integraÇÃo de serviÇos com openldap - gabriel stein

INTEGRAO DE SERVIOS COM OPENLDAP

Gabriel Stein
[email protected]

TPICOS

Conceito de Integrao;

Funcionamento de uma integrao;

Samba;

Postfix;

CONCEITO

Permite a autenticao de servios;

Permite a busca de informaes na base;

Possibilita dinamismo;

Mais segurana;

FUNCIONAMENTO

SERVIO(postfix,samba)

Busca Autenticao

OPENLDAP

uid = XXX

userPassword = abc

cn = Gabriel Stein

SAMBA

SAMBA

Necessita da utilizao do schema samba.schema;

Necessita de parmetros para informar a localizao do OpenLDAP;

SMBLDAP-TOOLS;

Devemos criar uma estrutura na base;

SAMBA - Configuraes

smb.conf

security = user

domain logons = yes

preferred master = yes

domain master = yes

os level = 65

SAMBA - Configuraes

smb.conf

passdb backend = ldapsam:ldaps://127.0.0.1

ldap passwd sync = yes

ldap delete dn = Yes

ldap admin dn = cn=manager,dc=tchelinux,dc=org

ldap suffix = dc=tchelinux,dc=org
ldap machine suffix = ou=Computadores

ldap user suffix = ou=Usuarios

SAMBA - Configuraes

smb.conf

ldap machine suffix = ou=Computadores

ldap user suffix = ou=Usuarios

ldap group suffix = ou=Grupos

ldap idmap suffix = sambaDomainName=SAMBALDAP

idmap backend = ldap:ldaps://127.0.0.1

SAMBA - Configuraes

smb.conf

idmap uid = 10000-20000

idmap gid = 10000-20000

# adiconar/remover Usuarios

add user script = /usr/sbin/smbldap-useradd -m "%u"

delete user script = /usr/sbin/smbldap-userdel "%u"

SAMBA - Configuraes

smb.conf

# adicionar/remover Grupos

add group script = /usr/sbin/smbldap-groupadd -p "%g"

delete group script = /usr/sbin/smbldap-groupdel "%g"

SAMBA - Configuraes

smb.conf

# Scripts para adicionar/remover Usuarios nos Grupos

add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"

delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"

# Script para definir o grupo primario do usuario

set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

# Script par adicionar maquina Win NT/XP ingressar no Dominio

add machine script = /usr/sbin/smbldap-useradd -w "%u"

SAMBA - Configuraes

smb.conf





SAMBA - Configuraes

smb.conf





# Admins do dominio ingressam mquinas

enable privileges = yes

SAMBA - Configuraes

No shell

rm -rf /etc/samba/secrets.tdb /var/log/samba/*

smbpasswd -w password

=> Instalar o SMBLDAP-TOOLS

=> Conseguir o SID atravs do net getlocalsid

=> Editar o smbldap.conf e colocar o SID

=> Editar o smbldap_bind.conf com as confs de localizao do LDAP;

POSTFIX

POSTFIX - Configuraes

Na base:

=> Adicionar o atributo mail nas entradas;

No postfix:

=> Adicionar configuraes para o mapeamento;


No Postfix:

transport_maps = ldap:transport

transport_server_host = tchelinux.org

transport_search_base = ou=mailaddresses, dc=tchelinux dc=org

transport_query_filter = uid=%s

transport_result_attribute = postfixTransport

transport_bind = no

transport_scope = one


No Postfix:

mydestionation = ......... $transport_maps

accounts_server_host = tchelinux.org

accounts_search_base = ou=mailaddresses dc=tchelinux, dc=org

accounts_query_filter = (&(mail=%s)(accountActive=TRUE)(delete=FALSE))

accounts_result_attribute = mailbox


No Postfix:

accounts_bind = no

alias_server_host = tchelinux.org

alias_search_base = ou=mailaddresses, dc=tchelinux, dc=org

alias_query_filter = (&(mail=%s)(accountActive=TRUE))

alias_result_attribute = maildrop

alias_bind = no

GRACIAS!

[email protected]

Muokkaa otsikon tekstimuotoa napsauttamalla

Muokkaa jsennyksen tekstimuotoa napsauttamalla

Toinen jsennystaso

Kolmas jsennystaso

Neljs jsennystaso

Viides jsennystaso

Kuudes jsennystaso

Seitsems jsennystaso

Kahdeksas jsennystaso

Yhdekss jsennystaso

integraÇÃo de serviÇos com openldap - gabriel stein

Technology