本文主要介绍如何配置Trafodion的LDAP安全认证,关于LDAP的安装与使用,参考我的另外一篇“OpenLDAP服务端+PhpLdapAdmin 基本安装与配置 ”http://blog.csdn.net/post_yuan/article/details/53129735,也可以参考另外一篇”FreeIPA LDAP HA安装” http://blog.csdn.net/post_yuan/article/details/78204957
这里假设我们已经提前安装并配置好了OpenLDAP服务端环境,通过PhpLDAPAdmin可以查看到,如下图,
通过OpenLDAPAdmin Web UI创建一个trafodion用户组,并创建两个测试用户,如下图,
下面配置Trafodion端,Trafodion提供两种途径配置LDAP安全认证,1 安装时配置 2 安装后配置。这里介绍第二种,即在安装完成后如何配置LDAP认证。
1 检查当前trafodion是否配置LDAP认证
[trafodion@cent-1 scripts]$ echo $TRAFODION_ENABLE_AUTHENTICATION
NO2 配置traf_authentication_config文件,主要配置文件中的LDAPHostName、UniqueIdentifier、LDAPSearchDN及LDAPSearchPwd。
(注:在目前的版本中,LDAPSearchDN及LDAPSearchPwd不必配置)
[root@cent-1 migrationtools]# su - trafodion
[trafodion@cent-1 ~]$ cds
[trafodion@cent-1 scripts]$ ll traf_authentication_config
-rwxr-x---. 1 trafodion trafodion 2433 Jul 14 2016 traf_authentication_config
3 使用ldapconfigcheck检查配置文件是否可用
[root@cent-1 scripts]# ldapconfigcheck -file traf_authentication_config
File traf_authentication_config is valid.4 使用ldapcheck检查用户是否存在
[root@cent-1 scripts]# ldapcheck --username=jason
User jason found
[root@cent-1 scripts]# ldapcheck --username=kevin
User kevin found5 使用traf_authentication_setup开启LDAP认证功能
[trafodion@cent-1 scripts]$ traf_authentication_setup --file traf_authentication_config --on
INFO: Start of security (authentication and authorization) script Mon Jan 16 14:40:34 CST 2017.
INFO: Using configuration file traf_authentication_config
INFO: Configuration file is valid
INFO: Configuration file has been propagated to nodes in the cluster
INFO: Authorization (grant/revoke support) has been enabled
INFO: Modifying sqenvcom.sh to adjust the authentication default
INFO: Authentication has been enabled
INFO **** IMPORTANT ***
INFO: Please start a new shell and bounce DCS in order for the authentication change to take affect
INFO: End of security (authorization and authentication) script Mon Jan 16 14:41:05 CST 2017.6 重启DCS(dcsstop dcsstart)
7 通过sqlci注册LDAP中的用户
[trafodion@cent-1 bin]$ sqlci
EsgynDB Advanced Conversational Interface 2.1.0
Copyright (c) 2015-2016 Esgyn Corporation
>>register user jason;
--- SQL operation complete.
>>register user kevin;
--- SQL operation complete.8 通过trafci.sh验证LDAP认证是否开启,或者通过修改trafci进入
[trafodion@cent-1 bin]$ ./trafci.sh -h cent-1:23400 -u jason -p jason123
Welcome to EsgynDB Enterprise Command Interface
Copyright (c) 2015-2016 Esgyn Corporation
Host Name/IP Address: cent-1:23400
User Name: jason
Connected to EsgynDB Advanced
SQL>
[trafodion@cent-1 bin]$ ./trafci.sh -h cent-1:23400 -u jason -p jason1234
Welcome to EsgynDB Enterprise Command Interface
Copyright (c) 2015-2016 Esgyn Corporation
Host Name/IP Address: cent-1:23400
User Name: jason
*** ERROR[8837] Invalid username or password. User: JASON [2017-01-16 15:40:57]
User Name:
扫一扫
855
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
