Sun DSEE7, úpravy nastavení 
* atributy souborů vytvořené instance:

[root@dhcppc2 dsInstanceEXAMPLE]# cd /usr/local/dsee7/dsInstanceEXAMPLE/
[root@dhcppc2 dsInstanceEXAMPLE]# find . -type d | xargs chmod 770
[root@dhcppc2 dsInstanceEXAMPLE]# find . -type f | xargs chmod 660

[root@dhcppc2 dsInstanceEXAMPLE]# find . | xargs ls -l
-rw-rw---- 1 ldapadm ldapadm 1624 Aug 14 12:32 ./alias/certmap.conf
-rw-rw---- 1 ldapadm ldapadm 16384 Aug 14 12:32 ./alias/secmod.db
-rw-rw---- 1 ldapadm ldapadm 65536 Aug 14 12:32 ./alias/slapd-cert8.db
-rw-rw---- 1 ldapadm ldapadm 16384 Aug 14 12:32 ./alias/slapd-key3.db
-rw-rw---- 1 ldapadm ldapadm 12 Aug 14 12:32 ./config/certdb.txt
-rw-rw---- 1 ldapadm ldapadm 80048 Aug 14 14:12 ./config/dse.ldif
-rw-rw---- 1 ldapadm ldapadm 70902 Aug 14 14:12 ./config/dse.ldif.bak
-rw-rw---- 1 ldapadm ldapadm 65343 Aug 14 12:35 ./config/dse.ldif.startOK
-rw-rw---- 1 ldapadm ldapadm 77945 Aug 14 12:32 ./config/schema/00core.ldif
-rw-rw---- 1 ldapadm ldapadm 7403 Aug 14 12:32 ./config/schema/00ds6pwp.ldif
-rw-rw---- 1 ldapadm ldapadm 1842 Aug 14 12:32 ./config/schema/05rfc2247.ldif


*** doplnit pro adresář, /usr/local/dsee7/dsInstance${NAME|$CLASS}/plugins/signatures
(cert7.db, key3.db, secmod.db)

* CACAO bind

[root@dhcppc2 bin]# cacaoadm stop
[root@dhcppc2 bin]# cacaoadm list-params
[root@dhcppc2 bin]# cacaoadm set-param network-bind-address=127.0.0.1
[root@dhcppc2 bin]# cacaoadm start


* CACAO file rights

[root@dhcppc2 local]# cacaoadm verify-configuration
CONFIG ERROR : File access rights of [/usr/local/dsee7/ext/cacao_2/etc/opt/sun/cacao2/instances/default/security/snmp] are wrong [rwxrwxrwx] should be [rwxr-xr-x].
CONFIG ERROR : File access rights of [/usr/local/dsee7/ext/cacao_2/etc/opt/sun/cacao2/instances/default/security/snmp/jdmk.acl] are wrong [rwxrwxrwx] should be [rw-------].


* není vhodné logovat do adresáře instance

[root@dhcppc2 dsee7]# INSTANCE_LOG="/var/log/dsee7/dsInstanceEXAMPLE/logs"
[root@dhcppc2 dsee7]# mkdir -p $INSTANCE_LOG
[root@dhcppc2 dsee7]# touch $INSTANCE_LOG/error
[root@dhcppc2 dsee7]# touch $INSTANCE_LOG/logs/audit
[root@dhcppc2 dsee7]# touch $INSTANCE_LOG/access
[root@dhcppc2 dsee7]# chown -R ldapadm.ldapadm $INSTANCE_LOG

[ldapadm]$ ldapmodify -h dhcppc2 -p 3200 -D "cn=Directory Manager" -w dsInstanceEXAMPLE
dn: cn=config
changetype: modify
replace: nsslapd-errorlog
nsslapd-errorlog: /var/log/dsee7/dsInstanceEXAMPLE/logs/errors
replace: nsslapd-accesslog
nsslapd-accesslog: /var/log/dsee7/dsInstanceEXAMPLE/logs/access
replace: nsslapd-auditlog
nsslapd-auditlog: /var/log/dsee7/dsInstanceEXAMPLE/logs/audit

[ldapadm]$ ldapmodify -h dhcppc2 -p 3200 -D "cn=Directory Manager" -w dsInstanceEXAMPLE
dn: cn=config
changetype: modify
replace: nsslapd-auditlog-permissions
nsslapd-auditlog-permissions: 660
replace: nsslapd-accesslog-permissions
nsslapd-accesslog-permissions: 660
replace: nsslapd-errorlog-permissions
nsslapd-errorlog-permissions: 660
modifying entry cn=config


* změna defaultní úrovně logování

[ldapadm]$  ldapmodify -h dhcppc2 -p 3200 -D "cn=Directory Manager" -w dsInstanceEXAMPLE
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-level
nsslapd-errorlog-level: 256
replace: nsslapd-infolog-level
nsslapd-infolog-level: 256


* ověření nastavení

[ldapadm]$ ldapsearch -h localhost -p 3200 -D "cn=Directory Manager" -w dsInstanceEXAMPLE -b "cn=config" -s base "(objectclass=*)" 


Core Server Configuration Reference

* password policy
[ldapadm]$ ldapsearch -h localhost -p 3200 -D "cn=Directory Manager" -w dsInstanceEXAMPLE -b "cn=Password Policy,cn=config" -s sub "(objectclass=*)"
version: 1
dn: cn=Password Policy,cn=config
objectClass: top
objectClass: ldapsubentry
objectClass: pwdPolicy
objectClass: sunPwdPolicy
objectClass: passwordPolicy
cn: Password Policy
pwdAttribute: userPassword
passwordStorageScheme: SSHA
passwordChange: on
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE
passwordRootdnMayBypassModsChecks: off
passwordNonRootMayResetUserpwd: on
passwordInHistory: 0
pwdInHistory: 0
passwordMinAge: 0
pwdMinAge: 0
passwordCheckSyntax: off
pwdCheckQuality: 0
passwordMinLength: 6
pwdMinLength: 6
passwordMustChange: off
pwdMustChange: FALSE
passwordExp: off
passwordMaxAge: 0
pwdMaxAge: 0
passwordWarning: 86400
pwdExpireWarning: 86400
passwordExpireWithoutWarning: on
pwdGraceAuthNLimit: 0
pwdKeepLastAuthTime: FALSE
passwordLockout: off
pwdLockout: FALSE
passwordMaxFailure: 3
pwdMaxFailure: 3
passwordResetFailureCount: 600
pwdFailureCountInterval: 600
pwdIsLockoutPrioritized: TRUE
passwordUnlock: on
passwordLockoutDuration: 3600
pwdLockoutDuration: 3600



[ add comment ] ( 4 views )   |  [ 0 trackbacks ]   |  permalink

<<First <Back | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | Next> Last>>