[ LDAP 서버 ]
yum -y remove bind
rm -f /etc/named.conf*
rm -f /var/named/keys/*
# 나의 아이피 확인
DNS_SERVER_IP=$(ifconfig | grep -A 2 ens | grep "inet " | awk '{ print $2 }')
# 도메인 이름 설정
echo Input Your Domain NAME :
DOMAIN_NAME=hmwoo.com # read DOMAIN_NAME
# DNS 서버 설치
yum -y install bind bind-chroot
# DNS 서버 설정
sed -i "s/^\s*listen-on port 53.*/\tlisten-on port 53 { any; };/g" /etc/named.conf
sed -i "s/^\s*listen-on-v6 port 53.*/\tlisten-on-v6 port 53 { none; };/g" /etc/named.conf
sed -i "s/^\s*allow-query.*/\tallow-query\t{ any; };/g" /etc/named.conf
# zone 추가
cat <<ZONE_ADD >> /etc/named.conf
zone "${DOMAIN_NAME}" IN {
$(printf '\t')type master;
$(printf '\t')file "${DOMAIN_NAME%%.*}.zone";
$(printf '\t')allow-update {none;};
};
ZONE_ADD
# zone 파일 추가
cat <<ZONE_FILE_ADD > /var/named/${DOMAIN_NAME%%.*}.zone
\$TTL$(printf '\t')3H
@$(printf '\t')SOA$(printf '\t')@$(printf '\t')root.$(printf '\t')(20201111 1D 1H 1W 1H)
$(printf '\t')IN$(printf '\t')NS$(printf '\t')@
$(printf '\t')IN$(printf '\t')A$(printf '\t')$DNS_SERVER_IP
www$(printf '\t')IN$(printf '\t')A$(printf '\t')$DNS_SERVER_IP
ldap$(printf '\t')IN$(printf '\t')A$(printf '\t')$DNS_SERVER_IP
ZONE_FILE_ADD
yum install -y *openldap*
systemctl restart network
systemctl restart named
systemctl restart slapd
systemctl enable named
systemctl enable slapd
mkdir -p /tmp/ldap/
LDAP_PW_HASH=`slappasswd -s P@ssw0rd\!`
cat <<LDAP_SETTING > /tmp/ldap/Database.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: ${LDAP_PW_HASH}
LDAP_SETTING
ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/ldap/Database.ldif
slaptest -u
cat <<LDAP_SETTING > /tmp/ldap/monitor.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0,uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}" read by * none
LDAP_SETTING
ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/ldap/monitor.ldif
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
cat <<LDAP_SETTING > /tmp/ldap/base.ldif
dn: dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}
dc: ${DOMAIN_NAME%.*}
objectClass: top
objectClass: domain
dn: cn=ldapadm,dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}
objectClass: organizationalRole
cn: ldapadm
description: LDAP Administrator
dn: ou=People,dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}
objectClass: organizationalUnit
ou: Group
LDAP_SETTING
ldapadd -x -w P@ssw0rd! -D "cn=ldapadm,dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}" -f /tmp/ldap/base.ldif
cat <<LDAP_SETTING > /tmp/ldap/lduser.ldif
dn: uid=lduser,ou=People,dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: lduser
uid: lduser
uidNumber: 9999
gidNumber: 100
homeDirectory: /home/lduser
loginShell: /bin/bash
gecos: lduser [Admin (at) lduser]
userPassword: {crypt}x
shadowLastChange: 17058
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
LDAP_SETTING
ldapadd -x -w P@ssw0rd! -D "cn=ldapadm,dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}" -f /tmp/ldap/lduser.ldif
ldappasswd -s P@ssw0rd! -w P@ssw0rd! -D "cn=ldapadm,dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}" -x "uid=lduser,ou=People,dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}"
ldapsearch -x cn=lduser -b dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}
echo local4.* /var/log/ldap.log >> /etc/rsyslog.conf
systemctl restart rsyslog
systemctl restart slapd
systemctl stop firewalld
setenforce 0
[ 클라이언트 ]
echo Input Your DNS IP :
DNS_SERVER_IP=192.168.108.80 # read DNS_SERVER_IP
# 도메인 이름 설정
echo Input Your Domain NAME :
DOMAIN_NAME=hmwoo.com # read DOMAIN_NAME
NET_SET_FILE=`ls /etc/sysconfig/network-scripts | grep ifcfg | grep -v lo`
yum install -y openldap-clients nss-pam-ldapd
grep -v -e "^$" -e "^DNS1=" /etc/sysconfig/network-scripts/${NET_SET_FILE} | awk '{print} END {print "DNS1='"${DNS_SERVER_IP}"'"}' > /tmp/${NET_SET_FILE}
cat /tmp/${NET_SET_FILE} > /etc/sysconfig/network-scripts/${NET_SET_FILE} && rm -f /tmp/${NET_SET_FILE}
systemctl restart network
echo nameserver ${DNS_SERVER_IP} > /etc/resolv.conf
authconfig --enableforcelegacy --update
authconfig --disableldaptls --update
authconfig --disableldapstarttls --update
authconfig --disablesssd --disablesssdauth --update
authconfig --enableldap --enableldapauth --ldapserver="ldap.${DOMAIN_NAME}" --ldapbasedn="dc=${DOMAIN_NAME%.*},dc=${DOMAIN_NAME#*.}" --enablemkhomedir --update
systemctl restart nslcd
systemctl stop firewalld
setenforce 0
getent passwd lduser
reboot
'Operating Systems > Linux' 카테고리의 다른 글
| [ Linux ] RPM 패키지 생성 (0) | 2021.07.26 |
|---|---|
| [ Linux ] MAIL 서버 설치 (0) | 2021.07.24 |
| [ Linux ] 고정 아이피 설정 (0) | 2021.07.11 |
| [ Linux ] APT 패키지 관리자 서버 설치 (0) | 2021.07.11 |
| [ Linux ] DNS 서버 설치 (0) | 2021.07.11 |
