar LDAP don wani mai amfani na musamman daga uwar garken, gudanar da umarnin getent, misali.

$ getent passwd tecmint

Idan umarnin da ke sama ya nuna cikakkun bayanai na ƙayyadadden mai amfani daga fayil ɗin /etc/passwd, yanzu an saita injin abokin cinikin ku don ingantawa tare da uwar garken LDAP, ya kamata ku sami damar shiga ta amfani da takaddun tushen LDAP.

Sanya Abokin ciniki na LDAP a cikin CentOS 7

Don shigar da fakitin da suka dace, gudanar da umarni mai zuwa. Lura cewa a cikin wannan sashin, idan kuna aiki da tsarin azaman mai amfani mara tushe, yi amfani da umarnin sudo don gudanar da duk umarni.

# yum update && yum install openldap openldap-clients nss-pam-ldapd

Bayan haka, kunna tsarin abokin ciniki don tantancewa ta amfani da LDAP. Kuna iya amfani da uthconfig utility, wanda shine keɓancewa don daidaita albarkatun tabbatar da tsarin.

Gudun umarni mai zuwa kuma maye gurbin misali.com tare da yankinku da dc=emple,dc=com tare da mai sarrafa yankinku na LDAP.

# authconfig --enableldap --enableldapauth --ldapserver=ldap.example.com --ldapbasedn="dc=example,dc=com" --enablemkhomedir --update

A cikin umarnin da ke sama, zaɓin --enablemkhomedir yana ƙirƙirar kundin adireshin gida na mai amfani na gida a haɗin farko idan babu.

Na gaba, gwada idan shigarwar LDAP na wani mai amfani daga uwar garken, misali tecment mai amfani.

$ getent passwd tecmint

Umurnin da ke sama ya kamata ya nuna cikakkun bayanai na ƙayyadadden mai amfani daga fayil ɗin /etc/passwd, wanda ke nuna cewa yanzu an saita injin abokin ciniki don ingantawa tare da uwar garken LDAP.

Muhimmi: Idan an kunna SELinux akan tsarin ku, kuna buƙatar ƙara doka don ba da damar ƙirƙirar kundayen adireshi na gida ta atomatik ta mkhomedir.

Don ƙarin bayani, tuntuɓi takaddun da suka dace daga kundin kundin software na OpenLDAP.

LDAP, ƙa'idar da ake amfani da ita sosai don yin tambaya da gyara sabis ɗin directory. A cikin wannan jagorar, mun nuna yadda ake saita abokin ciniki na LDAP don haɗawa zuwa tushen tabbatarwa na waje, a cikin na'urorin abokin ciniki na Ubuntu da CentOS. Kuna iya barin kowace tambaya ko tsokaci da kuke iya samu ta amfani da fom ɗin amsa da ke ƙasa.