DEV Community

josnin
josnin

Posted on

389ds in Fedora 31

#linux #opensource #tutorial

Installation 

[johnny2020@localhost Documents]$ sudo dnf install 389-ds-base
Enter fullscreen mode Exit fullscreen mode

389ds docs

Local DNS 

vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.74 myhost myhost.tech.com
Enter fullscreen mode Exit fullscreen mode

Setup 

[root@myhost Documents]# dscreate interactive
Install Directory Server (interactive mode)
===========================================

Enter system's hostname [myhost.tech.com]:

Enter the instance name [myhost]:

Enter port number [389]:

Create self-signed certificate database [yes]:

Enter secure port number [636]:

Enter Directory Manager DN [cn=Directory Manager]:

Enter the Directory Manager password:
Confirm the Directory Manager Password:

Enter the database suffix (or enter "none" to skip) [dc=myhost,dc=tech,dc=com]:

Create sample entries in the suffix [no]: yes

Do you want to start the instance after the installation? [yes]: 

Are you ready to install? [no]: yes
Starting installation...
Starting installation...
Completed installation for myhost
Enter fullscreen mode Exit fullscreen mode

Create Group (sn) 

Cant provide gidNumber

[root@papaitan Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" group create
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Enter value for cn : Family
Successfully created Family
Enter fullscreen mode Exit fullscreen mode

Create Posix Group 

Can provide gidNumber

[root@papaitan Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" posixgroup create
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Enter value for cn : Family2
Enter value for gidNumber : 1010
Successfully created Family2
Enter fullscreen mode Exit fullscreen mode

Modify PosixGroup gidNumber 

[root@papaitan Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" posixgroup modify Family2 replace:gidNumber:1011
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Successfully modified cn=Family2,ou=groups,dc=myhost,dc=tech,dc=com
Enter fullscreen mode Exit fullscreen mode

Create User 

[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" user create
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Enter value for uid : jonnny2020
Enter value for cn : jonnny2020
Enter value for displayName : Johnny
Enter value for uidNumber : 1010
Enter value for gidNumber : 1010
Enter value for homeDirectory : /home/johnny2020
Successfully created johnny2020
Enter fullscreen mode Exit fullscreen mode

Get User 

[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" user get johnny2020
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
dn: uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
cn: johnny2020
displayName: Johnny
gidNumber: 1010
homeDirectory: /home/johnny2020
objectClass: top
objectClass: nsPerson
objectClass: nsAccount
objectClass: nsOrgPerson
objectClass: posixAccount
uid: johnny2020
uidNumber: 1010
Enter fullscreen mode Exit fullscreen mode

Adding Group to User 

[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" group add_member Family uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
added member: uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter fullscreen mode Exit fullscreen mode

Adding PosixGroup to User 

[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" group add_member Family2 uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
added member: uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter fullscreen mode Exit fullscreen mode

Removing Group to User 

[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" group remove_member Family uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
removed member: uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter fullscreen mode Exit fullscreen mode

Reset Password 

[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" account reset_password uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Enter new password for uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com :
CONFIRM - Enter new password for uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com :
reset password for uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter fullscreen mode Exit fullscreen mode

LDAP search 

[root@myhost Documents]# ldapsearch -x -b "dc=myhost,dc=tech,dc=com"
Enter fullscreen mode Exit fullscreen mode

Enable memberof plugin

Required for sssd enablement 

[root@myhost Documents]# dsconf ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" plugin memberof status
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Plugin 'MemberOf Plugin' is disabled
[root@myhost Documents]# dsconf ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" plugin memberof enable
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Enabled plugin 'MemberOf Plugin'

[root@myhost Documents]# dsctl myhost restart
Instance "myhost" has been restarted

[root@myhost Documents]# dsconf ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" plugin memberof set --scope "dc=myhost,dc=tech,dc=com"
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Successfully changed the cn=MemberOf Plugin,cn=plugins,cn=config

[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" user modify kirsten add:objectclass:nsmemberof
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Successfully modified uid=kirsten,ou=people,dc=myhost,dc=tech,dc=com


[root@myhost Documents]# dsconf ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" plugin memberof fixup "dc=myhost,dc=tech,dc=com"
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Attempting to add task entry...
Successfully added task entry
Enter fullscreen mode Exit fullscreen mode

Login Using 389-ds LDAP 

[root@myhost Documents]# dnf install sssd
Last metadata expiration check: 1:40:56 ago on Sat 28 Mar 2020 09:31:30 PM +08.
Package sssd-2.2.3-13.fc31.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@myhost Documents]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" client_config sssd.conf
389-admin-1.1.46-3.fc30.2.x86_64.rpm     -h                                       sfayn/
389-ds-console-1.2.16-8.fc30.noarch.rpm  --help                                   sfayn_gqlserver/
code/                                    ldap.ldif                                stunnel/
cookbook/                                .ldap.ldif.swp                           subscription.js
djcms_blogs/                             my-app/                                  test1/
docker-files/                            mysite/                                  test_api.py
env/                                     mysqld_kill_or_term.stp                  testdocker/
env3/                                    new_group.ldif                           test_r/
filereader/                              ng5/                                     test_sse/
flask_sse/                               ng-carpark/                              testvim
graphene-django/                         ng-reactive-forms/                       tmuxp_test.yaml
graphql/                                 out.csv
Enter fullscreen mode Exit fullscreen mode

Add loginShell /bin/bash to user 

[root@myhost jay2020]# dsidm ldap://myhost.tech.com:389 -b "dc=myhost,dc=tech,dc=com" user modify johnny2020 add:loginShell:/bin/bash
Enter Bind DN: cn=Directory Manager
Enter password for cn=Directory Manager on ldap://myhost.tech.com:389:
Successfully modified uid=johnny2020,ou=people,dc=myhost,dc=tech,dc=com
Enter fullscreen mode Exit fullscreen mode

Authselect if you want to auto-create home 

998  authselect select sssd with-mkhomedir --force
  999  systemctl enable oddjobd.service
 1000  systemctl start oddjobd.service



[root@myhost jay2020]# authselect apply-changes
Changes were successfully applied.
Enter fullscreen mode Exit fullscreen mode

Issue if you can't ssh

Bec. it can't find the TLS certificate, meantime disable the TLS require cert by assign never 

[root@myhost jay2020]# systemctl restart sssd
Enter fullscreen mode Exit fullscreen mode

Reference

389ds-how-to-users-and-groups

Top comments (0)

Read next

yarensari profile image

Ubuntu 22.04’e MinIO Server Kurulumu

Yaren Sarı -

osalumense profile image

Understanding Type Annotations in TypeScript

Stephen Akugbe -

techtobe101 profile image

Jenkins CI/CD Freestyle Project: A Comprehensive Guide

Tech Tobé -

mvmendonca profile image

Hash Map As a Service

Murillo Mendonça -