network administration hw2wangth/course/netadm/slides/hw2.pdfbuild a primary-replica architecture...
TRANSCRIPT
![Page 1: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/1.jpg)
Network Administration HW2
tzute
![Page 2: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/2.jpg)
Com
pute
r Cente
r, CS
, NC
TU
2
Purposes
Build a primary-replica architecture LDAP service
Understand how to define LDAP schema from scratch
Understand how to manage LDAP datas using LDIF
Understand how to integrate other applications with LDAP
![Page 3: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/3.jpg)
Com
pute
r Cente
r, CS
, NC
TU
3
Overview
![Page 4: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/4.jpg)
Com
pute
r Cente
r, CS
, NC
TU
4
Overview (cont.)
One LDAP master server
• Providing LDAP service
• Connecting into your intranet
One LDAP slave server
• Providing LDAP service
• Connecting into your intranet
• Auto-sync datas from master
You can find a teammate and do this homework together
![Page 5: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/5.jpg)
Com
pute
r Cente
r, CS
, NC
TU
5
Overview (cont.)
![Page 6: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/6.jpg)
Com
pute
r Cente
r, CS
, NC
TU
6
Requirements (1/6)
LDAP master
• IP: 10.113.x.11/24 with static DHCP
Which means you have to re-configure your DHCP server to offer this
server static IP
• Base DN: dc=<student-id>,dc=nasa
• StartTLS on LDAP service
Use self-signed certificate
• Support SASL
Store hashed password into each DN's userPassword
![Page 7: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/7.jpg)
Com
pute
r Cente
r, CS
, NC
TU
7
Requirements (2/6)
LDAP master (cont.)
• Enable ACL
Everyone can read all datas expect userPassword
Authenticated users can write their own userPassword
Only slave server can bind to DN "cn=Syncer"
"cn=Syncer" can read all datas
Specific DN "cn=Syncer"
• Set credential to "hahaYouCatchMe" (excluding double-quotes)
![Page 8: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/8.jpg)
Com
pute
r Cente
r, CS
, NC
TU
8
Requirements (3/6)
LDAP slave
• Same as master, but
• Choose any IP you want but bind with static DHCP
• Bind to "cn=Syncer" while syncing from master
• Sync from master every 60 seconds
![Page 9: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/9.jpg)
Com
pute
r Cente
r, CS
, NC
TU
9
Requirements (4/6)
objectClass "clusterInfo"
• attributeType "address"
Specific DN "cn=master,ou=ldap,dc=<student-id>,dc=nasa"
• objectClass: clusterInfo
• address should be LDAP master server address (10.113.x.11)
Specific DN "cn=slave,ou=ldap,dc=<student-id>,dc=nasa"
• objectClass: clusterInfo
• address should be LDAP slave server address
![Page 10: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/10.jpg)
Com
pute
r Cente
r, CS
, NC
TU
10
Requirements (5/6)
Router, Client, LDAP master, LDAP slave
• Should can login with LDAP posixAccount
At least, login via SSH should be worked
• Users can execute passwd to change their own password
Specific user "cn=<student-id>"
• uidNumber: 3001
• set your own password
![Page 11: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/11.jpg)
Com
pute
r Cente
r, CS
, NC
TU
11
Requirements (6/6)
objectClass "publicKeyLogin"
• attributeType "sshPublicKey"
Specific DN "cn=TA"
• objectClass: posixAccount
• objectClass: publicKeyLogin
• uidNumber: 3000
• sshPublicKey: <TA's public key>
• Should can login SSH with sshPublicKey
Retrieve TA's public key here
• http://navpn.nctucs.cc/ta_rsa.pub (or access via 10.113.0.254)
![Page 12: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/12.jpg)
Com
pute
r Cente
r, CS
, NC
TU
12
Demo
TAs will try to login via public key and execute some script
to validate your works.
Due date: 5/9 18:30
![Page 13: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/13.jpg)
Com
pute
r Cente
r, CS
, NC
TU
13
Tips
Google "How to get your own OID"
Google "sshd_config AuthorizedKeysCommand"
![Page 14: Network Administration HW2wangth/course/netadm/slides/hw2.pdfBuild a primary-replica architecture LDAP service ... You can find a teammate and do this homework together. U 5 Overview](https://reader033.vdocument.in/reader033/viewer/2022052520/60797614a28a38406b4f4361/html5/thumbnails/14.jpg)
Com
pute
r Cente
r, CS
, NC
TU
14
Help!
Email to [email protected]
• Don’t send email by E3new
EC 3F CSCC