572
edits
Changes
→INVESTIGATION 2: Authenticating against LDAP
* Practice creating users in OpenLDAP.
* Set up linux machines to authenticate against an OpenLDAP server.
* Learn to update lDAP LDAP information with ldif files.
=== Online Resources===
You won't be asked to set up an OpenLDAP server from scratch, we don't have time for that. So you can start with a VM I made for you.
Download [https://scs.senecacollege.ca/~andrew.smith/srt210ops335/lin3vm4.qcow2 .gz the disk image here] and set it up the same way you've set up the midterm test review. * You only need 512MB of RAM. * Connect it to your lab ops335 network.* Change the IP address, gateway, and DNS server address to match your networkconfiguration.* You may find it helpful to add a record for vm4 in your DNS, and set up ssh-keys login to vm4.
The machine doesn't have any regular users, only root. Use whatever technique works for you to reset the The root password so that you can log inis seneca99.
OpenLDAP has been set up on it using [https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html this itzgeek guide]. You should read that guide even though you don't need to perform all those steps yourself.
My OpenLDAP server (lin3vm4) has been set up with:
* The Domain Components dc=andrew.dc=ops.
* The admin username <code>ldaproot</code> and the password <code>seneca99ldap</code>
* With one regular user <code>john</code>, whose password you should change using the ldappasswd command.
The rest of your tasks for this section of the lab are:* Set to set up all your VMs vm1/vm2/vm3 to authenticate using the LDAP service hosted on lin3vm4.
== INVESTIGATION 2: Adding Users to LDAP ==
Perform the Following steps on your LDAP server VM:
*Before we start adding users, we need to tell the tool that is going to translate between normal user accounts and LDAP structure a little about our domain.
*Mmake Make a backup of the /usr/share/migrationstoolsmigrationtools/migrate_common.ph to the /root directory.
Modify the following parameters in the original file to the values shown below:
<source>$DEFAULT_MAIL_DOMAIN = "andrew.ops";
$DEFAULT_BASE = "dc=andrew,dc=ops";
$EXTENDED_SCHEMA = 1;</source>
<source>
grep -w <your username> /etc/passwd > /root/ldapusers.entry
</source>
*Use the migrate_passwd.pl file to convert the user information you extracted earlier into an ldif file:
<source>/usr/share/migrationtools/migrate_passwd.pl /root/ldapusers.entry /root/ldapusers.ldif</source>
This should generate an ldif file similar to the following:
<source>
</source>
*Use the ldapadd command to enter this new information into the database(see the Itzgeek tutorial for an example). As before use simple authentication, the distinguished name of the ldap administrator, and get prompted for a password.</li>* Use ldapsearch to confirm that the new users have been added to the database.<br />You should get output similar to the following:
<source>
# extended LDIF
** jane with the UID 10001 and full name Jane Greystoke
** guest with the uid 10002 and full name Andrew's Guests
== INVESTIGATION 3: Authenticating against LDAP ==* Read the second page of the Itzgeek guide for instructions on how to configure a CentOS machine to authenticate against an LDAP server.* Follow those instructions for vm1, vm2, and vm3. Make sure that you update the IP address of your server in the arguments to the authconfig command.* Confirm that you can log in using all three usernames on all your nested VMs (except vm4). == INVESTIGATION 4: Using Ldif Files ==
An important capability of ldap is the ability to update the information in the database.
*Most updates will be run with specially formatted ldif files. These use the same structure as the files you created to add users, but will be shorter as they will only be changing one attribute.
'''Depending on your professor you will either be asked to submit the lab in class, or online. Follow the appropriate set of instructions below'''
===Online Submission (Peter CallaghanAhad Mammadov's sections only)===
Follow the instructions for lab X on blackboard.
===In-Class submissionAndrew's sections===To be completed by faculty who use You may choose to:* Submit screenshots of your work on Blackboard, inwhich case you don't need to come to the lab.* Or come to the lab, show me your work, and talk to me about it. I want to hear what you've learned and answer any questions you have. You'll get the same grade regardless of how you choose to submit your work. ::<span style="color:green;font-class submissionsize:1.5em;">✓</span>vm4 set up.::<span style="color:green;font-size:1.5em;">✓</span>vm1/2/3 can authenticate against the LDAP database in vm4.::<span style="color:green;font-size:1.5em;">✓</span>Three users created in LDAP.
== EXPLORATION QUESTIONS ==
