{"id":285,"date":"2011-07-11T14:40:50","date_gmt":"2011-07-11T12:40:50","guid":{"rendered":""},"modified":"2015-08-17T18:15:20","modified_gmt":"2015-08-17T16:15:20","slug":"konfiguracja","status":"publish","type":"post","link":"https:\/\/drfugazi.eu.org\/en\/konfiguracja\/","title":{"rendered":"Konfiguracja OpenDJ"},"content":{"rendered":"<p class=\"qtranxs-available-languages-message qtranxs-available-languages-message-en\">Sorry, this entry is only available in <a href=\"https:\/\/drfugazi.eu.org\/pl\/wp-json\/wp\/v2\/posts\/285\" class=\"qtranxs-available-language-link qtranxs-available-language-link-pl\" title=\"Polski\">Polish<\/a>. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.<\/p><p>Po rozpakowaniu i instalacji OpenDJ jest wst\u0119pnie skonfigurowany. W moim przypadku posiada te\u017c wpis bazowy (base entry), tutaj niech to b\u0119dzie <code>dc=domain,dc=tld<\/code>. Je\u015bli kto\u015b dopiero buduje drzewo LDAP, to pewnie teraz doda sobie standardowe <code>ou=People<\/code> i tam b\u0119dzie umieszcza\u0142 u\u017cytkownik\u00f3w za pomoc\u0105 narz\u0119dzi do zarz\u0105dzania katalogiem LDAP. Zwykle jednak jest tak, \u017ce skoro decydujemy si\u0119 na LDAPa, to u\u017cytkownik\u00f3w nie jest kilkoro, a kilkaset lub kilka(na\u015bcie) tysi\u0119cy i trzeba ich zaimportowa\u0107 do katalogu.<\/p>\n<p>Na pocz\u0105tek spr\u00f3bujmy doda\u0107 jeden wpis, nie wa\u017cne czy potrzebny, chc\u0119 pokaza\u0107 komunikat b\u0142\u0119du i spos\u00f3b rozwi\u0105zania problemu. Wpis w formacie LDIF:<\/p>\n<pre><code>\r\ndn: uid=Replicator,dc=domain,dc=tld\r\nobjectclass: account\r\nobjectclass: top\r\nobjectclass: simpleSecurityObject\r\nuid: Replicator\r\nuserpassword: {MD5}XEw0KXXXXxxxXXXWP71HXX==\r\n<\/code><\/pre>\n<p>Zapisujemy to sobie np. jako <code>replicator.ldif<\/code> i pr\u00f3bujemy doda\u0107 do katalogu LDAP:<\/p>\n<pre><code>\r\n# .\/OpenDJ-2.4.3\/bin\/ldapmodify -a -f replicator.ldif\r\nProcessing ADD request for uid=Replicator,dc=domain,dc=tld\r\nADD operation failed\r\nResult Code:  53 (Unwilling to Perform)\r\nAdditional Information:  Pre-encoded passwords are not allowed for the password attribute userPassword\r\n<\/code><\/pre>\n<p>Problem jest w tym, \u017ce w domy\u015blnej konfiguracji OpenDJ nie pozwala na dodawanie LDIF\u00f3w z atrybutem <code>userPassword<\/code> zawieraj\u0105cym ju\u017c zaszyfrowane has\u0142o. Oczywi\u015bcie jest na to rozwi\u0105zanie i mo\u017cna to zrobi\u0107 przynajmniej na dwa sposoby, pierwszy to uruchomienie programu <code>OpenDJ-ver\/bin\/dsconfig<\/code> i przej\u015bcie przez odpowiednie opcje, drugi, kt\u00f3ry ja zastosuj\u0119, to zmiana przy u\u017cyciu odpowiedniego LDIFa:<\/p>\n<pre><code>\r\n# cat &gt; allow-enc-pass.ldif &lt;&lt; EOF\r\n\r\ndn: cn=Default Password Policy,cn=Password Policies,cn=config\r\nchangetype: modify\r\nreplace: ds-cfg-allow-pre-encoded-passwords\r\nds-cfg-allow-pre-encoded-passwords: true\r\n\r\nEOF\r\n<\/code><\/pre>\n<p>Spr\u00f3bujmy doda\u0107:<\/p>\n<pre><code>\r\n# .\/OpenDJ-2.4.3\/bin\/ldapmodify -a -f allow-enc-pass.ldif \r\nProcessing MODIFY request for cn=Default Password Policy,cn=Password Policies,cn=config\r\nMODIFY operation failed\r\nResult Code:  50 (Insufficient Access Rights)\r\nAdditional Information:  The entry cn=Default Password Policy,cn=Password Policies,cn=config cannot be modified due to insufficient access rights\r\n<\/code><\/pre>\n<p>Mamy za ma\u0142e uprawnienia, nie poda\u0142em \u017cadnych danych do logowania, spr\u00f3bujmy raz jeszcze uwierzytelniaj\u0105c si\u0119:<\/p>\n<pre><code>\r\n# .\/OpenDJ-2.4.3\/bin\/ldapmodify -a -D cn=dirmgr -f allow-enc-pass.ldif\r\nPassword for user 'cn=dirmgr':\r\nProcessing MODIFY request for cn=Default Password Policy,cn=Password Policies,cn=config\r\nMODIFY operation successful for DN cn=Default Password Policy,cn=Password Policies,cn=config\r\n<\/code><\/pre>\n<p>Teraz znacznie lepiej, spr\u00f3bujmy doda\u0107 naszego u\u017cytkownika z zaszyfrowanym has\u0142em:<\/p>\n<pre><code>\r\n# .\/OpenDJ-2.4.3\/bin\/ldapmodify -a -D cn=dirmgr -f replicator.ldif    \r\nPassword for user 'cn=dirmgr':\r\nProcessing ADD request for uid=Replicator,dc=us,dc=edu,dc=pl\r\nADD operation successful for DN uid=Replicator,dc=domain,dc=tld\r\n<\/code><\/pre>\n<p>Operacja zako\u0144czona sukcesem, teraz mo\u017cna przygotowa\u0107 plik LDIF zawieraj\u0105cy dane u\u017cytkownik\u00f3w z zaszyfrowanymi has\u0142ami i zaimportowa\u0107 je do katalogu.<\/p>\n<p>Inne zmiany w konfiguracji mo\u017cna wprowadza\u0107 w taki sam spos\u00f3b, poprzez <code>ldapmodify<\/code> na <code>cn=config<\/code> lub przy u\u017cyciu programu <code>dsconfig<\/code>. Jest te\u017c GUI, kt\u00f3re pozwala zarz\u0105dza\u0107 lokalnym lub zdalnym serwerem OpenDJ, znajduje si\u0119 w katalogu <code>bin<\/code> i nazywa <code>control-panel<\/code>:<\/p>\n<pre><code>\r\ndrfugazi@neptun&gt; .\/OpenDJ-2.4.3\/bin\/control-panel&amp;\r\n<\/code><\/pre>\n<p>Aplikacja jest w Javie i dzia\u0142a te\u017c pod Windows. Mo\u017cna przegl\u0105da\u0107 i modyfikowa\u0107 wpisy i cz\u0119\u015b\u0107 konfiguracji, ogl\u0105da\u0107 i modyfikowa\u0107 schematy i indeksy. Jest te\u017c opcja backupu i odtwarzania oraz eksportu i importu LDIF. GUI pozwala na troch\u0119 wi\u0119cej gdy dzia\u0142a z lokalnym serwerem, ale prawdziw\u0105 konfiguracj\u0119 i tuning robi si\u0119 za pomoc\u0105 <code>dsconfig<\/code>, a do zarz\u0105dzania wpisami te\u017c s\u0105 lepsze narz\u0119dzia, jak cho\u0107by wspomniana wcze\u015bniej wtyczka do Eclipse, Apache Directory Studio czy phpLDAPadmin.<\/p>","protected":false},"excerpt":{"rendered":"<p>Po rozpakowaniu i instalacji OpenDJ jest wst\u0119pnie skonfigurowany. W moim przypadku posiada te\u017c wpis bazowy (base entry), tutaj niech to b\u0119dzie <code>dc=domain,dc=tld<\/code>. Je\u015bli kto\u015b dopiero buduje drzewo LDAP, to pewnie teraz doda sobie standardowe <code>ou=People<\/code> i tam b\u0119dzie umieszcza\u0142 u\u017cytkownik\u00f3w za pomoc\u0105 narz\u0119dzi do zarz\u0105dzania katalogiem LDAP. Zwykle jednak jest tak, \u017ce skoro decydujemy si\u0119 na LDAPa, to u\u017cytkownik\u00f3w nie jest kilkoro, a kilkaset lub kilka(na\u015bcie) tysi\u0119cy i trzeba ich zaimportowa\u0107 do katalogu.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[115],"tags":[6,88],"jetpack_publicize_connections":[],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7M9Tz-4B","jetpack-related-posts":[{"id":284,"url":"https:\/\/drfugazi.eu.org\/en\/instalacja\/","url_meta":{"origin":285,"position":0},"title":"Instalacja OpenDJ","author":"drfugazi","date":"Monday July 11th, 2011","format":false,"excerpt":"Pobieramy i rozpakowujemy najnowsz\u0105 wersj\u0119 OpenDJ ze strony ForgeRock.com. Po rozpakowaniu znajdziemy katalog OpenDJ-ver, gdzie jest numerem wersji oczywi\u015bcie, ja u\u017cyj\u0119 najnowszej na chwil\u0119 obecn\u0105 czyli 2.4.3 # cd \/data\/var # unzip OpenDJ-2.4.3.zip # cd OpenDJ-2.4.3 Uruchamiamy instalacj\u0119:","rel":"","context":"In &quot;LDAP&quot;","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":231,"url":"https:\/\/drfugazi.eu.org\/en\/konfiguracja-uwierzytelniania-poczty-w-ldap\/","url_meta":{"origin":285,"position":1},"title":"Konfiguracja uwierzytelniania poczty w LDAP","author":"drfugazi","date":"Friday December  3rd, 2010","format":false,"excerpt":"Zak\u0142adam, \u017ce Dovecot i Postfix ju\u017c dzia\u0142aj\u0105 i mo\u017cna odebra\u0107 i wys\u0142a\u0107 poczt\u0119 loguj\u0105c si\u0119 na u\u017cytkownika systemowego (patrz poprzednie wpisy). Nadszed\u0142 zatem czas na uruchomienie uwierzytelniania w naszym katalogu LDAP (patrz konfiguracja LDAP). Wykorzystanie LDAPa do uwierzytelniania u\u017cytkownik\u00f3w pozwala na elastyczne zarz\u0105dzanie hostingiem poczty i nie tylko. LDAP jest\u2026","rel":"","context":"In \"Dovecot\"","block_context":{"text":"Dovecot","link":"https:\/\/drfugazi.eu.org\/en\/tag\/dovecot\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":338,"url":"https:\/\/drfugazi.eu.org\/en\/dodawanie-indeksow-opendj\/","url_meta":{"origin":285,"position":2},"title":"Dodawanie indeks\u00f3w do OpenDJ","author":"drfugazi","date":"Tuesday July 12th, 2011","format":false,"excerpt":"Sorry, this entry is only available in Polish. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.Indeksy to bardzo wa\u017cna rzecz w katalogu LDAP. Je\u015bli s\u0105 problemy wydajno\u015bciowe z katalogiem i zacznie si\u0119 szuka\u0107\u2026","rel":"","context":"In &quot;LDAP&quot;","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":232,"url":"https:\/\/drfugazi.eu.org\/en\/konfiguracja-dostarczania-poczty-w-oparciu-o-ldap\/","url_meta":{"origin":285,"position":3},"title":"Konfiguracja dostarczania poczty w oparciu o LDAP","author":"drfugazi","date":"Saturday December 18th, 2010","format":false,"excerpt":"Ostatnio pisa\u0142em o konfiguracji uwierzytelniania u\u017cytkownik\u00f3w w katalogu LDAP aby mogli odbiera\u0107 i wysy\u0142a\u0107 poczt\u0119. Teraz czas na konfiguracj\u0119 Postfixa aby t\u0119 poczt\u0119 dostarcza\u0142 do w\u0142a\u015bciwych domen i skrzynek. Je\u015bli kompilujecie\/instalujecie Postfixa samodzielnie, to nale\u017cy pami\u0119ta\u0107 o wkompilowaniu wsparcia dla LDAP oraz wskazaniu \u015bcie\u017cki do bibliotek LDAP. Ja p\u00f3jd\u0119 na\u2026","rel":"","context":"In \"LDAP\"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/tag\/ldap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":272,"url":"https:\/\/drfugazi.eu.org\/en\/mail-delivery-configuration-ldap\/","url_meta":{"origin":285,"position":4},"title":"Mail delivery configuration with LDAP","author":"drfugazi","date":"Wednesday May 25th, 2011","format":false,"excerpt":"Sorry, this entry is only available in Polish. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.Ostatnim razem pisa\u0142em o uwierzytelnianiu u\u017cytkownik\u00f3w w katalogu LDAP aby umo\u017cliwia\u0107 im odbieranie i nadawanie poczty. Teraz nadszed\u0142\u2026","rel":"","context":"In &quot;LDAP&quot;","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":599,"url":"https:\/\/drfugazi.eu.org\/en\/ldap-server-for-solaris-and-linux-clients\/","url_meta":{"origin":285,"position":5},"title":"LDAP server for Solaris and Linux clients","author":"drfugazi","date":"Thursday June  2nd, 2016","format":false,"excerpt":"Few months ago I received a task to set up LDAP authentication for Solaris 10, Solaris 11 and Linux machines in Customer's infrastructure. As LDAP server was chosen OpenLDAP 2.4.x in Master-Slave configuration with SSL\/TLS support. Servers was installed on Virtual Machines with CentOS 6.7. I will not describe LDAP\u2026","rel":"","context":"In &quot;LDAP&quot;","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"LDAP DIT","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/285"}],"collection":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/comments?post=285"}],"version-history":[{"count":0,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/285\/revisions"}],"wp:attachment":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/media?parent=285"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/categories?post=285"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/tags?post=285"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}