> Hi ca'c anh !
> DDa^y la` mo^.t trong nhu+~ng ca'i topic la`m ddie^n ca'i dda^`u nha^'t
> dda^'y !
> Co' ma^'y thu+' ca^`n quan ta^m khi authenticate user vo+'i ldap ma`
> em nghi~ la` ca^`n:
> - Authenticate ba(`ng bind hay bind ba(`ng mo^.t tha(`ng admin ro^`i
> search ? Ne^'u authenticate user ba(`ng ca'ch bind va`o ldap vo+'i
> tho^ng tin cu?a user ddo' thi` entry ddo' pha?i thuo^.c mo^.t
> objectclass nha^'t ddi.nh (em thu+o+`ng du`ng inetorgpersion), ca'c
> thuo^.c ti'nh kha'c ne^'u co' chi? la` optional. Ne^'u bind va`o
> ba(`ng mo^.t tha(`ng admin ro^`i ddi search xem co' account na`o cu?a
> user nhu+ the^' hay kho^ng (match username/password) thi` co' ve? de^~
> ho+n, nhu+ng u+'ng du.ng ca^`n authenticate pha?i ho^~ tro+..
> - Ne^'u ma` du`ng squid dde^? authenticate thi` to^'t nha^'t la`
> vie^'t mo^.t ca'i script dde^? authenticate vo+'i ldap rie^ng (theo 1
> trong 2 ca'ch tre^n), sau ddo' du`ng script ddo' nhu+ mo^.t external
> authentication cu?a squid (o+? cty em du`ng POP3 account dde^?
> authenticate vo+'i squid, ca'i script na`y co' sa(~n tre^n Internet
> !!)
>
> Ne^'u co' the^? ddu+o+.c thi` ba'c post ca'i log file le^n dda^y
> (cha.y slapd vo+'i option -D 4 dde^? xem debug info, ca'i na`y co'
> i'ch la('m dda^'y)
Hie^.n ta.i thi` to^i dda~ bie^'t ro~ la` vpopmail cu~ng nhu+
egroupware dde^`u su+? du.ng co+ che^' simple bind cu?a openldap, ko
tha(`ng na`o du`ng SASL he^'t.
Sau khi xem log file, ca'ch la`m cu?a tha(`ng vpopmail la` no' bind
ba(`ng ta`i khoa?n admin ro^`i search (lu'c ca^'u hi`nh no' thi` pha?i
su+?a ca'i vlapd.h dde^? no' co' the^? no'i chuye^.n vo+'i ldap). NO'
search ba(`ng ca'i filter da.ng nhu+ sau:
SRCH base="ou=example.com,o=root" scope=2
filter="(&(objectClass=qmailUser)(uid=test))"
Sau khi la^'y ddu+o+.c ta^'t ca? tho^ng tin cu?a user, no' mo+'i ba('t
dda^`u so password ba(`ng ca'ch ma~ ho'a password dda^`u va`o cu?a
user vo+'i attribute userPassword ma` no' la^'y ddu+o+.c tu+` ldap. Do
ddo', va^'n dde^` ba^y gio+` la` do ca'ch thu+'c ma~ ho'a cu?a
vpopmail no' kha'c vo+'i nhu+~ng tha(`ng kha'c (ma(.c du` la` cu`ng
md5).
Vi' du. nhu+ cu`ng vo+'i string la` test, tha(`ng vpopmail ma~ ho'a ra
nhu+ nhu+ sau: {MD5}$1$h31raXwH$RXYsUWpx9ArIbRQwh4bmo1 , trong khi
ddo' du`ng ca'i co^ng cu. phpldapadmin, vo+'i che^' ddo^. ma~ ho'a md5
(tha^.t ra go.i la` md5_crypt mo+'i chi'nh xa'c) thi` no' ma~ ho'a co'
format nhu+ sau {MD5}CY9rzUYh03PK3k6DJie09g==, co`n che^' ddo^. ma~
ho'a md5crypt thi` no' ra nhu+ sau:
{CRYPT}$1$746kxGVi$4dUnm75UflMGJkEOVKwqc1. To^i chu+a xem ki~ source
code nhu+ng co' le~ tha(`ng vpopmail khi authenticate user no' se~
nhi`n va`o ca'i prefix, ne^'u la` {MD5} (cho che^' ddo^. md5-crypt,
12-charaters salt, mo+? dda^`u ba(`ng 1$1) hoa(.c {crypt} (cho che^'
ddo^. crypt, 2-characters salt) (chu' y' chu+~ thu+o+`ng) thi` no'
mo+'i process tie^'p, vi` phpldapadmin cu~ng nhu+ ca'c chu+o+ng tri`nh
kha'c, dde^`u ta.o prefix la` {CRYPT} chu+~ hoa cho ca? che^' ddo^.
md5-crypt va` crypt bi`nh thu+o+`ng.
DDo' la` ta^'t ca? nhu+~ng gi` to^i bie^'t dde^'n gio+` na`y, do ho^m
qua tre^~ qua' ne^n to^i ve^` pha?i ve^` nha`, ho^m nay vo^ la.i cho^~
la`m to^i se~ tie^'n ha`nh: hoa(.c la` su+?a code cu?a vpopmail la.i,
hoa(.c la` compile la.i vpopmail bo? che^' ddo^. ma~ ho'a md5-crypt
ddi. Cha('c la` se~ cho.n ca'ch thu+' hai, ly' do la` vi` ra^'t
nhie^`u chu+o+ng tri`nh su+? du.ng md5-crypt by default, vi' du. nhu+
ca'i tool migration cu?a openldap. Khi na`o la`m xong he^'t, tui se~
thu+? vie^'t mo^.t ca'i HOWTO :D.
--Tha'i.
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
VietLUG-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/vietlug-users
