Ebasso at 22:43, 5 February 2013

2013-02-05T22:43:40Z

← Older revision		Revision as of 22:43, 5 February 2013
Line 80:		Line 80:
	idle-timeout 600s		idle-timeout 600s
	map attribute memberOf ibm-allGroups		map attribute memberOf ibm-allGroups


			== Ver também ==

			*[[OpenLDAP:Configurando um LDAP Proxy]]
			*[[AWSTATS: Configurando o AWSTATS]]
			*[[MySQL:Configurando o MySQL]]
			*[[BIND: Configurando o suporte ao Active Directory]]


			*[[Tecnologias\| Mais Artigos sobre outras Tecnologias]]
			*[[Apache HTTP Server\| Mais Artigos sobre Apache HTTP Server]]
			*[[Linux\| Mais Artigos sobre Linux / UNIX / AIX]]

			[[Category:Linux]]
			[[Category:LDAP]]
			[[Category:Tecnologias]]

Ebasso: New page: Neste artigo vamos configurar o servidor OpenLDAP de maneira que ele seja um '''proxy''' para outros servidores LDAP. As vantagens desta abordagem são: # '''Segurança''' - Ao colocar u...

2010-04-21T15:06:32Z

New page: Neste artigo vamos configurar o servidor OpenLDAP de maneira que ele seja um '''proxy''' para outros servidores LDAP. As vantagens desta abordagem são: # '''Segurança''' - Ao colocar u...

New page

Neste artigo vamos configurar o servidor OpenLDAP de maneira que ele seja um '''proxy''' para outros servidores LDAP.

As vantagens desta abordagem são:

# '''Segurança''' - Ao colocar um servidor LPAP Proxy na DMZ, acessando o LDAP Corporativo, este servidor só possui metadados evitando crashs, além de facilitar a rastreabilidade (análise de logs).

# '''Reescrita de Queries LDAP''' - Muitos administradores temem expandir o schema dos seus servidores LDAP por medo de corromper o mesmo. Criando regras de reescrita podemos criar os campos necessários.

== Exemplo ==

Neste exemplo o OpenLDAP está simulando o MS Active Directory, e apontando para o IBM Tivoli Directory Server (TDS)

Alterando o atributo de pesquisa memberOf por ibm-allGroups

Edite o arquivo '''slapd.conf''',

## LDAP PROXY SERVER

database meta
suffix o=empresa,c=br
lastmod off

uri "ldap://192.168.1.10/o=empresa,c=br"
acl-authcDN "uid=AdminLDAP,ou=usuarios,o=empresa,c=br"
acl-passwd "adminPASSWORD"
idle-timeout 600s
map attribute memberOf ibm-allGroups

== Arquivo slapd.conf completo ==

######################################################################
# Schemas que devem ser carregados
#######################################################################

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema

#######################################################################
# Arquivos de controle do OpenLDAP
#######################################################################

pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

#######################################################################
# Nivel do log gerado pelo OpenLDAP
#######################################################################
logfile /var/log/slapd.log
loglevel 5

#######################################################################
# Modulos que devem ser carregados pelo servidor OpenLDAP
#######################################################################

# Load dynamic backend modules:
modulepath /usr/lib/ldap
moduleload back_ldap.la
moduleload back_meta.la
#moduleload back_monitor.la

#######################################################################
# Tempo de permanencia de uma conexao idle (sem trafego)
#######################################################################

idletimeout 600

## LDAP PROXY SERVER

database meta
suffix o=empresa,c=br
lastmod off

uri "ldap://192.168.1.10/o=empresa,c=br"
acl-authcDN "uid=AdminLDAP,ou=usuarios,o=empresa,c=br"
acl-passwd "adminPASSWORD"
idle-timeout 600s
map attribute memberOf ibm-allGroups

OpenLDAP:Configurando um LDAP Proxy - Revision history

Ebasso at 22:43, 5 February 2013

Ebasso: New page: Neste artigo vamos configurar o servidor OpenLDAP de maneira que ele seja um '''proxy''' para outros servidores LDAP. As vantagens desta abordagem são: # '''Segurança''' - Ao colocar u...