如何设置RHDS的黑名单?

RHDS

1 前言

一个问题,一篇文章,一出故事。
笔者最近接到需要拉黑RHDS的工作任务,于是整理此章节。

2 最佳实践

2.1 实践环境

Server:
OS=Oracle Linux 9.x x86_64
hostname=389ds.cmdschool.org
ipaddress=192.168.0.155
如有需要RHDS的环境,请参阅如下章节,

如何部署Oracle Linux 9.x的389-DS服务?

Client:
OS=Oracle Linux 9.x x86_64
hostname=any
ipaddress=10.168.0.152

2.2 实现黑名单

2.2.1 测试用户的查询

In Client,

ldapsearch -x -h 389ds.cmdschool.org -p 389 -D "uid=will,ou=People,dc=cmdschool,dc=org" -w "willpwd" -b "ou=people,dc=cmdschool,dc=org" "(uid=will)"

2.2.2 设置黑名单

In Server,

ldapmodify -D "cn=Directory Manager" -w "adminpwd" -H ldap://389ds.cmdschool.org -x

输入如下配置,

dn: dc=cmdschool,dc=org
changetype: modify
add: aci
aci: (targetattr = "*") (version 3.0;acl "Deny 10.168.0.152/32"; deny (all) (userdn = "ldap:///anyone") and (ip = "10.168.0.152");)

按下“[ctrl+d]”结束输入,正常会返回以下信息,

modifying entry "dc=cmdschool,dc=org"

2.2.3 验证黑名单

In Server,

ldapsearch -D "cn=Directory Manager" -w "adminpwd" -H ldap://389ds.cmdschool.org -x -b "dc=cmdschool,dc=org" "(objectClass=*)" aci | more

如果是客户端,请使用如下命令验证,
In Client,

ldapsearch -x -h 389ds.cmdschool.org -p 389 -D "uid=will,ou=People,dc=cmdschool,dc=org" -w "willpwd" -b "ou=people,dc=cmdschool,dc=org" "(uid=will)"

2.2.4 解除黑名单

In Server,

ldapmodify -D "cn=Directory Manager" -w "adminpwd" -H ldap://389ds.cmdschool.org -x

输入如下配置,

dn: dc=cmdschool,dc=org
changetype: modify
delete: aci
aci: (targetattr = "*") (version 3.0;acl "Deny 10.168.0.152/32"; deny (all) (userdn = "ldap:///anyone") and (ip = "10.168.0.152");)
没有评论

发表回复

Bash
如何收集活跃的RHDS客户端IP地址?

1 前言 一个问题,一篇文章,一出故事。 笔者最近接到需要收集RHDS服务活跃的IP地址的工作任务, …

RHDS
如何调整RHDS的访问日志的级别?

1 前言 一个问题,一篇文章,一出故事。 笔者最近接到调整RHDS服务访问日志(accesslog) …

RHDS
如何部署Oracle Linux 9.x的389-DS服务?

1 理论基础 1.1 概念 RHDS是Red Hat Directory Service的简称,是一 …