Eric
mercredi févr. 03, 2010
OpenDS 2.2.0 installation
### ### http://developers.sun.com/identity/reference/techart/opends-namesvcs.html ### http://developers.sun.com/identity/reference/techart/opends-namesvcs2.html ### ### préparation du répertoire de l'usager # mkdir /exprt/home1/daemons/opendsd # chown -R 905:1 /exprt/home1/daemons/opendsd ### ajout d'un role opendsd # roleadd -c "OpenDS role" -s /bin/bash -K defaultpriv=basic,net_privaddr,sys_resource opendsd ### definisstion du mot de passe # passwd opendsd ### modification de l'usager opendsd # vi /etc/passwd opendsd:x:905:1:OpenDS role:/export/home1/daemons/opendsd:/bin/bash ### ajout du role opendsd # usermod -R opendsd usager1 # vi /etc/user_attr usager1::::type=normal;roles=root,opendsd ### creation d'un cert $ su - opendsd $ mkdir certs $ cd certs $ /usr/sfw/bin/certutil -N -d ./certs -P "amalthe.cants.org" $ /usr/sfw/bin/64/certutil -S -x -n "amalthe.cants.org" -s "cn=amalthe.cants.org,ou=Directory Services,o=cants.org,c=CA" -t CTPu -v 12 -d ./certs -P "amalthe.cants.org" -5 $ /usr/sfw/bin/certutil -L -d ./certs -P "amalthe.cants.org" -n "amalthe.cants.org" -a > mycert.pem $ /usr/sfw/bin/pk12util -o mypk12 -d /opt/certs -P "amalthe.cants.org" -n "amalthe.cants.org" ### installation openDS $ unzip OpenDS-2.2.0.zip $ setup ### configuration openDS $ ~/OpenDS-2.2.0/bin/import-ldif -a -b dc=cants,dc=org -l ~/schema/install/myskel.ldif $ ~/OpenDS-2.2.0/bin/import-ldif -a -b dc=cants,dc=org -l ~/schema/install/myproxy.ldif $ ~/OpenDS-2.2.0/bin/import-ldif -a -b dc=cants,dc=org -l ~/schema/install/myprofile.ldif $ ~/OpenDS-2.2.0/bin/import-ldif -a -b dc=cants,dc=org -l ~/schema/install/myusers.ldif $ ~/OpenDS-2.2.0/bin/import-ldif -a -b dc=cants,dc=org -l ~/schema/install/mygroups.ldif ### Démarrer openDS $ b~/OpenDS-2.2.0/in/start-ds ### Config suplémentaire $ vi ~/.dmp### Grant the Proxy user permission to retrieve user account status so that pam_ldap enables users to log in with the rsh, rlogin, rcp, or ssh ~/OpenDS-2.2.0/bin/dsconfig -h amalthe -p 4444 -D "cn=directory manager" -j ~/.dmp -n \ set-access-control-handler-prop --add global-aci:'(targetcontrol="1.3.6.1.4.1.42.2.27.9.5.8" ) \ (version 3.0; acl "Allow Account Status control for Proxy"; allow(read,proxy) \ userdn="ldap:///cn=solaris,ou=LDAPauth,dc=cants,dc=org";)' ### Store the user's password in clear text in OpenDS. ~/OpenDS-2.2.0/bin/dsconfig -h amalthe -p 4444 -D "cn=directory manager" -j ~/.dmp -n \ set-password-policy-prop --policy-name "Default Password Policy" \ --set default-password-storage-scheme:CLEAR ### Configure the Identity mappers. ~/OpenDS-2.2.0/bin/dsconfig -h amalthe -p 4444 -D "cn=directory manager" -j ~/.dmp -n \ set-identity-mapper-prop \ --mapper-name 'Regular Expression' \ --add match-attribute:cn \ --set match-pattern:'cn=(.*),ou=LDAPauth.*|uid=(.*),ou=People.*' \ --set replace-pattern:'$1$2' ### Configure Simple Authentication and Security Layer (SASL) ~/OpenDS-2.2.0/bin/dsconfig -h amalthe -p 4444 -D "cn=directory manager" -j ~/.dmp -n \ set-sasl-mechanism-handler-prop \ --handler-name CRAM-MD5 \ --set identity-mapper:Regular Expression
Posted at 10:54PM févr. 03, 2010 by Éric in Java |
Comments:
