Difference between revisions of "ApacheDS"

From Radio Amteur Station OH5BZR - WIKI
Jump to: navigation, search
(Kerberos)
(nfs4 & Kerberos)
Line 93: Line 93:
 
https://help.ubuntu.com/community/Kerberos<br>
 
https://help.ubuntu.com/community/Kerberos<br>
 
https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html<br>
 
https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html<br>
 +
https://wiki.debian.org/nfs4-kerberos-ldap<br>
 
===nfs server===
 
===nfs server===
  

Revision as of 20:04, 23 September 2014

ApacheDS - LDAP - Kerberos - NFS4 here

STATUS: UNDER WORK

DATE: 2014-09-16 source,[[1]]

There are many alternatives for LDAP. Most of them are hard to manage, configure and erroneus. apacheDS project is not 100% ready yet but offers solution at least get NFS4, Kerberos and LDAP deployed timely manner for small network. More at [pages] and [[2]] packages. Soem help can be found IRC support .

Kindly use user'manuals at project site. These instruction's are Ubuntu Spesific and give's some contextual knowledge how apacheDS differs from other LDAP solutions.

reference Materials's to read:
[for Rocket Siectist]


Installation 64bit system - current version

prerequisite

To confirm the version of java installed run

java -version

You'll get an output that looks like:

java version "1.7.0_15"

OpenJDK Runtime Environment (IcedTea7 2.3.7) (7u15-2.3.7-0ubuntu1~12.04.1)

OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)

This one runs JRE version 7update15


If Java environment is not installed, install it: sudo apt-get install openjdk-7-jdk


apacheDS - LDAP - Kerberos server code

mkdir /mpi3/S4/apacheds
wget http://www.trieuvan.com/apache//directory/apacheds/dist/2.0.0-M17/apacheds-2.0.0-M17-amd64.deb
dbkg -i apacheds-2.0.0-M17-amd64.deb

After that Server can be found: /opt/apacheds-2.0.0-M17

LDAP database located:/var/lib/apacheds-2.0.0-M17/ <instance name>

Server's can be started via apache Directory Studio, by init script or commandline: 

/opt/apacheds-2.0.0-M17/bin/apacheds <command> <instance name>

apache Directory studio - The tool to configure and manage servers

cd /mpi3/S4/apacheds
wget http://apache.spinellicreations.com//directory/studio/dist/2.0.0.v20130628/ApacheDirectoryStudio-linux-x86_64-2.0.0.v20130628.tar.gz
extract tar

Get started

apacheDS Directory Studio start's cd /mpi3/S4/apacheds/ApacheDirectoryStudio-linux-x86_64-2.0.0.v20130628 .ApacheDirectoryStudio

apacheDS is structured such way you can manage several servers. Directory studio gives easy way to add, modify, duplicate LDAP directoryes and Kerberos. There is build in mechanisms for replication setup. Whit studio you can import/export *.ldif and *.schema to and from your installations. Look User's Manuals. At future there could be NTP, DHCP and DNS. Those are allready build as experimental servers. This project needs more people to grow.


Created server's configuration, database ( <inctance name> ) is located and can be deployed it just copying created database at directory /var/lib/apacheds-2.0.0-M17/<instance name>


Ldap for kerberos

https://help.ubuntu.com/community/Kerberos

Kerberos clients

sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config


Kerberos

nfs4 & Kerberos

https://we.riseup.net/stefani/kerberos-and-nfs4
https://help.ubuntu.com/community/NFSv4Howto
https://help.ubuntu.com/community/Kerberos
https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html
https://wiki.debian.org/nfs4-kerberos-ldap

nfs server

sudo apt-get install nfs-kernel-server

sudo nano /etc/exports : 

/export 192.168.0.0/255.255.255.0(rw,no_subtree_check,fsid=0,sync)
#/export/jaettava   192.168.0.40/255.255.255.0(rw,async,insecure,no_subtree_check,fsid=0)
/export/jaettava    gss/krb5(rw,async,insecure,no_subtree_check,fsid=0)


sudo nano /etc/krb.conf 

....
default_tgs_enctypes = des3-hmac-sha1
default_tkt_enctypes = des3-hmac-sha1
permitted_enctypes = des3-hmac-sha1
.....
[realms]
KURROLA.FI = {
kdc = mpi1.kurrola.dy.fi:60088
kdc = mpi2.kurrola.dy.fi:60088
kdc = 192.168.0.41:60088
kdc = 192.168.0.40:60088
admin_server = mpi1.kurrola.dy.fi:60088
}
[domain_realm]
.kurrola.dy.fi = KURROLA.FI
kurrola.dy.fi  = KURROLA.FI
[login]

krb4_convert = true krb4_get_tickets = false

server: 

ktutil
ktutil:  addent -password -p nfs/KURROLA.FI@KURROLA.FI -k 1 -e des3-hmac-sha1
<password>
ktutil: wkt /etc/krb5.keytab
ktutil: q

nfs client

sudo apt-get install nfs-common krb5-user krb5-config

client: 

ktutil
ktutil:  addent -password -p nfs/kaak.kurrola.dy.fi@KURROLA.FI -k 1 -e des3-hmac-sha1
<password>
ktutil: wkt /etc/krb5.keytab
ktutil: q

CategoryNetworking

Retrieved from "http://oh5bzr.hamshack.info/wiki/index.php?title=ApacheDS&oldid=438"