User:Sfiggins/RH-TACACS with LDAP Backend
From Labrats.us
Jump to navigationJump to searchInstall and Setup New CentOS 7 Server
Create base Centos 7 server, as documented below
New CentOS 7 Server Setup Commands
Edit /etc/ssh/sshd_config to enable X11 forwarding
edit /etc/ssh/sshd_config and replace:
X11Forwarding no X11UseLocalhost yes
with:
X11Forwarding yes X11UseLocalhost no
And add:
AddressFamily inet
Restart sshd
# /etc/init.d/sshd restart
Setup CPAN
Instal GCC
# yum install gcc Loaded plugins: product-id, rhnplugin, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package gcc.x86_64 0:4.4.7-16.el6 will be installed --> Processing Dependency: libgomp = 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: cpp = 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: libgcc >= 4.4.7-16.el6 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.7-16.el6.x86_64 --> Processing Dependency: glibc-devel >= 2.2.90-12 for package: gcc-4.4.7-16.el6.x86_64 --> Running transaction check ---> Package cloog-ppl.x86_64 0:0.15.7-1.2.el6 will be installed --> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64 --> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-1.2.el6.x86_64 ---> Package cpp.x86_64 0:4.4.7-16.el6 will be installed --> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.7-16.el6.x86_64 ---> Package glibc-devel.x86_64 0:2.12-1.166.el6_7.1 will be installed --> Processing Dependency: glibc-headers = 2.12-1.166.el6_7.1 for package: glibc-devel-2.12-1.166.el6_7.1.x86_64 --> Processing Dependency: glibc-headers for package: glibc-devel-2.12-1.166.el6_7.1.x86_64 ---> Package libgcc.x86_64 0:4.4.6-3.el6 will be updated ---> Package libgcc.x86_64 0:4.4.7-16.el6 will be an update ---> Package libgomp.x86_64 0:4.4.6-3.el6 will be updated ---> Package libgomp.x86_64 0:4.4.7-16.el6 will be an update --> Running transaction check ---> Package glibc-headers.x86_64 0:2.12-1.166.el6_7.1 will be installed --> Processing Dependency: kernel-headers >= 2.2.1 for package: glibc-headers-2.12-1.166.el6_7.1.x86_64 --> Processing Dependency: kernel-headers for package: glibc-headers-2.12-1.166.el6_7.1.x86_64 ---> Package mpfr.x86_64 0:2.4.1-6.el6 will be installed ---> Package ppl.x86_64 0:0.10.2-11.el6 will be installed --> Running transaction check ---> Package kernel-headers.x86_64 0:2.6.32-573.1.1.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================ Package Arch Version Repository Size ============================================================================================================================ Installing: gcc x86_64 4.4.7-16.el6 twtc-rhel-i386_64-server-6 10 M Installing for dependencies: cloog-ppl x86_64 0.15.7-1.2.el6 twtc-rhel-i386_64-server-6 93 k cpp x86_64 4.4.7-16.el6 twtc-rhel-i386_64-server-6 3.7 M glibc-devel x86_64 2.12-1.166.el6_7.1 twtc-rhel-i386_64-server-6 985 k glibc-headers x86_64 2.12-1.166.el6_7.1 twtc-rhel-i386_64-server-6 614 k kernel-headers x86_64 2.6.32-573.1.1.el6 twtc-rhel-i386_64-server-6 3.9 M mpfr x86_64 2.4.1-6.el6 twtc-rhel-i386_64-server-6 156 k ppl x86_64 0.10.2-11.el6 twtc-rhel-i386_64-server-6 1.3 M Updating for dependencies: libgcc x86_64 4.4.7-16.el6 twtc-rhel-i386_64-server-6 103 k libgomp x86_64 4.4.7-16.el6 twtc-rhel-i386_64-server-6 134 k Transaction Summary ============================================================================================================================ Install 8 Package(s) Upgrade 2 Package(s) Total download size: 21 M Is this ok [y/N]: y Downloading Packages: (1/10): cloog-ppl-0.15.7-1.2.el6.x86_64.rpm | 93 kB 00:00 (2/10): cpp-4.4.7-16.el6.x86_64.rpm | 3.7 MB 00:00 (3/10): gcc-4.4.7-16.el6.x86_64.rpm | 10 MB 00:00 (4/10): glibc-devel-2.12-1.166.el6_7.1.x86_64.rpm | 985 kB 00:00 (5/10): glibc-headers-2.12-1.166.el6_7.1.x86_64.rpm | 614 kB 00:00 (6/10): kernel-headers-2.6.32-573.1.1.el6.x86_64.rpm | 3.9 MB 00:00 (7/10): libgcc-4.4.7-16.el6.x86_64.rpm | 103 kB 00:00 (8/10): libgomp-4.4.7-16.el6.x86_64.rpm | 134 kB 00:00 (9/10): mpfr-2.4.1-6.el6.x86_64.rpm | 156 kB 00:00 (10/10): ppl-0.10.2-11.el6.x86_64.rpm | 1.3 MB 00:00 ---------------------------------------------------------------------------------------------------------------------------- Total 9.0 MB/s | 21 MB 00:02 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : libgcc-4.4.7-16.el6.x86_64 1/12 Installing : ppl-0.10.2-11.el6.x86_64 2/12 Installing : cloog-ppl-0.15.7-1.2.el6.x86_64 3/12 Installing : kernel-headers-2.6.32-573.1.1.el6.x86_64 4/12 Installing : glibc-headers-2.12-1.166.el6_7.1.x86_64 5/12 Installing : glibc-devel-2.12-1.166.el6_7.1.x86_64 6/12 Installing : mpfr-2.4.1-6.el6.x86_64 7/12 Installing : cpp-4.4.7-16.el6.x86_64 8/12 Updating : libgomp-4.4.7-16.el6.x86_64 9/12 Installing : gcc-4.4.7-16.el6.x86_64 10/12 Cleanup : libgcc-4.4.6-3.el6.x86_64 11/12 Cleanup : libgomp-4.4.6-3.el6.x86_64 12/12 Installed: gcc.x86_64 0:4.4.7-16.el6 Dependency Installed: cloog-ppl.x86_64 0:0.15.7-1.2.el6 cpp.x86_64 0:4.4.7-16.el6 glibc-devel.x86_64 0:2.12-1.166.el6_7.1 glibc-headers.x86_64 0:2.12-1.166.el6_7.1 kernel-headers.x86_64 0:2.6.32-573.1.1.el6 mpfr.x86_64 0:2.4.1-6.el6 ppl.x86_64 0:0.10.2-11.el6 Dependency Updated: libgcc.x86_64 0:4.4.7-16.el6 libgomp.x86_64 0:4.4.7-16.el6 Complete!
Install CPAN
# yum install cpan Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.cs.uwp.edu * extras: mirror.cs.uwp.edu * updates: sjc.edge.kernel.org Resolving Dependencies --> Running transaction check ---> Package perl-CPAN.noarch 0:1.9800-293.el7 will be installed --> Processing Dependency: perl(local::lib) for package: perl-CPAN-1.9800-293.el7.noarch --> Processing Dependency: perl(ExtUtils::MakeMaker) for package: perl-CPAN-1.9800-293.el7.noarch --> Processing Dependency: perl(Digest::SHA) for package: perl-CPAN-1.9800-293.el7.noarch --> Running transaction check ---> Package perl-Digest-SHA.x86_64 1:5.85-4.el7 will be installed --> Processing Dependency: perl(Digest::base) for package: 1:perl-Digest-SHA-5.85-4.el7.x86_64 ---> Package perl-ExtUtils-MakeMaker.noarch 0:6.68-3.el7 will be installed --> Processing Dependency: perl(Test::Harness) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch --> Processing Dependency: perl(ExtUtils::Packlist) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch --> Processing Dependency: perl(ExtUtils::Manifest) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch --> Processing Dependency: perl(ExtUtils::Installed) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch --> Processing Dependency: perl(ExtUtils::Install) for package: perl-ExtUtils-MakeMaker-6.68-3.el7.noarch ---> Package perl-local-lib.noarch 0:1.008010-4.el7 will be installed --> Running transaction check ---> Package perl-Digest.noarch 0:1.17-245.el7 will be installed ---> Package perl-ExtUtils-Install.noarch 0:1.58-293.el7 will be installed --> Processing Dependency: perl-devel for package: perl-ExtUtils-Install-1.58-293.el7.noarch ---> Package perl-ExtUtils-Manifest.noarch 0:1.61-244.el7 will be installed ---> Package perl-Test-Harness.noarch 0:3.28-3.el7 will be installed --> Running transaction check ---> Package perl-devel.x86_64 4:5.16.3-293.el7 will be installed --> Processing Dependency: systemtap-sdt-devel for package: 4:perl-devel-5.16.3-293.el7.x86_64 --> Processing Dependency: perl(ExtUtils::ParseXS) for package: 4:perl-devel-5.16.3-293.el7.x86_64 --> Processing Dependency: libdb-devel for package: 4:perl-devel-5.16.3-293.el7.x86_64 --> Processing Dependency: gdbm-devel for package: 4:perl-devel-5.16.3-293.el7.x86_64 --> Running transaction check ---> Package gdbm-devel.x86_64 0:1.10-8.el7 will be installed ---> Package libdb-devel.x86_64 0:5.3.21-24.el7 will be installed --> Processing Dependency: libdb(x86-64) = 5.3.21-24.el7 for package: libdb-devel-5.3.21-24.el7.x86_64 ---> Package perl-ExtUtils-ParseXS.noarch 1:3.18-3.el7 will be installed ---> Package systemtap-sdt-devel.x86_64 0:3.3-3.el7 will be installed --> Processing Dependency: pyparsing for package: systemtap-sdt-devel-3.3-3.el7.x86_64 --> Running transaction check ---> Package libdb.x86_64 0:5.3.21-17.el7_0.1 will be updated --> Processing Dependency: libdb(x86-64) = 5.3.21-17.el7_0.1 for package: libdb-utils-5.3.21-17.el7_0.1.x86_64 ---> Package libdb.x86_64 0:5.3.21-24.el7 will be an update ---> Package pyparsing.noarch 0:1.5.6-9.el7 will be installed --> Running transaction check ---> Package libdb-utils.x86_64 0:5.3.21-17.el7_0.1 will be updated ---> Package libdb-utils.x86_64 0:5.3.21-24.el7 will be an update --> Finished Dependency Resolution Dependencies Resolved =================================================================================================== Package Arch Version Repository Size =================================================================================================== Installing: perl-CPAN noarch 1.9800-293.el7 base 293 k Installing for dependencies: gdbm-devel x86_64 1.10-8.el7 base 47 k libdb-devel x86_64 5.3.21-24.el7 base 38 k perl-Digest noarch 1.17-245.el7 base 23 k perl-Digest-SHA x86_64 1:5.85-4.el7 base 58 k perl-ExtUtils-Install noarch 1.58-293.el7 base 74 k perl-ExtUtils-MakeMaker noarch 6.68-3.el7 base 275 k perl-ExtUtils-Manifest noarch 1.61-244.el7 base 31 k perl-ExtUtils-ParseXS noarch 1:3.18-3.el7 base 77 k perl-Test-Harness noarch 3.28-3.el7 base 302 k perl-devel x86_64 4:5.16.3-293.el7 base 453 k perl-local-lib noarch 1.008010-4.el7 base 64 k pyparsing noarch 1.5.6-9.el7 base 94 k systemtap-sdt-devel x86_64 3.3-3.el7 base 74 k Updating for dependencies: libdb x86_64 5.3.21-24.el7 base 720 k libdb-utils x86_64 5.3.21-24.el7 base 132 k Transaction Summary =================================================================================================== Install 1 Package (+13 Dependent packages) Upgrade ( 2 Dependent packages) Total download size: 2.7 M Is this ok [y/d/N]: y Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/16): gdbm-devel-1.10-8.el7.x86_64.rpm | 47 kB 00:00:00 (2/16): libdb-devel-5.3.21-24.el7.x86_64.rpm | 38 kB 00:00:00 (3/16): libdb-5.3.21-24.el7.x86_64.rpm | 720 kB 00:00:00 (4/16): libdb-utils-5.3.21-24.el7.x86_64.rpm | 132 kB 00:00:00 (5/16): perl-CPAN-1.9800-293.el7.noarch.rpm | 293 kB 00:00:00 (6/16): perl-Digest-1.17-245.el7.noarch.rpm | 23 kB 00:00:00 (7/16): perl-Digest-SHA-5.85-4.el7.x86_64.rpm | 58 kB 00:00:00 (8/16): perl-ExtUtils-Install-1.58-293.el7.noarch.rpm | 74 kB 00:00:00 (9/16): perl-ExtUtils-MakeMaker-6.68-3.el7.noarch.rpm | 275 kB 00:00:00 (10/16): perl-ExtUtils-Manifest-1.61-244.el7.noarch.rpm | 31 kB 00:00:00 (11/16): perl-ExtUtils-ParseXS-3.18-3.el7.noarch.rpm | 77 kB 00:00:00 (12/16): perl-Test-Harness-3.28-3.el7.noarch.rpm | 302 kB 00:00:00 (13/16): perl-devel-5.16.3-293.el7.x86_64.rpm | 453 kB 00:00:00 (14/16): perl-local-lib-1.008010-4.el7.noarch.rpm | 64 kB 00:00:00 (15/16): systemtap-sdt-devel-3.3-3.el7.x86_64.rpm | 74 kB 00:00:00 (16/16): pyparsing-1.5.6-9.el7.noarch.rpm | 94 kB 00:00:00 --------------------------------------------------------------------------------------------------- Total 2.9 MB/s | 2.7 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : libdb-5.3.21-24.el7.x86_64 1/18 Installing : libdb-devel-5.3.21-24.el7.x86_64 2/18 Installing : pyparsing-1.5.6-9.el7.noarch 3/18 Installing : systemtap-sdt-devel-3.3-3.el7.x86_64 4/18 Installing : perl-Digest-1.17-245.el7.noarch 5/18 Installing : 1:perl-Digest-SHA-5.85-4.el7.x86_64 6/18 Installing : perl-ExtUtils-Manifest-1.61-244.el7.noarch 7/18 Installing : perl-Test-Harness-3.28-3.el7.noarch 8/18 Installing : perl-local-lib-1.008010-4.el7.noarch 9/18 Installing : gdbm-devel-1.10-8.el7.x86_64 10/18 Installing : 1:perl-ExtUtils-ParseXS-3.18-3.el7.noarch 11/18 Installing : perl-ExtUtils-MakeMaker-6.68-3.el7.noarch 12/18 Installing : perl-ExtUtils-Install-1.58-293.el7.noarch 13/18 Installing : 4:perl-devel-5.16.3-293.el7.x86_64 14/18 Installing : perl-CPAN-1.9800-293.el7.noarch 15/18 Updating : libdb-utils-5.3.21-24.el7.x86_64 16/18 Cleanup : libdb-utils-5.3.21-17.el7_0.1.x86_64 17/18 Cleanup : libdb-5.3.21-17.el7_0.1.x86_64 18/18 Verifying : libdb-5.3.21-24.el7.x86_64 1/18 Verifying : gdbm-devel-1.10-8.el7.x86_64 2/18 Verifying : 1:perl-ExtUtils-ParseXS-3.18-3.el7.noarch 3/18 Verifying : perl-local-lib-1.008010-4.el7.noarch 4/18 Verifying : perl-CPAN-1.9800-293.el7.noarch 5/18 Verifying : perl-Test-Harness-3.28-3.el7.noarch 6/18 Verifying : 1:perl-Digest-SHA-5.85-4.el7.x86_64 7/18 Verifying : perl-ExtUtils-Install-1.58-293.el7.noarch 8/18 Verifying : perl-ExtUtils-Manifest-1.61-244.el7.noarch 9/18 Verifying : libdb-utils-5.3.21-24.el7.x86_64 10/18 Verifying : perl-Digest-1.17-245.el7.noarch 11/18 Verifying : pyparsing-1.5.6-9.el7.noarch 12/18 Verifying : libdb-devel-5.3.21-24.el7.x86_64 13/18 Verifying : perl-ExtUtils-MakeMaker-6.68-3.el7.noarch 14/18 Verifying : systemtap-sdt-devel-3.3-3.el7.x86_64 15/18 Verifying : 4:perl-devel-5.16.3-293.el7.x86_64 16/18 Verifying : libdb-utils-5.3.21-17.el7_0.1.x86_64 17/18 Verifying : libdb-5.3.21-17.el7_0.1.x86_64 18/18 Installed: perl-CPAN.noarch 0:1.9800-293.el7 Dependency Installed: gdbm-devel.x86_64 0:1.10-8.el7 libdb-devel.x86_64 0:5.3.21-24.el7 perl-Digest.noarch 0:1.17-245.el7 perl-Digest-SHA.x86_64 1:5.85-4.el7 perl-ExtUtils-Install.noarch 0:1.58-293.el7 perl-ExtUtils-MakeMaker.noarch 0:6.68-3.el7 perl-ExtUtils-Manifest.noarch 0:1.61-244.el7 perl-ExtUtils-ParseXS.noarch 1:3.18-3.el7 perl-Test-Harness.noarch 0:3.28-3.el7 perl-devel.x86_64 4:5.16.3-293.el7 perl-local-lib.noarch 0:1.008010-4.el7 pyparsing.noarch 0:1.5.6-9.el7 systemtap-sdt-devel.x86_64 0:3.3-3.el7 Dependency Updated: libdb.x86_64 0:5.3.21-24.el7 libdb-utils.x86_64 0:5.3.21-24.el7 Complete!
Auto Configure CPAN
When you first run CPAN, it will offer to automatically configure. Go ahead and let it do this, and we will fix it later.
Change some defaults
# cpan
Terminal does not support AddHistory.
cpan shell -- CPAN exploration and modules installation (v1.9402)
Enter 'h' for help.
cpan[1]> o conf urllist
urllist
Type 'o conf' to view all configuration items
cpan[4]> o conf commit
commit: wrote '/root/.cpan/CPAN/MyConfig.pm'
# perl -npe 's/root\/.cpan/var\/spool\/cpan/g' -i /root/.cpan/CPAN/MyConfig.pm # mkdir -p /var/spool/cpan
Update CPAN
# cpan Terminal does not support AddHistory. cpan shell -- CPAN exploration and modules installation (v1.9402) Enter 'h' for help. cpan[1]> install CPAN cpan[2]> reload cpan
Install Perl Modules (via yum)
Install the perm modules that are possible via yum
# yum install perl-Capture-Tiny perl-DBD-MySQL perl-DBI perl-Net-DNS perl-Time-Piece
Install Perl Modules (via CPAN)
Install the following modules via CPAN:
Array::Compare Date::Calendar Date::Calendar::Profiles Date::Parse IO::Select MIME::Lite Net::LDAP::Constant Net::LDAP::Control::Paged Net::LDAP::Entry Net::LDAPS Net::LDAP::Util
Command looks like this:
# cpan Terminal does not support AddHistory. cpan shell -- CPAN exploration and modules installation (v2.10) Enter 'h' for help. cpan[1]> install Array::Compare Date::Calendar Date::Calendar::Profiles Date::Parse IO::Select MIME::Lite Net::LDAP::Constant \ Net::LDAP::Control::Paged Net::LDAP::Entry Net::LDAPS Net::LDAP::Util
Follow through the install process, hitting a million "Y".
Install 389-ds
Set your server fully qualified domain in /etc/hosts file
Edit file /etc/hosts/
# vi /etc/hosts
Add an entry for the local hostname and network IP address
10.255.7.37 centos-auth.home.labrats.us centos-auth
Firewall Configuration
Allow the following ldap ports to your iptables
# firewall-cmd --permanent --add-port=389/tcp # firewall-cmd --permanent --add-port=636/tcp # firewall-cmd --permanent --add-port=9830/tcp
Restart firewall
# firewall-cmd --reload
Add EPEL and REMI Repository
EPEL is required, but I don't think that REMI is.
Install and Enable EPEL Repository on CentOS 7
# yum install epel-release Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.cs.uwp.edu * extras: mirror.cs.uwp.edu * updates: sjc.edge.kernel.org Resolving Dependencies --> Running transaction check ---> Package epel-release.noarch 0:7-11 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================================================================================== Package Arch Version Repository Size =================================================================================================== Installing: epel-release noarch 7-11 extras 15 k Transaction Summary =================================================================================================== Install 1 Package Total download size: 15 k Installed size: 24 k Is this ok [y/d/N]: y Downloading packages: epel-release-7-11.noarch.rpm | 15 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : epel-release-7-11.noarch 1/1 Verifying : epel-release-7-11.noarch 1/1 Installed: epel-release.noarch 0:7-11 Complete!
Install and enable REMI repository On CentOS 7
# yum install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
Enable REMI repository
# vi /etc/yum.repos.d/remi.repo
Change enabled to 1
[...] enabled=1 [...]
Performance and Security tuning for LDAP server
Before installing LDAP server, we have to adjust some files for performance and security.
Edit file “/etc/sysctl.conf”
# vi /etc/sysctl.conf
Add the following lines at the end
net.ipv4.tcp_keepalive_time = 300 net.ipv4.ip_local_port_range = 1024 65000 fs.file-max = 64000
Load the new value
# sysctl -p
Edit file “/etc/security/limits.conf”
# vi /etc/security/limits.conf
Add the following lines at the end
* soft nofile 8192 * hard nofile 8192
Edit file “/etc/profile”
vi /etc/profile
Add the line at the end
ulimit -n 8192
Edit file “/etc/pam.d/login”
vi /etc/pam.d/login
Add the line at the end
session required /lib/security/pam_limits.so
Now Restart the server.
# shutdown -r now
Install 389 Directory Server
Install 389-ds-base package using command
# yum install 389-ds-base openldap-clients idm-console-framework 389-admin 389-adminutil \
389-admin-console 389-console 389-ds-console
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.cs.uwp.edu
* epel: mirror.colorado.edu
* extras: mirror.cs.uwp.edu
* updates: sjc.edge.kernel.org
Resolving Dependencies
--> Running transaction check
---> Package 389-admin.x86_64 0:1.1.46-1.el7 will be installed
--> Processing Dependency: policycoreutils-python for package: 389-admin-1.1.46-1.el7.x86_64
--> Processing Dependency: perl-Mozilla-LDAP for package: 389-admin-1.1.46-1.el7.x86_64
--> Processing Dependency: perl(Mozilla::LDAP::Utils) for package: 389-admin-1.1.46-1.el7.x86_64
--> Processing Dependency: perl(Mozilla::LDAP::LDIF) for package: 389-admin-1.1.46-1.el7.x86_64
--> Processing Dependency: perl(Mozilla::LDAP::Conn) for package: 389-admin-1.1.46-1.el7.x86_64
--> Processing Dependency: perl(Mozilla::LDAP::API) for package: 389-admin-1.1.46-1.el7.x86_64
--> Processing Dependency: perl(CGI) for package: 389-admin-1.1.46-1.el7.x86_64
--> Processing Dependency: mod_nss for package: 389-admin-1.1.46-1.el7.x86_64
--> Processing Dependency: libicuuc.so.50()(64bit) for package: 389-admin-1.1.46-1.el7.x86_64
--> Processing Dependency: libicui18n.so.50()(64bit) for package: 389-admin-1.1.46-1.el7.x86_64
--> Processing Dependency: libicudata.so.50()(64bit) for package: 389-admin-1.1.46-1.el7.x86_64
---> Package 389-admin-console.noarch 0:1.1.12-1.el7 will be installed
---> Package 389-adminutil.x86_64 0:1.1.21-2.el7 will be installed
---> Package 389-console.noarch 0:1.1.18-1.el7 will be installed
--> Processing Dependency: java-headless >= 1.8.0 for package: 389-console-1.1.18-1.el7.noarch
--> Processing Dependency: jpackage-utils for package: 389-console-1.1.18-1.el7.noarch
---> Package 389-ds-base.x86_64 0:1.3.8.4-18.el7_6 will be installed
--> Processing Dependency: 389-ds-base-libs = 1.3.8.4-18.el7_6 for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: svrcore >= 4.1.3 for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: python-ldap for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: perl-NetAddr-IP for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: perl(NetAddr::IP::Util) for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: perl(DB_File) for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: perl(Archive::Tar) for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: libsemanage-python for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: gperftools-libs for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: cyrus-sasl-plain for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: cyrus-sasl-md5 for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: libtcmalloc.so.4()(64bit) for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: libsvrcore.so.0()(64bit) for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: libslapd.so.0()(64bit) for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: libsds.so.0()(64bit) for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: libnunc-stans.so.0()(64bit) for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: libns-dshttpd-1.3.8.4.so()(64bit) for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: libldaputil.so.0()(64bit) for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
--> Processing Dependency: libevent-2.0.so.5()(64bit) for package: 389-ds-base-1.3.8.4-18.el7_6.x86_64
---> Package 389-ds-console.noarch 0:1.2.16-1.el7 will be installed
---> Package idm-console-framework.noarch 0:1.1.17-4.el7 will be installed
--> Processing Dependency: jss >= 4.2.6-35 for package: idm-console-framework-1.1.17-4.el7.noarch
--> Processing Dependency: java >= 1:1.6.0 for package: idm-console-framework-1.1.17-4.el7.noarch
--> Processing Dependency: ldapjdk for package: idm-console-framework-1.1.17-4.el7.noarch
---> Package openldap-clients.x86_64 0:2.4.44-20.el7 will be installed
--> Processing Dependency: openldap(x86-64) = 2.4.44-20.el7 for package: openldap-clients-2.4.44-20.el7.x86_64
--> Running transaction check
---> Package 389-ds-base-libs.x86_64 0:1.3.8.4-18.el7_6 will be installed
---> Package cyrus-sasl-md5.x86_64 0:2.1.26-23.el7 will be installed
---> Package cyrus-sasl-plain.x86_64 0:2.1.26-23.el7 will be installed
---> Package gperftools-libs.x86_64 0:2.6.1-1.el7 will be installed
---> Package java-1.8.0-openjdk.x86_64 1:1.8.0.191.b12-1.el7_6 will be installed
--> Processing Dependency: xorg-x11-fonts-Type1 for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: libpng15.so.15(PNG15_0)(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: libjpeg.so.62(LIBJPEG_6.2)(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: fontconfig(x86-64) for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: libpng15.so.15()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: libjpeg.so.62()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: libgif.so.4()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: libXtst.so.6()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: libXrender.so.1()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: libXi.so.6()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: libXext.so.6()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: libXcomposite.so.1()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: libX11.so.6()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64
---> Package java-1.8.0-openjdk-headless.x86_64 1:1.8.0.191.b12-1.el7_6 will be installed
--> Processing Dependency: tzdata-java >= 2015d for package: 1:java-1.8.0-openjdk-headless-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: copy-jdk-configs >= 2.2 for package: 1:java-1.8.0-openjdk-headless-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: chkconfig >= 1.7 for package: 1:java-1.8.0-openjdk-headless-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: chkconfig >= 1.7 for package: 1:java-1.8.0-openjdk-headless-1.8.0.191.b12-1.el7_6.x86_64
--> Processing Dependency: lksctp-tools(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.191.b12-1.el7_6.x86_64
---> Package javapackages-tools.noarch 0:3.4.1-11.el7 will be installed
--> Processing Dependency: python-javapackages = 3.4.1-11.el7 for package: javapackages-tools-3.4.1-11.el7.noarch
--> Processing Dependency: libxslt for package: javapackages-tools-3.4.1-11.el7.noarch
---> Package jss.x86_64 0:4.4.4-3.el7 will be installed
--> Processing Dependency: apache-commons-lang for package: jss-4.4.4-3.el7.x86_64
--> Processing Dependency: apache-commons-codec for package: jss-4.4.4-3.el7.x86_64
---> Package ldapjdk.noarch 0:4.19-5.el7 will be installed
---> Package libevent.x86_64 0:2.0.21-4.el7 will be installed
---> Package libicu.x86_64 0:50.1.2-17.el7 will be installed
---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be installed
---> Package mod_nss.x86_64 0:1.0.14-12.el7 will be installed
epel/x86_64/filelists | 10 MB 00:00:00
base/7/x86_64/filelists_db | 7.1 MB 00:00:03
updates/7/x86_64/filelists_db | 1.3 MB 00:00:00
--> Processing Dependency: httpd-mmn = 20120211x8664 for package: mod_nss-1.0.14-12.el7.x86_64
--> Processing Dependency: httpd for package: mod_nss-1.0.14-12.el7.x86_64
---> Package openldap.x86_64 0:2.4.39-6.el7 will be updated
---> Package openldap.x86_64 0:2.4.44-20.el7 will be an update
---> Package perl-Archive-Tar.noarch 0:1.92-2.el7 will be installed
--> Processing Dependency: perl(IO::Zlib) >= 1.01 for package: perl-Archive-Tar-1.92-2.el7.noarch
--> Processing Dependency: perl(Package::Constants) for package: perl-Archive-Tar-1.92-2.el7.noarch
--> Processing Dependency: perl(IO::Zlib) for package: perl-Archive-Tar-1.92-2.el7.noarch
---> Package perl-CGI.noarch 0:3.63-4.el7 will be installed
--> Processing Dependency: perl(FCGI) >= 0.67 for package: perl-CGI-3.63-4.el7.noarch
---> Package perl-DB_File.x86_64 0:1.830-6.el7 will be installed
---> Package perl-Mozilla-LDAP.x86_64 0:1.5.3-12.el7 will be installed
---> Package perl-NetAddr-IP.x86_64 0:4.069-3.el7 will be installed
---> Package policycoreutils-python.x86_64 0:2.5-29.el7 will be installed
--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libcgroup for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64
--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-29.el7.x86_64
---> Package python-ldap.x86_64 0:2.4.15-2.el7 will be installed
---> Package svrcore.x86_64 0:4.1.3-2.el7 will be installed
--> Running transaction check
---> Package apache-commons-codec.noarch 0:1.8-7.el7 will be installed
---> Package apache-commons-lang.noarch 0:2.6-15.el7 will be installed
---> Package audit-libs-python.x86_64 0:2.8.4-4.el7 will be installed
--> Processing Dependency: audit-libs(x86-64) = 2.8.4-4.el7 for package: audit-libs-python-2.8.4-4.el7.x86_64
---> Package checkpolicy.x86_64 0:2.5-8.el7 will be installed
---> Package chkconfig.x86_64 0:1.3.61-4.el7 will be updated
---> Package chkconfig.x86_64 0:1.7.4-1.el7 will be an update
---> Package copy-jdk-configs.noarch 0:3.3-10.el7_5 will be installed
---> Package fontconfig.x86_64 0:2.13.0-4.3.el7 will be installed
--> Processing Dependency: freetype >= 2.8-7 for package: fontconfig-2.13.0-4.3.el7.x86_64
--> Processing Dependency: fontpackages-filesystem for package: fontconfig-2.13.0-4.3.el7.x86_64
--> Processing Dependency: dejavu-sans-fonts for package: fontconfig-2.13.0-4.3.el7.x86_64
---> Package giflib.x86_64 0:4.1.6-9.el7 will be installed
--> Processing Dependency: libSM.so.6()(64bit) for package: giflib-4.1.6-9.el7.x86_64
--> Processing Dependency: libICE.so.6()(64bit) for package: giflib-4.1.6-9.el7.x86_64
---> Package httpd.x86_64 0:2.4.6-88.el7.centos will be installed
--> Processing Dependency: httpd-tools = 2.4.6-88.el7.centos for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-88.el7.centos.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-88.el7.centos.x86_64
---> Package libX11.x86_64 0:1.6.5-2.el7 will be installed
--> Processing Dependency: libX11-common >= 1.6.5-2.el7 for package: libX11-1.6.5-2.el7.x86_64
--> Processing Dependency: libxcb.so.1()(64bit) for package: libX11-1.6.5-2.el7.x86_64
---> Package libXcomposite.x86_64 0:0.4.4-4.1.el7 will be installed
---> Package libXext.x86_64 0:1.3.3-3.el7 will be installed
---> Package libXi.x86_64 0:1.7.9-1.el7 will be installed
---> Package libXrender.x86_64 0:0.9.10-1.el7 will be installed
---> Package libXtst.x86_64 0:1.2.3-1.el7 will be installed
---> Package libcgroup.x86_64 0:0.41-20.el7 will be installed
---> Package libjpeg-turbo.x86_64 0:1.2.90-6.el7 will be installed
---> Package libpng.x86_64 2:1.5.13-7.el7_2 will be installed
---> Package libxslt.x86_64 0:1.1.28-5.el7 will be installed
---> Package lksctp-tools.x86_64 0:1.0.17-2.el7 will be installed
---> Package perl-FCGI.x86_64 1:0.74-8.el7 will be installed
---> Package perl-IO-Zlib.noarch 1:1.10-293.el7 will be installed
---> Package perl-Package-Constants.noarch 1:0.02-293.el7 will be installed
---> Package python-IPy.noarch 0:0.75-6.el7 will be installed
---> Package python-javapackages.noarch 0:3.4.1-11.el7 will be installed
--> Processing Dependency: python-lxml for package: python-javapackages-3.4.1-11.el7.noarch
---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be installed
---> Package tzdata-java.noarch 0:2018g-1.el7 will be installed
---> Package xorg-x11-fonts-Type1.noarch 0:7.5-9.el7 will be installed
--> Processing Dependency: ttmkfdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch
--> Processing Dependency: ttmkfdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch
--> Processing Dependency: mkfontdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch
--> Processing Dependency: mkfontdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7_4.1 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package audit-libs.x86_64 0:2.4.1-5.el7 will be updated
--> Processing Dependency: audit-libs = 2.4.1-5.el7 for package: audit-2.4.1-5.el7.x86_64
---> Package audit-libs.x86_64 0:2.8.4-4.el7 will be an update
---> Package dejavu-sans-fonts.noarch 0:2.33-6.el7 will be installed
--> Processing Dependency: dejavu-fonts-common = 2.33-6.el7 for package: dejavu-sans-fonts-2.33-6.el7.noarch
---> Package fontpackages-filesystem.noarch 0:1.44-8.el7 will be installed
---> Package freetype.x86_64 0:2.4.11-9.el7 will be updated
---> Package freetype.x86_64 0:2.8-12.el7 will be an update
---> Package httpd-tools.x86_64 0:2.4.6-88.el7.centos will be installed
---> Package libICE.x86_64 0:1.0.9-9.el7 will be installed
---> Package libSM.x86_64 0:1.2.2-2.el7 will be installed
---> Package libX11-common.noarch 0:1.6.5-2.el7 will be installed
---> Package libxcb.x86_64 0:1.13-1.el7 will be installed
--> Processing Dependency: libXau.so.6()(64bit) for package: libxcb-1.13-1.el7.x86_64
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
---> Package python-lxml.x86_64 0:3.2.1-4.el7 will be installed
---> Package ttmkfdir.x86_64 0:3.0.9-42.el7 will be installed
---> Package xorg-x11-font-utils.x86_64 1:7.5-21.el7 will be installed
--> Processing Dependency: libfontenc.so.1()(64bit) for package: 1:xorg-x11-font-utils-7.5-21.el7.x86_64
--> Running transaction check
---> Package audit.x86_64 0:2.4.1-5.el7 will be updated
---> Package audit.x86_64 0:2.8.4-4.el7 will be an update
---> Package dejavu-fonts-common.noarch 0:2.33-6.el7 will be installed
---> Package libXau.x86_64 0:1.0.8-2.1.el7 will be installed
---> Package libfontenc.x86_64 0:1.1.3-3.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=========================================================================================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================================================================================
Installing:
389-admin x86_64 1.1.46-1.el7 epel 391 k
389-admin-console noarch 1.1.12-1.el7 epel 204 k
389-adminutil x86_64 1.1.21-2.el7 epel 73 k
389-console noarch 1.1.18-1.el7 epel 75 k
389-ds-base x86_64 1.3.8.4-18.el7_6 updates 1.7 M
389-ds-console noarch 1.2.16-1.el7 epel 1.4 M
idm-console-framework noarch 1.1.17-4.el7 epel 1.1 M
openldap-clients x86_64 2.4.44-20.el7 base 190 k
Installing for dependencies:
389-ds-base-libs x86_64 1.3.8.4-18.el7_6 updates 699 k
apache-commons-codec noarch 1.8-7.el7 base 223 k
apache-commons-lang noarch 2.6-15.el7 base 276 k
apr x86_64 1.4.8-3.el7_4.1 base 103 k
apr-util x86_64 1.5.2-6.el7 base 92 k
audit-libs-python x86_64 2.8.4-4.el7 base 76 k
checkpolicy x86_64 2.5-8.el7 base 295 k
copy-jdk-configs noarch 3.3-10.el7_5 base 21 k
cyrus-sasl-md5 x86_64 2.1.26-23.el7 base 57 k
cyrus-sasl-plain x86_64 2.1.26-23.el7 base 39 k
dejavu-fonts-common noarch 2.33-6.el7 base 64 k
dejavu-sans-fonts noarch 2.33-6.el7 base 1.4 M
fontconfig x86_64 2.13.0-4.3.el7 base 254 k
fontpackages-filesystem noarch 1.44-8.el7 base 9.9 k
giflib x86_64 4.1.6-9.el7 base 40 k
gperftools-libs x86_64 2.6.1-1.el7 base 272 k
httpd x86_64 2.4.6-88.el7.centos base 2.7 M
httpd-tools x86_64 2.4.6-88.el7.centos base 90 k
java-1.8.0-openjdk x86_64 1:1.8.0.191.b12-1.el7_6 updates 254 k
java-1.8.0-openjdk-headless x86_64 1:1.8.0.191.b12-1.el7_6 updates 32 M
javapackages-tools noarch 3.4.1-11.el7 base 73 k
jss x86_64 4.4.4-3.el7 base 1.1 M
ldapjdk noarch 4.19-5.el7 base 317 k
libICE x86_64 1.0.9-9.el7 base 66 k
libSM x86_64 1.2.2-2.el7 base 39 k
libX11 x86_64 1.6.5-2.el7 base 606 k
libX11-common noarch 1.6.5-2.el7 base 164 k
libXau x86_64 1.0.8-2.1.el7 base 29 k
libXcomposite x86_64 0.4.4-4.1.el7 base 22 k
libXext x86_64 1.3.3-3.el7 base 39 k
libXi x86_64 1.7.9-1.el7 base 40 k
libXrender x86_64 0.9.10-1.el7 base 26 k
libXtst x86_64 1.2.3-1.el7 base 20 k
libcgroup x86_64 0.41-20.el7 base 66 k
libevent x86_64 2.0.21-4.el7 base 214 k
libfontenc x86_64 1.1.3-3.el7 base 31 k
libicu x86_64 50.1.2-17.el7 base 6.9 M
libjpeg-turbo x86_64 1.2.90-6.el7 base 134 k
libpng x86_64 2:1.5.13-7.el7_2 base 213 k
libsemanage-python x86_64 2.5-14.el7 base 113 k
libxcb x86_64 1.13-1.el7 base 214 k
libxslt x86_64 1.1.28-5.el7 base 242 k
lksctp-tools x86_64 1.0.17-2.el7 base 88 k
mailcap noarch 2.1.41-2.el7 base 31 k
mod_nss x86_64 1.0.14-12.el7 base 113 k
perl-Archive-Tar noarch 1.92-2.el7 base 73 k
perl-CGI noarch 3.63-4.el7 base 250 k
perl-DB_File x86_64 1.830-6.el7 base 74 k
perl-FCGI x86_64 1:0.74-8.el7 base 42 k
perl-IO-Zlib noarch 1:1.10-293.el7 base 51 k
perl-Mozilla-LDAP x86_64 1.5.3-12.el7 base 147 k
perl-NetAddr-IP x86_64 4.069-3.el7 base 125 k
perl-Package-Constants noarch 1:0.02-293.el7 base 45 k
policycoreutils-python x86_64 2.5-29.el7 base 456 k
python-IPy noarch 0.75-6.el7 base 32 k
python-javapackages noarch 3.4.1-11.el7 base 31 k
python-ldap x86_64 2.4.15-2.el7 base 159 k
python-lxml x86_64 3.2.1-4.el7 base 758 k
setools-libs x86_64 3.3.8-4.el7 base 620 k
svrcore x86_64 4.1.3-2.el7 base 19 k
ttmkfdir x86_64 3.0.9-42.el7 base 48 k
tzdata-java noarch 2018g-1.el7 updates 185 k
xorg-x11-font-utils x86_64 1:7.5-21.el7 base 104 k
xorg-x11-fonts-Type1 noarch 7.5-9.el7 base 521 k
Updating for dependencies:
audit x86_64 2.8.4-4.el7 base 250 k
audit-libs x86_64 2.8.4-4.el7 base 100 k
chkconfig x86_64 1.7.4-1.el7 base 181 k
freetype x86_64 2.8-12.el7 base 380 k
openldap x86_64 2.4.44-20.el7 base 355 k
Transaction Summary
=========================================================================================================================================================================================
Install 8 Packages (+64 Dependent packages)
Upgrade ( 5 Dependent packages)
Total download size: 59 M
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/epel/packages/389-admin-1.1.46-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY ] 0.0 B/s | 0 B --:--:-- ETA
Public key for 389-admin-1.1.46-1.el7.x86_64.rpm is not installed
(1/77): 389-admin-1.1.46-1.el7.x86_64.rpm | 391 kB 00:00:00
(2/77): 389-admin-console-1.1.12-1.el7.noarch.rpm | 204 kB 00:00:00
(3/77): 389-adminutil-1.1.21-2.el7.x86_64.rpm | 73 kB 00:00:00
(4/77): 389-console-1.1.18-1.el7.noarch.rpm | 75 kB 00:00:00
(5/77): 389-ds-console-1.2.16-1.el7.noarch.rpm | 1.4 MB 00:00:00
(6/77): 389-ds-base-libs-1.3.8.4-18.el7_6.x86_64.rpm | 699 kB 00:00:00
(7/77): 389-ds-base-1.3.8.4-18.el7_6.x86_64.rpm | 1.7 MB 00:00:00
(8/77): apache-commons-lang-2.6-15.el7.noarch.rpm | 276 kB 00:00:00
(9/77): apache-commons-codec-1.8-7.el7.noarch.rpm | 223 kB 00:00:00
(10/77): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00:00
(11/77): audit-2.8.4-4.el7.x86_64.rpm | 250 kB 00:00:00
(12/77): audit-libs-python-2.8.4-4.el7.x86_64.rpm | 76 kB 00:00:00
(13/77): checkpolicy-2.5-8.el7.x86_64.rpm | 295 kB 00:00:00
(14/77): chkconfig-1.7.4-1.el7.x86_64.rpm | 181 kB 00:00:00
(15/77): copy-jdk-configs-3.3-10.el7_5.noarch.rpm | 21 kB 00:00:00
(16/77): cyrus-sasl-md5-2.1.26-23.el7.x86_64.rpm | 57 kB 00:00:00
(17/77): dejavu-fonts-common-2.33-6.el7.noarch.rpm | 64 kB 00:00:00
(18/77): cyrus-sasl-plain-2.1.26-23.el7.x86_64.rpm | 39 kB 00:00:00
(19/77): fontconfig-2.13.0-4.3.el7.x86_64.rpm | 254 kB 00:00:00
(20/77): apr-1.4.8-3.el7_4.1.x86_64.rpm | 103 kB 00:00:00
(21/77): fontpackages-filesystem-1.44-8.el7.noarch.rpm | 9.9 kB 00:00:00
(22/77): dejavu-sans-fonts-2.33-6.el7.noarch.rpm | 1.4 MB 00:00:00
(23/77): freetype-2.8-12.el7.x86_64.rpm | 380 kB 00:00:00
(24/77): gperftools-libs-2.6.1-1.el7.x86_64.rpm | 272 kB 00:00:00
(25/77): audit-libs-2.8.4-4.el7.x86_64.rpm | 100 kB 00:00:00
(26/77): httpd-tools-2.4.6-88.el7.centos.x86_64.rpm | 90 kB 00:00:00
(27/77): giflib-4.1.6-9.el7.x86_64.rpm | 40 kB 00:00:00
(28/77): java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64.rpm | 254 kB 00:00:00
(29/77): httpd-2.4.6-88.el7.centos.x86_64.rpm | 2.7 MB 00:00:00
(30/77): javapackages-tools-3.4.1-11.el7.noarch.rpm | 73 kB 00:00:00
(31/77): ldapjdk-4.19-5.el7.noarch.rpm | 317 kB 00:00:00
(32/77): libICE-1.0.9-9.el7.x86_64.rpm | 66 kB 00:00:00
(33/77): libSM-1.2.2-2.el7.x86_64.rpm | 39 kB 00:00:00
(34/77): libX11-1.6.5-2.el7.x86_64.rpm | 606 kB 00:00:00
(35/77): libXau-1.0.8-2.1.el7.x86_64.rpm | 29 kB 00:00:00
(36/77): libX11-common-1.6.5-2.el7.noarch.rpm | 164 kB 00:00:00
(37/77): libXcomposite-0.4.4-4.1.el7.x86_64.rpm | 22 kB 00:00:00
(38/77): libXext-1.3.3-3.el7.x86_64.rpm | 39 kB 00:00:00
(39/77): libXi-1.7.9-1.el7.x86_64.rpm | 40 kB 00:00:00
(40/77): libXrender-0.9.10-1.el7.x86_64.rpm | 26 kB 00:00:00
(41/77): libXtst-1.2.3-1.el7.x86_64.rpm | 20 kB 00:00:00
(42/77): libcgroup-0.41-20.el7.x86_64.rpm | 66 kB 00:00:00
(43/77): libevent-2.0.21-4.el7.x86_64.rpm | 214 kB 00:00:00
(44/77): jss-4.4.4-3.el7.x86_64.rpm | 1.1 MB 00:00:00
(45/77): libicu-50.1.2-17.el7.x86_64.rpm | 6.9 MB 00:00:00
(46/77): libpng-1.5.13-7.el7_2.x86_64.rpm | 213 kB 00:00:00
(47/77): libsemanage-python-2.5-14.el7.x86_64.rpm | 113 kB 00:00:00
(48/77): libxcb-1.13-1.el7.x86_64.rpm | 214 kB 00:00:00
(49/77): libxslt-1.1.28-5.el7.x86_64.rpm | 242 kB 00:00:00
(50/77): libfontenc-1.1.3-3.el7.x86_64.rpm | 31 kB 00:00:00
(51/77): libjpeg-turbo-1.2.90-6.el7.x86_64.rpm | 134 kB 00:00:00
(52/77): lksctp-tools-1.0.17-2.el7.x86_64.rpm | 88 kB 00:00:00
(53/77): mailcap-2.1.41-2.el7.noarch.rpm | 31 kB 00:00:00
(54/77): openldap-2.4.44-20.el7.x86_64.rpm | 355 kB 00:00:00
(55/77): mod_nss-1.0.14-12.el7.x86_64.rpm | 113 kB 00:00:00
(56/77): perl-Archive-Tar-1.92-2.el7.noarch.rpm | 73 kB 00:00:00
(57/77): openldap-clients-2.4.44-20.el7.x86_64.rpm | 190 kB 00:00:00
(58/77): perl-DB_File-1.830-6.el7.x86_64.rpm | 74 kB 00:00:00
(59/77): perl-FCGI-0.74-8.el7.x86_64.rpm | 42 kB 00:00:00
(60/77): perl-CGI-3.63-4.el7.noarch.rpm | 250 kB 00:00:00
(61/77): idm-console-framework-1.1.17-4.el7.noarch.rpm | 1.1 MB 00:00:00
(62/77): perl-IO-Zlib-1.10-293.el7.noarch.rpm | 51 kB 00:00:00
(63/77): perl-Mozilla-LDAP-1.5.3-12.el7.x86_64.rpm | 147 kB 00:00:00
(64/77): perl-Package-Constants-0.02-293.el7.noarch.rpm | 45 kB 00:00:00
(65/77): java-1.8.0-openjdk-headless-1.8.0.191.b12-1.el7_6.x86_64.rpm | 32 MB 00:00:00
(66/77): policycoreutils-python-2.5-29.el7.x86_64.rpm | 456 kB 00:00:00
(67/77): python-IPy-0.75-6.el7.noarch.rpm | 32 kB 00:00:00
(68/77): perl-NetAddr-IP-4.069-3.el7.x86_64.rpm | 125 kB 00:00:00
(69/77): python-javapackages-3.4.1-11.el7.noarch.rpm | 31 kB 00:00:00
(70/77): setools-libs-3.3.8-4.el7.x86_64.rpm | 620 kB 00:00:00
(71/77): python-lxml-3.2.1-4.el7.x86_64.rpm | 758 kB 00:00:00
(72/77): svrcore-4.1.3-2.el7.x86_64.rpm | 19 kB 00:00:00
(73/77): ttmkfdir-3.0.9-42.el7.x86_64.rpm | 48 kB 00:00:00
(74/77): tzdata-java-2018g-1.el7.noarch.rpm | 185 kB 00:00:00
(75/77): xorg-x11-fonts-Type1-7.5-9.el7.noarch.rpm | 521 kB 00:00:00
(76/77): xorg-x11-font-utils-7.5-21.el7.x86_64.rpm | 104 kB 00:00:00
(77/77): python-ldap-2.4.15-2.el7.x86_64.rpm | 159 kB 00:00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 18 MB/s | 59 MB 00:00:03
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
Userid : "Fedora EPEL (7) <epel@fedoraproject.org>"
Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
Package : epel-release-7-11.noarch (@extras)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : openldap-2.4.44-20.el7.x86_64 1/82
Installing : apr-1.4.8-3.el7_4.1.x86_64 2/82
Installing : libicu-50.1.2-17.el7.x86_64 3/82
Installing : apr-util-1.5.2-6.el7.x86_64 4/82
Installing : perl-Mozilla-LDAP-1.5.3-12.el7.x86_64 5/82
Updating : chkconfig-1.7.4-1.el7.x86_64 6/82
Installing : gperftools-libs-2.6.1-1.el7.x86_64 7/82
Updating : audit-libs-2.8.4-4.el7.x86_64 8/82
Installing : libxslt-1.1.28-5.el7.x86_64 9/82
Installing : libevent-2.0.21-4.el7.x86_64 10/82
Installing : libsemanage-python-2.5-14.el7.x86_64 11/82
Installing : libICE-1.0.9-9.el7.x86_64 12/82
Installing : svrcore-4.1.3-2.el7.x86_64 13/82
Installing : libjpeg-turbo-1.2.90-6.el7.x86_64 14/82
Installing : fontpackages-filesystem-1.44-8.el7.noarch 15/82
Installing : 2:libpng-1.5.13-7.el7_2.x86_64 16/82
Updating : freetype-2.8-12.el7.x86_64 17/82
Installing : ttmkfdir-3.0.9-42.el7.x86_64 18/82
Installing : dejavu-fonts-common-2.33-6.el7.noarch 19/82
Installing : dejavu-sans-fonts-2.33-6.el7.noarch 20/82
Installing : fontconfig-2.13.0-4.3.el7.x86_64 21/82
Installing : 389-ds-base-libs-1.3.8.4-18.el7_6.x86_64 22/82
Installing : libSM-1.2.2-2.el7.x86_64 23/82
Installing : python-lxml-3.2.1-4.el7.x86_64 24/82
Installing : python-javapackages-3.4.1-11.el7.noarch 25/82
Installing : javapackages-tools-3.4.1-11.el7.noarch 26/82
Installing : audit-libs-python-2.8.4-4.el7.x86_64 27/82
Installing : httpd-tools-2.4.6-88.el7.centos.x86_64 28/82
Installing : 389-adminutil-1.1.21-2.el7.x86_64 29/82
Installing : python-ldap-2.4.15-2.el7.x86_64 30/82
Installing : openldap-clients-2.4.44-20.el7.x86_64 31/82
Installing : libfontenc-1.1.3-3.el7.x86_64 32/82
Installing : 1:xorg-x11-font-utils-7.5-21.el7.x86_64 33/82
Installing : xorg-x11-fonts-Type1-7.5-9.el7.noarch 34/82
Installing : libcgroup-0.41-20.el7.x86_64 35/82
Installing : tzdata-java-2018g-1.el7.noarch 36/82
Installing : libX11-common-1.6.5-2.el7.noarch 37/82
Installing : lksctp-tools-1.0.17-2.el7.x86_64 38/82
Installing : python-IPy-0.75-6.el7.noarch 39/82
Installing : perl-DB_File-1.830-6.el7.x86_64 40/82
Installing : 1:perl-IO-Zlib-1.10-293.el7.noarch 41/82
Installing : setools-libs-3.3.8-4.el7.x86_64 42/82
Installing : mailcap-2.1.41-2.el7.noarch 43/82
Installing : httpd-2.4.6-88.el7.centos.x86_64 44/82
Installing : mod_nss-1.0.14-12.el7.x86_64 45/82
mod_nss certificate database generated.
Installing : 1:perl-Package-Constants-0.02-293.el7.noarch 46/82
Installing : perl-Archive-Tar-1.92-2.el7.noarch 47/82
Installing : cyrus-sasl-plain-2.1.26-23.el7.x86_64 48/82
Installing : copy-jdk-configs-3.3-10.el7_5.noarch 49/82
Installing : 1:java-1.8.0-openjdk-headless-1.8.0.191.b12-1.el7_6.x86_64 50/82
Installing : checkpolicy-2.5-8.el7.x86_64 51/82
Installing : policycoreutils-python-2.5-29.el7.x86_64 52/82
Installing : perl-NetAddr-IP-4.069-3.el7.x86_64 53/82
Installing : libXau-1.0.8-2.1.el7.x86_64 54/82
Installing : libxcb-1.13-1.el7.x86_64 55/82
Installing : libX11-1.6.5-2.el7.x86_64 56/82
Installing : libXext-1.3.3-3.el7.x86_64 57/82
Installing : libXi-1.7.9-1.el7.x86_64 58/82
Installing : libXtst-1.2.3-1.el7.x86_64 59/82
Installing : giflib-4.1.6-9.el7.x86_64 60/82
Installing : libXrender-0.9.10-1.el7.x86_64 61/82
Installing : libXcomposite-0.4.4-4.1.el7.x86_64 62/82
Installing : 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64 63/82
Installing : apache-commons-codec-1.8-7.el7.noarch 64/82
Installing : apache-commons-lang-2.6-15.el7.noarch 65/82
Installing : ldapjdk-4.19-5.el7.noarch 66/82
Installing : jss-4.4.4-3.el7.x86_64 67/82
Installing : idm-console-framework-1.1.17-4.el7.noarch 68/82
Installing : 1:perl-FCGI-0.74-8.el7.x86_64 69/82
Installing : perl-CGI-3.63-4.el7.noarch 70/82
Installing : cyrus-sasl-md5-2.1.26-23.el7.x86_64 71/82
Installing : 389-ds-base-1.3.8.4-18.el7_6.x86_64 72/82
Installing : 389-admin-1.1.46-1.el7.x86_64 73/82
Installing : 389-ds-console-1.2.16-1.el7.noarch 74/82
Installing : 389-admin-console-1.1.12-1.el7.noarch 75/82
Installing : 389-console-1.1.18-1.el7.noarch 76/82
Updating : audit-2.8.4-4.el7.x86_64 77/82
Cleanup : audit-2.4.1-5.el7.x86_64 78/82
Cleanup : audit-libs-2.4.1-5.el7.x86_64 79/82
Cleanup : chkconfig-1.3.61-4.el7.x86_64 80/82
Cleanup : freetype-2.4.11-9.el7.x86_64 81/82
Cleanup : openldap-2.4.39-6.el7.x86_64 82/82
Verifying : libXext-1.3.3-3.el7.x86_64 1/82
Verifying : cyrus-sasl-md5-2.1.26-23.el7.x86_64 2/82
Verifying : dejavu-sans-fonts-2.33-6.el7.noarch 3/82
Verifying : fontconfig-2.13.0-4.3.el7.x86_64 4/82
Verifying : 1:perl-FCGI-0.74-8.el7.x86_64 5/82
Verifying : giflib-4.1.6-9.el7.x86_64 6/82
Verifying : libXau-1.0.8-2.1.el7.x86_64 7/82
Verifying : libXrender-0.9.10-1.el7.x86_64 8/82
Verifying : python-ldap-2.4.15-2.el7.x86_64 9/82
Verifying : libXi-1.7.9-1.el7.x86_64 10/82
Verifying : python-lxml-3.2.1-4.el7.x86_64 11/82
Verifying : 2:libpng-1.5.13-7.el7_2.x86_64 12/82
Verifying : 389-ds-console-1.2.16-1.el7.noarch 13/82
Verifying : apache-commons-codec-1.8-7.el7.noarch 14/82
Verifying : 389-ds-base-libs-1.3.8.4-18.el7_6.x86_64 15/82
Verifying : perl-NetAddr-IP-4.069-3.el7.x86_64 16/82
Verifying : dejavu-fonts-common-2.33-6.el7.noarch 17/82
Verifying : fontpackages-filesystem-1.44-8.el7.noarch 18/82
Verifying : ttmkfdir-3.0.9-42.el7.x86_64 19/82
Verifying : openldap-2.4.44-20.el7.x86_64 20/82
Verifying : libjpeg-turbo-1.2.90-6.el7.x86_64 21/82
Verifying : checkpolicy-2.5-8.el7.x86_64 22/82
Verifying : 389-admin-1.1.46-1.el7.x86_64 23/82
Verifying : apache-commons-lang-2.6-15.el7.noarch 24/82
Verifying : 389-ds-base-1.3.8.4-18.el7_6.x86_64 25/82
Verifying : openldap-clients-2.4.44-20.el7.x86_64 26/82
Verifying : copy-jdk-configs-3.3-10.el7_5.noarch 27/82
Verifying : python-javapackages-3.4.1-11.el7.noarch 28/82
Verifying : svrcore-4.1.3-2.el7.x86_64 29/82
Verifying : 389-admin-console-1.1.12-1.el7.noarch 30/82
Verifying : freetype-2.8-12.el7.x86_64 31/82
Verifying : libICE-1.0.9-9.el7.x86_64 32/82
Verifying : jss-4.4.4-3.el7.x86_64 33/82
Verifying : httpd-tools-2.4.6-88.el7.centos.x86_64 34/82
Verifying : libXtst-1.2.3-1.el7.x86_64 35/82
Verifying : cyrus-sasl-plain-2.1.26-23.el7.x86_64 36/82
Verifying : libxcb-1.13-1.el7.x86_64 37/82
Verifying : 1:perl-Package-Constants-0.02-293.el7.noarch 38/82
Verifying : 389-console-1.1.18-1.el7.noarch 39/82
Verifying : perl-Mozilla-LDAP-1.5.3-12.el7.x86_64 40/82
Verifying : mailcap-2.1.41-2.el7.noarch 41/82
Verifying : setools-libs-3.3.8-4.el7.x86_64 42/82
Verifying : idm-console-framework-1.1.17-4.el7.noarch 43/82
Verifying : mod_nss-1.0.14-12.el7.x86_64 44/82
Verifying : xorg-x11-fonts-Type1-7.5-9.el7.noarch 45/82
Verifying : libicu-50.1.2-17.el7.x86_64 46/82
Verifying : libsemanage-python-2.5-14.el7.x86_64 47/82
Verifying : libevent-2.0.21-4.el7.x86_64 48/82
Verifying : apr-util-1.5.2-6.el7.x86_64 49/82
Verifying : libX11-1.6.5-2.el7.x86_64 50/82
Verifying : 1:java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64 51/82
Verifying : 389-adminutil-1.1.21-2.el7.x86_64 52/82
Verifying : 1:perl-IO-Zlib-1.10-293.el7.noarch 53/82
Verifying : libXcomposite-0.4.4-4.1.el7.x86_64 54/82
Verifying : httpd-2.4.6-88.el7.centos.x86_64 55/82
Verifying : javapackages-tools-3.4.1-11.el7.noarch 56/82
Verifying : libxslt-1.1.28-5.el7.x86_64 57/82
Verifying : apr-1.4.8-3.el7_4.1.x86_64 58/82
Verifying : 1:java-1.8.0-openjdk-headless-1.8.0.191.b12-1.el7_6.x86_64 59/82
Verifying : audit-libs-python-2.8.4-4.el7.x86_64 60/82
Verifying : perl-DB_File-1.830-6.el7.x86_64 61/82
Verifying : perl-CGI-3.63-4.el7.noarch 62/82
Verifying : python-IPy-0.75-6.el7.noarch 63/82
Verifying : lksctp-tools-1.0.17-2.el7.x86_64 64/82
Verifying : libSM-1.2.2-2.el7.x86_64 65/82
Verifying : audit-libs-2.8.4-4.el7.x86_64 66/82
Verifying : policycoreutils-python-2.5-29.el7.x86_64 67/82
Verifying : gperftools-libs-2.6.1-1.el7.x86_64 68/82
Verifying : libX11-common-1.6.5-2.el7.noarch 69/82
Verifying : 1:xorg-x11-font-utils-7.5-21.el7.x86_64 70/82
Verifying : tzdata-java-2018g-1.el7.noarch 71/82
Verifying : perl-Archive-Tar-1.92-2.el7.noarch 72/82
Verifying : chkconfig-1.7.4-1.el7.x86_64 73/82
Verifying : libcgroup-0.41-20.el7.x86_64 74/82
Verifying : libfontenc-1.1.3-3.el7.x86_64 75/82
Verifying : ldapjdk-4.19-5.el7.noarch 76/82
Verifying : audit-2.8.4-4.el7.x86_64 77/82
Verifying : openldap-2.4.39-6.el7.x86_64 78/82
Verifying : freetype-2.4.11-9.el7.x86_64 79/82
Verifying : audit-libs-2.4.1-5.el7.x86_64 80/82
Verifying : chkconfig-1.3.61-4.el7.x86_64 81/82
Verifying : audit-2.4.1-5.el7.x86_64 82/82
Installed:
389-admin.x86_64 0:1.1.46-1.el7 389-admin-console.noarch 0:1.1.12-1.el7 389-adminutil.x86_64 0:1.1.21-2.el7 389-console.noarch 0:1.1.18-1.el7
389-ds-base.x86_64 0:1.3.8.4-18.el7_6 389-ds-console.noarch 0:1.2.16-1.el7 idm-console-framework.noarch 0:1.1.17-4.el7 openldap-clients.x86_64 0:2.4.44-20.el7
Dependency Installed:
389-ds-base-libs.x86_64 0:1.3.8.4-18.el7_6 apache-commons-codec.noarch 0:1.8-7.el7 apache-commons-lang.noarch 0:2.6-15.el7
apr.x86_64 0:1.4.8-3.el7_4.1 apr-util.x86_64 0:1.5.2-6.el7 audit-libs-python.x86_64 0:2.8.4-4.el7
checkpolicy.x86_64 0:2.5-8.el7 copy-jdk-configs.noarch 0:3.3-10.el7_5 cyrus-sasl-md5.x86_64 0:2.1.26-23.el7
cyrus-sasl-plain.x86_64 0:2.1.26-23.el7 dejavu-fonts-common.noarch 0:2.33-6.el7 dejavu-sans-fonts.noarch 0:2.33-6.el7
fontconfig.x86_64 0:2.13.0-4.3.el7 fontpackages-filesystem.noarch 0:1.44-8.el7 giflib.x86_64 0:4.1.6-9.el7
gperftools-libs.x86_64 0:2.6.1-1.el7 httpd.x86_64 0:2.4.6-88.el7.centos httpd-tools.x86_64 0:2.4.6-88.el7.centos
java-1.8.0-openjdk.x86_64 1:1.8.0.191.b12-1.el7_6 java-1.8.0-openjdk-headless.x86_64 1:1.8.0.191.b12-1.el7_6 javapackages-tools.noarch 0:3.4.1-11.el7
jss.x86_64 0:4.4.4-3.el7 ldapjdk.noarch 0:4.19-5.el7 libICE.x86_64 0:1.0.9-9.el7
libSM.x86_64 0:1.2.2-2.el7 libX11.x86_64 0:1.6.5-2.el7 libX11-common.noarch 0:1.6.5-2.el7
libXau.x86_64 0:1.0.8-2.1.el7 libXcomposite.x86_64 0:0.4.4-4.1.el7 libXext.x86_64 0:1.3.3-3.el7
libXi.x86_64 0:1.7.9-1.el7 libXrender.x86_64 0:0.9.10-1.el7 libXtst.x86_64 0:1.2.3-1.el7
libcgroup.x86_64 0:0.41-20.el7 libevent.x86_64 0:2.0.21-4.el7 libfontenc.x86_64 0:1.1.3-3.el7
libicu.x86_64 0:50.1.2-17.el7 libjpeg-turbo.x86_64 0:1.2.90-6.el7 libpng.x86_64 2:1.5.13-7.el7_2
libsemanage-python.x86_64 0:2.5-14.el7 libxcb.x86_64 0:1.13-1.el7 libxslt.x86_64 0:1.1.28-5.el7
lksctp-tools.x86_64 0:1.0.17-2.el7 mailcap.noarch 0:2.1.41-2.el7 mod_nss.x86_64 0:1.0.14-12.el7
perl-Archive-Tar.noarch 0:1.92-2.el7 perl-CGI.noarch 0:3.63-4.el7 perl-DB_File.x86_64 0:1.830-6.el7
perl-FCGI.x86_64 1:0.74-8.el7 perl-IO-Zlib.noarch 1:1.10-293.el7 perl-Mozilla-LDAP.x86_64 0:1.5.3-12.el7
perl-NetAddr-IP.x86_64 0:4.069-3.el7 perl-Package-Constants.noarch 1:0.02-293.el7 policycoreutils-python.x86_64 0:2.5-29.el7
python-IPy.noarch 0:0.75-6.el7 python-javapackages.noarch 0:3.4.1-11.el7 python-ldap.x86_64 0:2.4.15-2.el7
python-lxml.x86_64 0:3.2.1-4.el7 setools-libs.x86_64 0:3.3.8-4.el7 svrcore.x86_64 0:4.1.3-2.el7
ttmkfdir.x86_64 0:3.0.9-42.el7 tzdata-java.noarch 0:2018g-1.el7 xorg-x11-font-utils.x86_64 1:7.5-21.el7
xorg-x11-fonts-Type1.noarch 0:7.5-9.el7
Dependency Updated:
audit.x86_64 0:2.8.4-4.el7 audit-libs.x86_64 0:2.8.4-4.el7 chkconfig.x86_64 0:1.7.4-1.el7 freetype.x86_64 0:2.8-12.el7 openldap.x86_64 0:2.4.44-20.el7
Complete!
Configure LDAP server
# ulimit -n 8192 # setup-ds-admin.pl
Example looks like this:
# setup-ds-admin.pl
==============================================================================
This program will set up the 389 Directory and Administration Servers.
It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
- Press "Enter" to choose the default and go to the next screen
- Type "Control-B" then "Enter" to go back to the previous screen
- Type "Control-C" to cancel the setup program
Would you like to continue with set up? [yes]:
==============================================================================
Your system has been scanned for potential problems, missing patches,
etc. The following output is a report of the items found that need to
be addressed before running this software in a production
environment.
389 Directory Server system tuning analysis version 14-JULY-2016.
NOTICE : System is x86_64-unknown-linux3.10.0-957.1.3.el7.x86_64 (1 processor).
Would you like to continue? [yes]:
==============================================================================
Choose a setup type:
1. Express
Allows you to quickly set up the servers using the most
common options and pre-defined defaults. Useful for quick
evaluation of the products.
2. Typical
Allows you to specify common defaults and options.
3. Custom
Allows you to specify more advanced options. This is
recommended for experienced server administrators only.
To accept the default shown in brackets, press the Enter key.
Choose a setup type [2]:
==============================================================================
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: eros.example.com.
To accept the default shown in brackets, press the Enter key.
Warning: This step may take a few minutes if your DNS servers
can not be reached or if DNS is not configured correctly. If
you would rather not wait, hit Ctrl-C and run this program again
with the following command line option to specify the hostname:
General.FullMachineName=your.hostname.domain.name
Computer name [centos-auth.home.labrats.us]:
==============================================================================
The servers must run as a specific user in a specific group.
It is strongly recommended that this user should have no privileges
on the computer (i.e. a non-root user). The setup procedure
will give this user/group some permissions in specific paths/files
to perform server-specific operations.
If you have not yet created a user and group for the servers,
create this user and group using your native operating
system utilities.
System User [dirsrv]:
System Group [dirsrv]:
==============================================================================
Server information is stored in the configuration directory server.
This information is used by the console and administration server to
configure and manage your servers. If you have already set up a
configuration directory server, you should register any servers you
set up or create with the configuration server. To do so, the
following information about the configuration server is required: the
fully qualified host name of the form
<hostname>.<domainname>(e.g. hostname.example.com), the port number
(default 389), the suffix, the DN and password of a user having
permission to write the configuration information, usually the
configuration directory administrator, and if you are using security
(TLS/SSL). If you are using TLS/SSL, specify the TLS/SSL (LDAPS) port
number (default 636) instead of the regular LDAP port number, and
provide the CA certificate (in PEM/ASCII format).
If you do not yet have a configuration directory server, enter 'No' to
be prompted to set up one.
Do you want to register this software with an existing
configuration directory server? [no]:
==============================================================================
Please enter the administrator ID for the configuration directory
server. This is the ID typically used to log in to the console. You
will also be prompted for the password.
Configuration directory server
administrator ID [admin]:
Password:
Password (confirm):
==============================================================================
The information stored in the configuration directory server can be
separated into different Administration Domains. If you are managing
multiple software releases at the same time, or managing information
about multiple domains, you may use the Administration Domain to keep
them separate.
If you are not using administrative domains, press Enter to select the
default. Otherwise, enter some descriptive, unique name for the
administration domain, such as the name of the organization
responsible for managing the domain.
Administration Domain [home.labrats.us]: home.labrats.us
==============================================================================
The standard directory server network port number is 389. However, if
you are not logged as the superuser, or port 389 is in use, the
default value will be a random unused port number greater than 1024.
If you want to use port 389, make sure that you are logged in as the
superuser, that port 389 is not in use.
Directory server network port [389]:
==============================================================================
Each instance of a directory server requires a unique identifier.
This identifier is used to name the various
instance specific files and directories in the file system,
as well as for other uses as a server instance identifier.
Directory server identifier [den1-it-tacacs-01]:
==============================================================================
The suffix is the root of your directory tree. The suffix must be a valid DN.
It is recommended that you use the dc=domaincomponent suffix convention.
For example, if your domain is example.com,
you should use dc=example,dc=com for your suffix.
Setup will create this initial suffix for you,
but you may have more than one suffix.
Use the directory server utilities to create additional suffixes.
Suffix [dc=home, dc=labrats, dc=us]: dc=home, dc=labrats, dc=us
==============================================================================
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and typically has a
bind Distinguished Name (DN) of cn=Directory Manager.
You will also be prompted for the password for this user. The password must
be at least 8 characters long, and contain no spaces.
Press Control-B or type the word "back", then Enter to back up and start over.
Directory Manager DN [cn=Directory Manager]:
Password:
Password (confirm):
==============================================================================
The Administration Server is separate from any of your web or application
servers since it listens to a different port and access to it is
restricted.
Pick a port number between 1024 and 65535 to run your Administration
Server on. You should NOT use a port number which you plan to
run a web or application server on, rather, select a number which you
will remember and which will not be used for anything else.
Administration port [9830]:
==============================================================================
The interactive phase is complete. The script will now set up your
servers. Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]:
Creating directory server . . .
Your new DS instance 'den1-it-tacacs-01' was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
The admin server was successfully started.
Admin server was successfully created, configured, and started.
Exiting . . .
Log file is '/tmp/setupsHaXM4.log'
Obtain SSL Certificate and Key
This may be a publicly signed certificate, but we will use a private / self-signed CA and certificate.
Follow instructions below to setup and deploy a self-signed CA and certificate.
User:Sfiggins/Self Signed CA Instructions
Convert Certificate to P12 Format
Convert your new certificate to the p12 format using the following command
(Passwords are likely blank, unless you setup a password when creating the key.)
# openssl pkcs12 -export -inkey your_private_key.key -in result.pem -name my_name -out final_result.p12 Enter Export Password: Verifying - Enter Export Password:
Setup SSL
Process is obstracted from the following web page
http://directory.fedoraproject.org/docs/389ds/howto/howto-ssl.html
!!! NOTE: Make sure you update for the correct directory instance !!!
using certutil
We'll use certutil to create and import certificates into the keystore.
# certutil -d /etc/dirsrv/slapd-den1-it-tacacs-01/ -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Create the pin.txt file:
# echo "Internal (Software) Token:<password>" > /etc/dirsrv/slapd-den1-it-tacacs-01/pin.txt # chown nobody.nobody /etc/dirsrv/slapd-den1-it-tacacs-01/pin.txt # chmod 400 /etc/dirsrv/slapd-den1-it-tacacs-01/pin.txt
Import the key files:
# certutil -d /etc/dirsrv/slapd-den1-it-tacacs-01 -A -n "CA Certificate" -t CT,, -a -i /etc/openldap/cacerts/private_ca.pem
# pk12util -i /root/den1-it-tacacs-01.p12 -d /etc/dirsrv/slapd-den1-it-tacacs-01/
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.
Enter new password:
Re-enter password:
Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFUL
# certutil -d /etc/dirsrv/slapd-den1-it-tacacs-01/ -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA Certificate CT,,
den1-it-tacacs-01 u,u,u
Turning on SSL
Turning on SSL will require that we write the following config:
# cat > /tmp/ssl_enable.ldif << 'EOF' dn: cn=encryption,cn=config changetype: modify replace: nsSSL3 nsSSL3: off - replace: nsSSLClientAuth nsSSLClientAuth: allowed - add: nsSSL3Ciphers nsSSL3Ciphers: -rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha,+tls_rsa_aes_128_sha,+tls_rsa_aes_256_sha - add: nsKeyfile nsKeyfile: alias/den1-it-tacacs-01-key3.db - add: nsCertfile nsCertfile: alias/den1-it-tacacs-01-cert8.db dn: cn=config changetype: modify add: nsslapd-security nsslapd-security: on - replace: nsslapd-ssl-check-hostname nsslapd-ssl-check-hostname: off EOF
Apply the configuration:
# ldapmodify -cx -D "cn=directory manager" -W -h localhost -f /tmp/ssl_enable.ldif
Create the following config file:
# cat > /tmp/addRSA.ldif << 'EOF' dn: cn=RSA,cn=encryption,cn=config changetype: add objectClass: top objectClass: nsEncryptionModule cn: RSA nsSSLPersonalitySSL: den1-it-tacacs-01 nsSSLToken: internal (software) nsSSLActivation: on EOF
Apply the configuration:
# ldapmodify -cx -D "cn=directory manager" -W -h localhost -f /tmp/addRSA.ldif
Restart the Directory Server
# systemctl restart dirsrv.target # systemctl status dirsrv.target ● dirsrv.target - 389 Directory Server Loaded: loaded (/usr/lib/systemd/system/dirsrv.target; disabled; vendor preset: disabled) Active: active since Thu 2018-12-13 13:33:26 MST; 9s ago Dec 13 13:33:26 centos-auth.home.labrats.us systemd[1]: Reached target 389 Directory Server.
Validate the server is listening on SSL
# netstat -lntup | grep slap tcp 0 0 :::389 :::* LISTEN 26518/ns-slapd tcp 0 0 :::636 :::* LISTEN 26518/ns-slapd
Testing LDAP
Test LDAP with the following command
# ldapsearch -x -b "dc=home,dc=labrats,dc=us"
Example output
# extended LDIF # # LDAPv3 # base <dc=home,dc=labrats,dc=us> with scope subtree # filter: (objectclass=*) # requesting: ALL # # labrats.us dn: dc=home,dc=labrats,dc=us objectClass: top objectClass: domain dc: labrats # Directory Administrators, labrats.us dn: cn=Directory Administrators,dc=home,dc=labrats,dc=us objectClass: top objectClass: groupofuniquenames cn: Directory Administrators uniqueMember: cn=Directory Manager # Groups, labrats.us dn: ou=Groups,dc=home,dc=labrats,dc=us objectClass: top objectClass: organizationalunit ou: Groups # People, labrats.us dn: ou=People,dc=home,dc=labrats,dc=us objectClass: top objectClass: organizationalunit ou: People # Special Users, labrats.us dn: ou=Special Users,dc=home,dc=labrats,dc=us objectClass: top objectClass: organizationalUnit ou: Special Users description: Special Administrative Accounts # Accounting Managers, Groups, labrats.us dn: cn=Accounting Managers,ou=Groups,dc=home,dc=labrats,dc=us objectClass: top objectClass: groupOfUniqueNames cn: Accounting Managers ou: groups description: People who can manage accounting entries uniqueMember: cn=Directory Manager # HR Managers, Groups, labrats.us dn: cn=HR Managers,ou=Groups,dc=home,dc=labrats,dc=us objectClass: top objectClass: groupOfUniqueNames cn: HR Managers ou: groups description: People who can manage HR entries uniqueMember: cn=Directory Manager # QA Managers, Groups, labrats.us dn: cn=QA Managers,ou=Groups,dc=home,dc=labrats,dc=us objectClass: top objectClass: groupOfUniqueNames cn: QA Managers ou: groups description: People who can manage QA entries uniqueMember: cn=Directory Manager # PD Managers, Groups, labrats.us dn: cn=PD Managers,ou=Groups,dc=home,dc=labrats,dc=us objectClass: top objectClass: groupOfUniqueNames cn: PD Managers ou: groups description: People who can manage engineer entries uniqueMember: cn=Directory Manager # search result search: 2 result: 0 Success # numResponses: 10 # numEntries: 9
Create Search Role Account
cat > /tmp/groupadd.ldif << 'EOF'
dn: cn=LDAP Search,ou=Special Users,dc=home,dc=labrats,dc=us
objectClass: posixGroup
objectClass: top
cn: tuser
userPassword: {crypt}x
gidNumber: 65000
EOF
# ldapadd -cx -D "cn=directory manager" -W -h localhost -f /tmp/groupadd.ldif
Create Test Account
cat > /tmp/groupadd.ldif << 'EOF'
dn: cn=tuser,ou=Groups,dc=home,dc=labrats,dc=us
objectClass: posixGroup
objectClass: top
cn: tuser
userPassword: {crypt}x
gidNumber: 2014
EOF
# ldapadd -cx -D "cn=directory manager" -W -h localhost -f /tmp/groupadd.ldif
cat > /tmp/useradd.ldif << 'EOF'
dn: uid=tuser,ou=People,dc=home,dc=labrats,dc=us
uid: tuser
cn: tuser
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$QLoEkVTC$RHrUQKYbqtRi4cfoPtusT.
loginShell: /bin/bash
uidNumber: 2014
gidNumber: 2014
homeDirectory: /home/tuser
EOF
# ldapadd -cx -D "cn=directory manager" -W -h localhost -f /tmp/useradd.ldif
Change user password
# LDAPTLS_REQCERT=never ldappasswd -ZZ -S -x -W -D "cn=directory manager" "uid=tuser,ou=People,dc=home,dc=labrats,dc=us" New password: Re-enter new password: Enter LDAP Password: - or - # LDAPTLS_REQCERT=never ldappasswd -ZZ -W -D "cn=directory manager" "uid=tuser,ou=People,dc=home,dc=labrats,dc=us" Enter LDAP Password: New password: <new password>
Test binding with new test user
# LDAPTLS_REQCERT=never ldapsearch -ZZ -D "uid=tuser,ou=People,dc=home,dc=labrats,dc=us" -W -x -b "uid=tuser,ou=People,dc=home,dc=labrats,dc=us" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <uid=tuser,ou=People,dc=home,dc=labrats,dc=us> with scope subtree # filter: (objectclass=*) # requesting: ALL # # tuser, People, home.labrats.us dn: uid=tuser,ou=People,dc=home,dc=labrats,dc=us uid: tuser cn: tuser objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount loginShell: /bin/bash uidNumber: 2014 gidNumber: 2014 homeDirectory: /home/tuser shadowLastChange: 17878 # search result search: 3 result: 0 Success # numResponses: 2 # numEntries: 1
Starting and Enabling Directory Server
To enable the Directory Server
# systemctl enable dirsrv.target Created symlink from /etc/systemd/system/multi-user.target.wants/dirsrv.target to /usr/lib/systemd/system/dirsrv.target.
To enable the Admin Server
# systemctl enable dirsrv-admin Created symlink from /etc/systemd/system/multi-user.target.wants/dirsrv-admin.service to /usr/lib/systemd/system/dirsrv-admin.service.
To start the Directory Server
# systemctl start dirsrv.target
To start the Admin Server
# systemctl start dirsrv-admin
Installing TACACS
Download TACACS_PLUS
Download the TACACS package and source package
# wget https://github.com/abn/tac_plus-rpm/releases/download/vF4.0.4.28-2/tac_plus-F4.0.4.28-2.el7.centos.x86_64.rpm # wget https://github.com/abn/tac_plus-rpm/releases/download/vF4.0.4.28-2/tac_plus-F4.0.4.28-2.el7.centos.src.rpm
Install TAC_PLUS
# yum install tac_plus-F4.0.4.28-2.el7.centos.x86_64.rpm Loaded plugins: fastestmirror Examining tac_plus-F4.0.4.28-2.el7.centos.x86_64.rpm: tac_plus-F4.0.4.28-2.el7.centos.x86_64 Marking tac_plus-F4.0.4.28-2.el7.centos.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package tac_plus.x86_64 0:F4.0.4.28-2.el7.centos will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================================================================= Package Arch Version Repository Size ========================================================================================================================================================================================= Installing: tac_plus x86_64 F4.0.4.28-2.el7.centos /tac_plus-F4.0.4.28-2.el7.centos.x86_64 1.0 M Transaction Summary ========================================================================================================================================================================================= Install 1 Package Total size: 1.0 M Installed size: 1.0 M Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : tac_plus-F4.0.4.28-2.el7.centos.x86_64 1/1 Verifying : tac_plus-F4.0.4.28-2.el7.centos.x86_64 1/1 Installed: tac_plus.x86_64 0:F4.0.4.28-2.el7.centos Complete!
Reconfiguring for PAM
PAM support is enabled on a per-user basis by adding "login = PAM" for each "user = " definition.
Configure PAM service for TACACS
Add one of the following to the /etc/pam.d/tac_plus file:
If system login is also going to ldap
# cat > /etc/pam.d/tac_plus << 'EOF' auth include password-auth # account required pam_access.so accessfile=/etc/security/access.cron.conf # account include password-auth account required pam_unix.so broken_shadow account required pam_access.so accessfile=/etc/security/access.cron.conf account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so EOF
If TACACS is going directly to LDAP
# cat > /etc/pam.d/tac_plus << 'EOF' #%PAM-1.0 auth sufficient /usr/lib64/security/pam_unix.so likeauth nullok auth sufficient /usr/lib64/security/pam_ldap.so use_first_pass auth required /usr/lib64/security/pam_deny.so account [default=bad success=ok user_unknown=ignore] /usr/lib64/security/pam_ldap.so account required /usr/lib64/security/pam_permit.so EOF
For passing TACACS to LDAP via PAM, we need some packages. If we are not authenticating the entire system to LDAP, we will use the nss-pam-ldap and nscd packages, which will need to be installed.
# yum install nss-pam-ldapd nscd Loaded plugins: fastestmirror base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 Loading mirror speeds from cached hostfile * base: mirror.cs.uwp.edu * epel: d2lzkl7pfhq30w.cloudfront.net * extras: mirror.cs.uwp.edu * updates: sjc.edge.kernel.org Resolving Dependencies --> Running transaction check ---> Package nscd.x86_64 0:2.17-260.el7 will be installed ---> Package nss-pam-ldapd.x86_64 0:0.8.13-16.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================================================== Package Arch Version Repository Size ======================================================================================================================================== Installing: nscd x86_64 2.17-260.el7 base 281 k nss-pam-ldapd x86_64 0.8.13-16.el7 base 160 k Transaction Summary ======================================================================================================================================== Install 2 Packages Total download size: 441 k Installed size: 590 k Is this ok [y/d/N]: y Downloading packages: (1/2): nss-pam-ldapd-0.8.13-16.el7.x86_64.rpm | 160 kB 00:00:00 (2/2): nscd-2.17-260.el7.x86_64.rpm | 281 kB 00:00:00 ---------------------------------------------------------------------------------------------------------------------------------------- Total 1.1 MB/s | 441 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : nscd-2.17-260.el7.x86_64 1/2 Installing : nss-pam-ldapd-0.8.13-16.el7.x86_64 2/2 Verifying : nss-pam-ldapd-0.8.13-16.el7.x86_64 1/2 Verifying : nscd-2.17-260.el7.x86_64 2/2 Installed: nscd.x86_64 0:2.17-260.el7 nss-pam-ldapd.x86_64 0:0.8.13-16.el7 Complete!
Install and configure NSLCD
NSLCD will use a service account to search the directory and locate the account to bind to authenticate, then switch to do a simple bind of the user to validate the password.
You will need to install NSS-PAM-LDAP and NSCD.
# yum install nss-pam-ldapd nscd
Configure for 389 Directory Server
Configure /etc/nslcd.conf
# This is the configuration file for the LDAP nameservice # switch library's nslcd daemon. It configures the mapping # between NSS names (see /etc/nsswitch.conf) and LDAP # information in the directory. # See the manual page nslcd.conf(5) for more information. # The user and group nslcd should run as. uid nslcd gid ldap # The uri pointing to the LDAP server to use for name lookups. # Multiple entries may be specified. The address that is used # here should be resolvable without using LDAP (obviously). #uri ldap://127.0.0.1/ #uri ldaps://127.0.0.1/ #uri ldapi://%2fvar%2frun%2fldapi_sock/ # Note: %2f encodes the '/' used as directory separator # uri ldap://127.0.0.1/ # The LDAP version to use (defaults to 3 # if supported by client library) #ldap_version 3 # The distinguished name of the search base. # base dc=example,dc=com # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. #binddn cn=proxyuser,dc=example,dc=com # The credentials to bind with. # Optional: default is no credentials. # Note that if you set a bindpw you should check the permissions of this file. #bindpw secret # The distinguished name to perform password modifications by root by. #rootpwmoddn cn=admin,dc=example,dc=com # The default search scope. #scope sub #scope one #scope base # Customize certain database lookups. #base group ou=Groups,dc=example,dc=com #base passwd ou=People,dc=example,dc=com #base shadow ou=People,dc=example,dc=com #scope group onelevel #scope hosts sub # Bind/connect timelimit. #bind_timelimit 30 # Search timelimit. #timelimit 30 # Idle timelimit. nslcd will close connections if the # server has not been contacted for the number of seconds. #idle_timelimit 3600 # Use StartTLS without verifying the server certificate. #ssl start_tls #tls_reqcert never # CA certificates for server certificate verification #tls_cacertdir /etc/ssl/certs #tls_cacertfile /etc/ssl/ca.cert # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-pool # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key # Mappings for Services for UNIX 3.5 #filter passwd (objectClass=User) #map passwd uid msSFU30Name #map passwd userPassword msSFU30Password #map passwd homeDirectory msSFU30HomeDirectory #map passwd homeDirectory msSFUHomeDirectory #filter shadow (objectClass=User) #map shadow uid msSFU30Name #map shadow userPassword msSFU30Password #filter group (objectClass=Group) #map group member msSFU30PosixMember # Mappings for Services for UNIX 2.0 #filter passwd (objectClass=User) #map passwd uid msSFUName #map passwd userPassword msSFUPassword #map passwd homeDirectory msSFUHomeDirectory #map passwd gecos msSFUName #filter shadow (objectClass=User) #map shadow uid msSFUName #map shadow userPassword msSFUPassword #map shadow shadowLastChange pwdLastSet #filter group (objectClass=Group) #map group member posixMember # Mappings for Active Directory #pagesize 1000 #referrals off #idle_timelimit 800 #filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) #map passwd uid sAMAccountName #map passwd homeDirectory unixHomeDirectory #map passwd gecos displayName #filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) #map shadow uid sAMAccountName #map shadow shadowLastChange pwdLastSet #filter group (objectClass=group) # Alternative mappings for Active Directory # (replace the SIDs in the objectSid mappings with the value for your domain) #pagesize 1000 #referrals off #idle_timelimit 800 #filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer))) #map passwd uid cn #map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 #map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 #map passwd homeDirectory "/home/$cn" #map passwd gecos displayName #map passwd loginShell "/bin/bash" #filter group (|(objectClass=group)(objectClass=person)) #map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 # Mappings for AIX SecureWay #filter passwd (objectClass=aixAccount) #map passwd uid userName #map passwd userPassword passwordChar #map passwd uidNumber uid #map passwd gidNumber gid #filter group (objectClass=aixAccessGroup) #map group cn groupName #map group gidNumber gid # This comment prevents repeated auto-migration of settings. # uri ldaps://centos-auth.home.labrats.us base dc=home,dc=labrats,dc=us binddn cn=Directory Manager bindpw <bindpasswd> ssl on tls_cacert /etc/openldap/cacerts/labrats_ca.pem tls_cacertdir /etc/openldap/cacerts #tls_checkpeer yes tls_reqcert demand timelimit 3 bind_timelimit 3
Configure for Microsoft Active Directory Server
If you did not want to have the TACACS+ server authenticate against 389-DS, but want it to authenticate to Active Directory instead, you merely need to configure nslcd with the correct mapping. Many Active Directory Domain Controllers have self-signed certificates, so you can tell nslcd to ignore the certificate. If you have signed certificates, you should use the correct CA certificate.
Configure /etc/nslcd.conf
# This is the configuration file for the LDAP nameservice # switch library's nslcd daemon. It configures the mapping # between NSS names (see /etc/nsswitch.conf) and LDAP # information in the directory. # See the manual page nslcd.conf(5) for more information. # The user and group nslcd should run as. uid nslcd gid ldap # The uri pointing to the LDAP server to use for name lookups. # Multiple entries may be specified. The address that is used # here should be resolvable without using LDAP (obviously). #uri ldap://127.0.0.1/ #uri ldaps://127.0.0.1/ #uri ldapi://%2fvar%2frun%2fldapi_sock/ # Note: %2f encodes the '/' used as directory separator # uri ldap://127.0.0.1/ # The LDAP version to use (defaults to 3 # if supported by client library) #ldap_version 3 # The distinguished name of the search base. # base dc=example,dc=com # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. #binddn cn=proxyuser,dc=example,dc=com # The credentials to bind with. # Optional: default is no credentials. # Note that if you set a bindpw you should check the permissions of this file. #bindpw secret # The distinguished name to perform password modifications by root by. #rootpwmoddn cn=admin,dc=example,dc=com # The default search scope. #scope sub #scope one #scope base # Customize certain database lookups. #base group ou=Groups,dc=example,dc=com #base passwd ou=People,dc=example,dc=com #base shadow ou=People,dc=example,dc=com #scope group onelevel #scope hosts sub # Bind/connect timelimit. #bind_timelimit 30 # Search timelimit. #timelimit 30 # Idle timelimit. nslcd will close connections if the # server has not been contacted for the number of seconds. #idle_timelimit 3600 # Use StartTLS without verifying the server certificate. #ssl start_tls #tls_reqcert never # CA certificates for server certificate verification #tls_cacertdir /etc/ssl/certs #tls_cacertfile /etc/ssl/ca.cert # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-pool # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key # Mappings for Services for UNIX 3.5 #filter passwd (objectClass=User) #map passwd uid msSFU30Name #map passwd userPassword msSFU30Password #map passwd homeDirectory msSFU30HomeDirectory #map passwd homeDirectory msSFUHomeDirectory #filter shadow (objectClass=User) #map shadow uid msSFU30Name #map shadow userPassword msSFU30Password #filter group (objectClass=Group) #map group member msSFU30PosixMember # Mappings for Services for UNIX 2.0 #filter passwd (objectClass=User) #map passwd uid msSFUName #map passwd userPassword msSFUPassword #map passwd homeDirectory msSFUHomeDirectory #map passwd gecos msSFUName #filter shadow (objectClass=User) #map shadow uid msSFUName #map shadow userPassword msSFUPassword #map shadow shadowLastChange pwdLastSet #filter group (objectClass=Group) #map group member posixMember # Mappings for Active Directory #pagesize 1000 #referrals off #idle_timelimit 800 #filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) #map passwd uid sAMAccountName #map passwd homeDirectory unixHomeDirectory #map passwd gecos displayName #filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) #map shadow uid sAMAccountName #map shadow shadowLastChange pwdLastSet #filter group (objectClass=group) # Alternative mappings for Active Directory # (replace the SIDs in the objectSid mappings with the value for your domain) #pagesize 1000 #referrals off #idle_timelimit 800 #filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer))) #map passwd uid cn #map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 #map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 #map passwd homeDirectory "/home/$cn" #map passwd gecos displayName #map passwd loginShell "/bin/bash" #filter group (|(objectClass=group)(objectClass=person)) #map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 # Mappings for AIX SecureWay #filter passwd (objectClass=aixAccount) #map passwd uid userName #map passwd userPassword passwordChar #map passwd uidNumber uid #map passwd gidNumber gid #filter group (objectClass=aixAccessGroup) #map group cn groupName #map group gidNumber gid # This comment prevents repeated auto-migration of settings. # filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer))) map passwd uid sAMAccountName map passwd homeDirectory unixHomeDirectory map passwd gecos displayName # uri ldaps://dc1.home.labrats.us ldaps://dc2.home.labrats.us base ou=People,dc=jabbroadband,dc=local binddn CN=LDAP Query,OU=Service Accounts,DC=home,DC=labrats,DC=us bindpw <bind password> ssl on tls_cacert /etc/openldap/cacerts/labrats_ca.pem tls_cacertdir /etc/openldap/cacerts #tls_checkpeer yes tls_reqcert never timelimit 3 bind_timelimit 3
Enabling and Starting TACACS
To enable the TACACS daemon
# systemctl enable tac_plus Created symlink from /etc/systemd/system/multi-user.target.wants/tac_plus.service to /usr/lib/systemd/system/tac_plus.service.
To start the TACACS daemon
# systemctl start tac_plus
Testing TACACS
Install Authen::TacacsPlus Perl Module
Install via CPAN:
# cpan Loading internal null logger. Install Log::Log4perl for logging messages Terminal does not support AddHistory. cpan shell -- CPAN exploration and modules installation (v2.10) Enter 'h' for help. cpan[1]> install Authen::TacacsPlus
Create TACACS test script
Create this test file:
# cat > /root/tacacs-test.pl << 'EOF'
#!/usr/bin/perl
use Authen::TacacsPlus;
$username = "tuser";
$password = "JbUWP3TbwdHwNou";
$tac = new Authen::TacacsPlus(Host=>'localhost',Key=>'<tacacs key>');
unless ($tac){
print "Error: ",Authen::TacacsPlus::errmsg(),"\n";
exit(1);
}
if ($tac->authen($username,$password)){
print "Granted\n";
} else {
print "Denied: ",Authen::TacacsPlus::errmsg(),"\n";
}
$tac->close();
EOF
# chmod +x /root/tacacs-test.pl
Testing TACACAS
The following should test cleanly:
# /root/tacacs-test.pl Granted
It it fails, it will look like this:
# /root/tacacs-test.pl Denied: Authentication failed
