Learn all about risk management and IT governance for the CAS-003 exam.
This course covers the security topics relative to the CASP+ Certification domain of risk management and IT Governance. In this course, the student will obtain the knowledge and skills needed to pass the CASP+ Certification exam as they relate to this specific domain. This course is one of five domains covered by the CAS-003 exam.
In this lab, we go through the process of adding a Linux user and then using a migrate utility to create an LDIF file that facilitates the use of the `ldapadd` command to add the user to an LDAP directory.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
Connect to the LDAP Server and the Linux Server
Connect to each server:
ssh cloud_user@
Provide the appropriate password from the lab interface.
Verify the Installation of LDAP on the LDAP Server
On the LDAP Server
Check the version of LDAP that has been staged:
slapd -VV
Verify the slapd daemon is running and active:
sudo systemctl status slapd
Provide the cloud_user password for the LDAP server.
Search the existing LDAP database:
ldapsearch -x -LLL -b dc=example,dc=com
Set the Password for the LDAP Server
On the LDAP Server
Generate an encrypted password:
slappasswd
Copy the output from that command into the clipboard and save it.
Use a Linux text editor to add the encrypted password to the slapd configuration file:
sudo vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif
Change the line that starts with olcRootPW, replacing the existing string after the colon with the encrypted password you just copied.
After saving the configuration file, restart the service:
sudo systemctl restart slapd
Add a Linux User and Migrate the User to LDAP
On the LDAP Server
Add a Linux user:
sudo useradd
sudo passwd
Respond with a password.
Grab the user and group lines from /etc/passwd and /etc/group, and output them to text files:
grep /etc/passwd > ./passwd.txt
grep /etc/group > ./group.txt
Use the migration utility to convert the Linux text into ldif format:
/usr/share/migrationtools/migrate_passwd.pl ./passwd.txt ./passwd.ldif
/usr/share/migrationtools/migrate_group.pl ./group.txt ./group.ldif
Look at the files you have created:
cat ./passwd.ldif
cat ./group.ldif
Add the ldif data to the directory:
ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f ./passwd.ldif
ldapadd -x -W -D "cn=Manager,dc=example,dc=com" -f ./group.ldif
Search the directory to determine the contents:
ldapsearch -x cn= -b dc=example,dc=com
Verify the User You Added Is Available from the LDAP Client
From the server configured as an LDAP client:
id
|