- Newbie’s OpenLDAP tips
- Following https://help.ubuntu.com/12.10/serverguide/openldap-server.html to get OpenLDAP server and tools installed and configured on your server.
- The binary is called slapd. The configuration file is not a file anymore, but a directory structure in LDAP file format. The files used in LDAP is using the LDIF format, which is plaintext. The configuration is stored at /etc/ldap/sldap.d/, in file “cn=config.ldif” and inside directory “cn=config”.
- The ldap server access credential is stored in file “cn=config/olcDatabase={1}hdb.ldif”
- olcRootDN:
- olcRootPW:
- User LDAP data is stored in /var/lib/ldap using a binary DB format (Berkely DB or some other DB format). User LDAP data can only be viewed by using LDAP tools such as ldapsearch, and can be edited by ldapadd, ldapdelete, ldapmodify,etc
- Command to list all entries
- ldapsearch -x -LLL -b dc=advistatech,dc=com
- To authenticate to ldapserver when running command like ldapsearch, you can use “-x”, which is amount to local authentication. Or you can “bind” to the server using the credential listed above in “olcRootDN” and “olcRootPW” as follows. Only binding will print out user password information stored in LDAP DB. See more at http://blogs.splunk.com/2009/07/30/ldapsearch-is-your-friend/
-D "cn=admin,dc=advistatech,dc=com"
-W will prompt you for your password
- PHP can act as a LDAP client. It has dedicated function to connect, bind, and query LDAP Servers.
- In PosixAccount object (like Unix user account), the password field name is “userPassword”. It is usually hashed with LDAP special seeded SHA1 hash function. If you query it when bound to the server, you will see something like {SSHA}….
- ldapcompare does not automatically hash clear password when comparing. So you would need to hash the password first (probably using ldappasswd) and then do the compare (to be validated)
- The usually way to testing an user’s account credential is actually try to bind (login) to the ldap server using that credential.
- A simple PHP script to test a user credential:
<?php$ds=ldap_connect("localhost");if (!$ds) {die ("Unable to connect to LDAP server.");}ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);$dn = "uid=tony,ou=Users,dc=advistatech,dc=com";$pass= "mypass";// bindif (ldap_bind($ds,$dn,$pass)){echo ("bound successfully");} else {echo "Unable to bind to LDAP server.";}ldap_close($ds);
May 31, 2014
Newbie’s OpenLDAP tips
May 30, 2014
ldapscript not working fixed
Make sure your /etc/ldapscripts/ldapscripts.passwd does not
contain a trailing newline. (This is the default behaviour of many
editors, including vim)
samba server symbolic links
To enable symbolic links, edit smb.conf with the following changes:
1. Add the following lines in the [global] section
[global]
follow symlinks = yes
wide links = yes
unix extensions = no
1. Add the following lines in the [global] section
[global]
follow symlinks = yes
wide links = yes
unix extensions = no
2. Add the following lines to your shared directory section
[home]
follow symlinks = yes
wide links = yes
3. Restart smbd. On Fedora/Redhat, use
sudo systemctl restart smb.service
on Debian/Ubuntu, use
sudo /etc/init.d/smbd restart
May 2, 2014
The Secret to 10 Million Concurrent Connections -The Kernel is the Problem, Not the Solution
http://highscalability.com/blog/2013/5/13/the-secret-to-10-million-concurrent-connections-the-kernel-i.html
Netmap
Intel DPDK
PF_RING
Netmap
Intel DPDK
PF_RING
Subscribe to:
Posts (Atom)