RHDS
1 前言
一个问题,一篇文章,一出故事。
笔者最近接到需要拉黑RHDS的工作任务,于是整理此章节。
2 最佳实践
2.1 实践环境
Server:
OS=Oracle Linux 9.x x86_64
hostname=389ds.cmdschool.org
ipaddress=192.168.0.155
如有需要RHDS的环境,请参阅如下章节,
Client:
OS=Oracle Linux 9.x x86_64
hostname=any
ipaddress=10.168.0.152
2.2 实现黑名单
2.2.1 测试用户的查询
In Client,
ldapsearch -x -h 389ds.cmdschool.org -p 389 -D "uid=will,ou=People,dc=cmdschool,dc=org" -w "willpwd" -b "ou=people,dc=cmdschool,dc=org" "(uid=will)"
2.2.2 设置黑名单
In Server,
ldapmodify -D "cn=Directory Manager" -w "adminpwd" -H ldap://389ds.cmdschool.org -x
输入如下配置,
dn: dc=cmdschool,dc=org changetype: modify add: aci aci: (targetattr = "*") (version 3.0;acl "Deny 10.168.0.152/32"; deny (all) (userdn = "ldap:///anyone") and (ip = "10.168.0.152");)
按下“[ctrl+d]”结束输入,正常会返回以下信息,
modifying entry "dc=cmdschool,dc=org"
2.2.3 验证黑名单
In Server,
ldapsearch -D "cn=Directory Manager" -w "adminpwd" -H ldap://389ds.cmdschool.org -x -b "dc=cmdschool,dc=org" "(objectClass=*)" aci | more
如果是客户端,请使用如下命令验证,
In Client,
ldapsearch -x -h 389ds.cmdschool.org -p 389 -D "uid=will,ou=People,dc=cmdschool,dc=org" -w "willpwd" -b "ou=people,dc=cmdschool,dc=org" "(uid=will)"
2.2.4 解除黑名单
In Server,
ldapmodify -D "cn=Directory Manager" -w "adminpwd" -H ldap://389ds.cmdschool.org -x
输入如下配置,
dn: dc=cmdschool,dc=org changetype: modify delete: aci aci: (targetattr = "*") (version 3.0;acl "Deny 10.168.0.152/32"; deny (all) (userdn = "ldap:///anyone") and (ip = "10.168.0.152");)
没有评论