Sur le serveur OpenLDAP:
Voici l’organisation de ma base LDAP:
dc=example
/
ou=intra
/
ou=demo
___|_________________________________________________________________________
| | |
ou=dpt ou=material ou=services
| _____|_______________ ____|_____
____________|______________ | | | | |
| | | | | | ou=groups ou=export
ou=netadmin ou=helpdesk ou=commercial | | | | \
| | | | cn=\
ou=clients ou=servers ou=etc... |
___|____ |
| | |
ou=nomad ou=sedentary ____________________________|____
| | |
cn=admin-group cn=helpdesk-group cn=commercial-group
Voici le contenu de mon /etc/ldap/slapd.conf
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/autofs.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel none
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
#######################################################################
# Specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend hdb
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type hdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database hdb
# The base of your directory in database #1
suffix "dc=example"
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn "cn=admin,ou=demo,ou=intra,dc=example"
rootpw secret
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# The dbconfig settings are used to generate a DB_CONFIG file the first
# time slapd starts. They do NOT override existing an existing DB_CONFIG
# file. You should therefore change these settings in DB_CONFIG directly
# or remove DB_CONFIG and restart slapd for changes to take effect.
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057 for more
# information.
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
# Indexing options for database #1
index objectClass eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint 512 30
# Where to store the replica logs for database #1
# replogfile /var/lib/ldap/replog
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=demo,dc=intra,dc=example" read
by dn="cn=admin,dc=demo,dc=intra,dc=example" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=demo,dc=intra,dc=example" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=demo,dc=intra,dc=example" write
# by dnattr=owner write
#######################################################################
# Specific Directives for database #2, of type 'other' (can be hdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>
# The base of your directory for database #2
#suffix "dc=debian,dc=org"
Le contenu de mon init_demo.intra.example.ldif:
dn: dc=example
objectclass: dcObject
objectclass: organization
o: example
dn: ou=intra,dc=example
objectclass: organizationalUnit
ou: intra
dn: ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: demo
dn: ou=dpt,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: dpt
dn: ou=netadmin,ou=dpt,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: netadmin
dn: ou=helpdesk,ou=dpt,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: helpdesk
dn: ou=commercial,ou=dpt,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: commercial
dn: ou=material,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: material
dn: ou=servers,ou=material,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: servers
dn: ou=network-passives,ou=material,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: network-passives
dn: ou=switchs,ou=network-passives,ou=material,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: switchs
dn: ou=routers,ou=network-passives,ou=material,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: routers
dn: ou=security-related,ou=network-passives,ou=material,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: security-related
dn: ou=telephony,ou=network-passives,ou=material,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: telephony
dn: ou=clients,ou=material,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: clients
dn: ou=nomads,ou=clients,ou=material,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: nomads
dn: ou=sedentary,ou=clients,ou=material,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: sedentary
dn: ou=services,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: services
dn: ou=nfs,ou=services,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: nfs
dn: ou=groups,ou=services,ou=demo,ou=intra,dc=example
objectclass: organizationalUnit
ou: groups
Le contenu de mon groups.ldif
dn: cn=admin-group,ou=groups,ou=services,ou=demo,ou=intra,dc=example
objectClass: posixGroup
cn: admin-group
gidNumber: 5000
description: Admin group
dn: cn=helpdesk-group,ou=groups,ou=services,ou=demo,ou=intra,dc=example
objectClass: posixGroup
cn: helpdesk-group
gidNumber: 6000
description: Helpdesk group
dn: cn=commercial-group,ou=groups,ou=services,ou=demo,ou=intra,dc=example
objectClass: posixGroup
cn: commercial-group
gidNumber: 7000
description: Commercial group
Le contenu de mon users.ldif (je laisse les mots de passe car il ne s’agit que d’utilisateur test qui seront remplacés ultérieurement)
dn: uid=test-admin,ou=netadmin,ou=dpt,ou=demo,ou=intra,dc=example
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: test-admin
cn: test-admin
sn: test-admin
givenName: test-admin
uidNumber: 5000
gidNumber: 5000
homeDirectory: files.demo.intra:/home/test-admin
loginShell: /bin/bash
userPassword: test-admin
mail: test-admin.test-admin@demo.intra
l: France
ou: admin-group
dn: uid=test-helpdesk,ou=helpdesk,ou=dpt,ou=demo,ou=intra,dc=example
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: test-helpdesk
cn: test-helpdesk
sn: test-helpdesk
givenName: test-helpdesk
uidNumber: 5001
gidNumber: 6000
homeDirectory: files.demo.intra:/home/test-helpdesk
loginShell: /bin/bash
userPassword: test-helpdesk
mail: test-helpdesk.test-helpdesk@demo.intra
l: France
ou: helpdesk-group
dn: uid=test-commercial,ou=commercial,ou=dpt,ou=demo,ou=intra,dc=example
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: test-commercial
cn: test-commercial
sn: test-commercial
givenName: test-commercial
uidNumber: 5002
gidNumber: 7000
homeDirectory: files.demo.intra:/home/test-helpdesk
loginShell: /bin/bash
userPassword: test-commercial
mail: test-commercial.test-commercial@demo.intra
l: France
ou: commercial-group
Le contenu de mon autoumount.ldif
dn: ou=export,ou=nfs,ou=services,ou=demo,ou=intra,dc=example
objectClass: automountMap
ou: export
dn: cn=/,ou=export,ou=nfs,ou=services,ou=demo,ou=intra,dc=example
objectClass: top
objectClass: automount
cn: /
automountInformation: -rw,nfs,hard,intra,nodev,nosuid files.demo.intra:/home/&
Le contenu du autofs.schema
#
# $id$
#
# Depends upon core.schema and cosine.schema
# OID Base is 1.3.6.1.4.1.2312.4
#
# Attribute types are under 1.3.6.1.4.1.2312.4.1
# Object classes are under 1.3.6.1.4.1.2312.4.2
# Syntaxes are under 1.3.6.1.4.1.2312.4.3
# Attribute Type Definitions
attributetype ( 1.3.6.1.1.1.1.25 NAME 'automountInformation'
DESC 'Information used by the autofs automounter'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
objectclass ( 1.3.6.1.1.1.1.13 NAME 'automount' SUP top STRUCTURAL
DESC 'An entry in an automounter map'
MUST ( cn $ automountInformation $ objectclass )
MAY ( description ) )
objectclass ( 1.3.6.1.4.1.2312.4.2.2 NAME 'automountMap' SUP top STRUCTURAL
DESC 'An group of related automount objects'
MUST ( ou ) )
Sur le serveur NFS:
Voici le contenu de mon /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#
/mnt/intranet 172.16.1.0/24(rw,sync,no_subtree_check,root_squash)
/mnt/test 172.16.1.0/24(rw,sync,no_subtree_check,root_squash)
/home 172.16.1.0/24(rw,sync,no_subtree_check,root_squash)
Voici ce que retourne la commande exportfs:
root@files:~#exportfs
/mnt/intranet 172.16.1.0/24
/mnt/test 172.16.1.0/24
/home 172.16.1.0/24
Sur la machine cliente:
Le contenu du fichier /etc/nsswitch.conf