Difference between revisions of "OPS335-Lab-ldap"

From CDOT Wiki
Jump to: navigation, search
(Setting up basic page - lot's more to do.)
 
m (INVESTIGATION 1: Connecting a Client Machine to an LDAP server)
Line 37: Line 37:
  
 
The rest of your tasks for this section of the lab are:
 
The rest of your tasks for this section of the lab are:
* Set up all your nested VMs to authenticate also against LDAP in lin3. (not including alice, which won't let you authenticate via a plain-text channel)
+
* Set up all your VMs to authenticate using the LDAP service hosted on lin3.
* Create three more users:
 
** yoursenecausername with the UID 10000 and full name Your Full Name (replace with your actual username/name)
 
** jane with the UID 10001 and full name Jane Greystoke
 
** guest with the uid 10002 and full name Andrew's Guests
 
* Confirm that you can log in using all three usernames on all your nested VMs (except lin3).
 
 
 
  
 
== INVESTIGATION 2: Adding Users to LDAP ==
 
== INVESTIGATION 2: Adding Users to LDAP ==

Revision as of 21:16, 30 October 2019

OBJECTIVE & PREPARATION

  • Learn some fundamental concepts and terminology used with LDAP.
  • Practice creating users in OpenLDAP.
  • Set up linux machines to authenticate against an OpenLDAP server.
  • Learn to update lDAP information with ldif files.

Online Resources

We'll use OpenLDAP in this course.

The purpose of LDAP the way it's used most of the time is relatively intuitive, but the implementation details will take longer to understand.

LDAP is a generic directory access protocol, but we'll look at it specifically as a server containing user credentials that can be used for authorization on multiple machines.

You should read as much of the OpenLDAP Administration Guide as you can handle. You'll find that parts of it make no sense at first, but as you get more practice with the software and the concepts they become easier to understand. As a minimum, read:

  • The introduction.
  • The quick start guide.
  • The configuration layout part of "Configuring slapd".
  • There is a glossary at the end of the guide. It's not complete and it doesn't have any details, but it's a good place to look when you get confused by weird-looking shorthands like dc, dn, or cn.

INVESTIGATION 1: Connecting a Client Machine to an LDAP server

You won't be asked to set up an OpenLDAP server from scratch, we don't have time for that. So you can start with a VM I made for you.

Download the disk image here and set it up the same way you've set up the midterm test review. You only need 512MB of RAM. Connect it to your lab network.

The machine doesn't have any regular users, only root. Use whatever technique works for you to reset the root password so that you can log in.

OpenLDAP has been set up on it using this itzgeek guide. You should read that guide even though you don't need to perform all those steps yourself.

My OpenLDAP server (lin3) has been set up with:

  • The Domain Components dc=andrew.dc=ops.
  • The admin username ldaproot and the password seneca99ldap
  • An Organisation Unit named People, for regular users.
  • With one regular user john, whose password you should change using the ldappasswd command.

The rest of your tasks for this section of the lab are:

  • Set up all your VMs to authenticate using the LDAP service hosted on lin3.

INVESTIGATION 2: Adding Users to LDAP

Perform the Following steps on your LDAP server VM:

  1. Add a new user

INVESTIGATION 3: Using Ldif Files

COMPLETING THE LAB

Depending on your professor you will either be asked to submit the lab in class, or online. Follow the appropriate set of instructions below

Online Submission (Peter Callaghan's sections only)

Follow the instructions for lab X on blackboard.

In-Class submission

To be completed by faculty who use in-class submission

EXPLORATION QUESTIONS