Release date:Updated on:
Affected Systems:OpenLDAP RedHat LinuxUnaffected system:OpenLDAP 2.4.30Description:--------------------------------------------------------------------------------Bugtraq id: 52404CVE (CAN) ID: CVE-2012-1164
OpenLDAP is an open-source Lightweight Directory Access Protocol (LDAP) implementation.
OpenLDAP has a remote denial of service vulnerability. Attackers can exploit this vuln
1. OpenLDAP installation and configuration
The LDAP directory stores data in a tree structure. The top layer is the "baseline DN", for example, "DC = mydomain, Dc = org" or "O = mydomain.org ", openldap supports both methods. We use the previous method. The specific installation and configuration process is not described in detail. The problems encountered during this process are generally related to the co
ObjectiveLDAP (Lightweight Directory Access Protocol) is a Lightweight Directory Access protocol based on the X.500 standard, which, like Nis,dns, belongs to the name service in the UNIX operating system (naming Service). This article describes how to build an LDAP service on the Ubuntu operating system.
First step: Modify hostname127.0.0.1 localhost127.0.1.1 ldap.ldapdomain.com alternative192.168.5.180 ldap.ldapdomain.comNote: when installing Op
Directoryservices encountered several problems accessing OpenLDAP (selected recommendation logs, with 10 coins). They slept at about 2 o'clock last night and finally solved all the problems of accessing OpenLDAP using directoryservices, it seems that there are not many materials in China in this regard. If you encounter many problems, you may find them on your own or on a foreign forum. 1. the authenticatio
With the table to explain the common LDAP keyword, feel the form of convenient memory and contrast, but also easy to find later, so it turned over, the original address: http://blog.csdn.net/reblue520/article/details/51804162LDAP Common name Interpretation650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/87/16/wKioL1fT02Lg3UmmAAIUJHaIC60641.jpg "title=" 2016. JPG "alt=" wkiol1ft02lg3ummaaiujhaic60641.jpg "/>The following is a summary of openldap
First, at least berkeleydb and Cyrus SASL are required.If TLS is required, OpenSSL is required.OpenLDAP has not provided engineering files for porting to Windows since version 2.2x, but it still has such problems, so it can be implemented after transplantation. After two or three days of experiment, I have compiled several important libraries. The following describes how to compile OpenLDAP in windows. My compiling environment is Win XP, VC 6.0, and c
LDAP works the same way as 5.5, and functions the same, not much in that.The OPENLDAP configuration process for 6.0linux:1. First, check the installation of each required package:650) this.width=650; "style=" Float:none; "title=" 1.png "src=" http://s3.51cto.com/wyfs02/M01/6F/82/ Wkiom1wen3xxie4iaabrttflz-m404.jpg "alt=" Wkiom1wen3xxie4iaabrttflz-m404.jpg "/>2. View the firewall and SELinux scenarios:650) this.width=650; "style=" Float:none; "title="
OpenLDAP in the previous has been introduced to you, the LDAP service is now using a relatively many, Lightweight directory services, performance is good.Now let's talk about LDAP replication, that is, when an LDAP server changes, the other one will change as well, which will prevent downtime when an outage occurs.OpenLDAP Replication configuration:1. Modify the LDAP Service configuration file for master host650) this.width=650; "style=" Float:none; "
Process format:/usr/sbin/slapd-G openldap-u openldap-F/etc/ldap/slapd. conf
Directory description:Topldap installation directory:/usr/local/topldapTopldap|-Main program of slapd Directory Service|-The program that the slurpd Directory Service copies|-Slapadd: add data to the directory|-Slapcat exports entries in the directory to an ldif File|-Slapindex: re-creates a Directory Index.|-Ldapcompare compares th
Ldapsearch-h ldap.acme.com-d "Cn=john doe,o=acme"-W password-l "objectclass=*"
Use the host ldap.acme.com for port 389. For the "Cn=john doe,o=acme" entry. Returns all properties that it agrees to view anonymously
Ldapsearch-h ldap.acme.com "-S Base-b" Cn=john doe,o=acme "objectclass=*"
Configuration to listen for LDAP requests on Port 391 also has all the items on a host bluepages.ibm.com
Ldapsearch-h bluepages.ibm.com-p 391 "objectclass=*"
LDIF format
Ldapsearch-h ldap.acme.com-d "Cn=john doe,o=acme"-W password-l "objectclass=*"
Use the host ldap.acme.com for port 389.For the "Cn=john Doe,o=acme" entry, return all properties that it agrees to view anonymously
Ldapsearch-h ldap.acme.com "-S Base-b" Cn=john doe,o=acme "objectclass=*"
Configuration to listen for LDAP requests on Port 391 also has all the items on a host bluepages.ibm.com
Ldapsearch-h bluepages.ibm.com-p 391 "objectclass=*"
Ldapsearch-h ldap.acme.com-d "Cn=john doe,o=acme"-W password-l "objectclass=*"
Use the host ldap.acme.com for port 389. For the "Cn=john Doe,o=acme" entry, return all properties that it agrees to view anonymously
Ldapsearch-h ldap.acme.com "-S Base-b" Cn=john doe,o=acme "objectclass=*"
Configuration to listen for LDAP requests on Port 391 also has all the items on a host bluepages.ibm.com
Ldapsearch-h bluepages.ibm.com-p 391 "objectclass=*"
Openldap + samba-Linux Enterprise Application-Linux server application information. For details, refer to the following section. Can't locate Net/LDAP. pm in @ INC (@ INC contains: /usr/local/sbin // usr/lib/perl5/5.8.0/i386-linux-thread-multi/usr/lib/perl5/5.8.0/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/usr/ lib/perl5/site_perl/5.8.0/usr/lib/perl5/site_perl/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/usr/lib/perl5/vendor_perl/
attribute in the OR filter, starting with "O = IBM" of the Organization. The timeout value is 300 seconds, and the maximum number of returned items is 1000. And only the DN (default) and CN (this is the public filter of the Web application) are returned ).
Ldapsearch-H bluepages.ibm.com-P 391-B "O = IBM"-l 300-Z 1000 "( (objectclass = person) (| (CN = Jerry Seinfeld *) (givenname = JerrySeinfeld *) (Sn = Jerry Seinfeld *) (Mail = Jerry Seinfeld *) "cn
Port 391 on bluepages.ibm.com.
OpenLDAP directory to explain:
TOPLDAP installation directory:/USR/LOCAL/TOPLDAPTopldapMain program for |-SLAPD directory service|-SLURPD Directory Service Replication Program|-slapadd add data to the directory|-slapcat the entries in the directory into LDIF filesIndex of |-slapindex Rebuild directory|-ldapcompare the properties of the entries for the directory|-ldapadd add entries to the directory service|-ldapdelete Delete entries in the directory|-
Update on: 2016-2-17-----------------------------------P34, 2.5.7, 2Error: Chown-r ldap.ldap/var/lib/*Correction: Chown-r LDAP:LDAP/VAR/LIB/LDAP-----------------------------------P235, 11.2.3, 5Error: [[email protected] ~]# Cat/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.conf.bakCorrection: [[email protected] ~]# Cp/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.conf.bakThe update is in ......... .......This article is from the "See your next year CA" blog, declined reprint!Linux/unix
Tags: cmdbbuild openldapCMDBUILD+OPENLDAP Implementation Verification
PS: Because the operation of various tools too much, account management is too complex, so, with the LDAP centralized authentication is good. Here to explain CmdbuildCmdbbuild specific functions do not do a specific explanation, here directly to explain.Cmdbbuild-Side considerations:In conjunction with LDAP, it is important to note that the CMDB side needs to have the appropri
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.