Sambaの過程でLDAPなのであって、はなはだ相応でないのだが止む無くよちよち。こんなにも不相応で引用するのもたいへん恐縮だが、
Think IT! Open LDAP活用術
https://thinkit.co.jp/series/4963
技評 知られざるActive Derectoryの舞台裏
http://gihyo.jp/admin/serial/01/ad2010/0001
そしてserver-world.infoさんから
LDAPサーバの設定
http://www.server-world.info/query?os=CentOS_6&p=ldap&f=1
[root@localhost ~]# yum install openldap-servers openldap-clients
openldap-clients 2.4.40-7.el6_7 updates 158 k
openldap-servers 2.4.40-7.el6_7 updates 2.0 M
libtool-ltdl 2.2.6-15.5.el6 base 45 k
portreserve 0.0.4-9.el6 base 22 k
[root@localhost ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[root@localhost ~]# chown ldap. /var/lib/ldap/DB_CONFIG
[root@localhost ~]# /etc/rc.d/init.d/slapd start
slapd を起動中: [ OK ]
[root@localhost ~]#
次からは設定だが、あまりにも知識が無さ過ぎるのでとりあえずこちら様。
日本LDAPユーザ会 OpenLDAP 2.3 man ページ
http://www.ldap.jp/openldap/v23/man/start
Open LDAP2.3 管理者ガイド
http://www5f.biglobe.ne.jp/~inachi/openldap/admin23/index-ja.html
server-world.infoさんの手順に沿って管理者パスワードの設定。
[root@localhost ~]# slappasswd
New password:
Re-enter new password:
{SSHA}im23c7xqjf+aQmvZCUKaboa9HtC0wns0
[root@localhost ~]# vi chrootpw.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}im23c7xqjf+aQmvZCUKaboa9HtC0wns0
[root@localhost ~]#
次のコマンドは何をしていることやらサッパリ。
dn はおそらく Distinguished Name
cn は common name あるいは config か
olc はどうも Online Configuration らしい。
ldifは LDAP Data Interchange Format=RFC2849な書式作法
とりあえず入力してみる。
[root@localhost ~]# ldapadd - Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
Add or modify entries from an LDAP server
usage: ldapadd [options]
The list of desired operations are read from stdin or from the file
specified by "-f file".
Add or modify options:
-a add values (default)
-c continuous operation mode (do not stop on errors)
-E [!]ext=extparam modify extensions (! indicate s criticality)
-f file read operations from `file'
-M enable Manage DSA IT control (-MM to make critical)
-P version protocol version (default: 3)
-S file write skipped modifications to `file'
Common options:
-d level set LDAP debugging level to `level'
-D binddn bind DN
-e [!]<ext>[=<extparam>] general extensions (! indicates criticality)
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
[!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
[!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
one of "chainingPreferred", "chainingRequired",
"referralsPreferred", "referralsRequired"
[!]manageDSAit (RFC 3296)
[!]noop
ppolicy
[!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
[!]relax
[!]sessiontracking
abandon, cancel, ignore (SIGINT sends abandon/cancel,
or ignores response; if critical, doesn't wait for SIGINT.
not really controls)
-h host LDAP server
-H URI LDAP Uniform Resource Identifier(s)
-I use SASL Interactive mode
-n show what would be done but don't actually do it
-N do not use reverse DNS to canonicalize SASL host name
-O props SASL security properties
-o <opt>[=<optparam>] general options
nettimeout=<timeout> (in seconds, or "none" or "max")
ldif-wrap=<width> (in columns, or "no" for no wrapping)
-p port port on LDAP server
-Q use SASL Quiet mode
-R realm SASL realm
-U authcid SASL authentication identity
-v run in verbose mode (diagnostics to standard output)
-V print version info (-VV only)
-w passwd bind password (for simple authentication)
-W prompt for bind password
-x Simple authentication
-X authzid SASL authorization identity ("dn:<dn>" or "u:<user>")
-y file Read password from file
-Y mech SASL mechanism
-Z Start TLS request (-ZZ to require successful response)
[root@localhost ~]#
やらかしたようだ。よく見たら、オプション指定のハイフンの後にスペースが入っていた。
続いてslapdのディレクトリマネージャのpasswd
[root@localhost ~]# slappasswd
New password:
Re-enter new password:
{SSHA}4zmHhLLnKOYrx2wUNVe0/gStFg/87VVe
[root@localhost ~]#
どうにも、いくら最初で意味がわからないとはいっても、何を設定しているやらマッタク認識せずにただ流し込むのは不毛だ。
ちょっと再調査&再考。
Blog on fuketch.net OpenLDAPの構築
https://fuketch.wordpress.com/2013/09/11/openldap%E3%81%AE%E6%A7%8B%E7%AF%89/
0 件のコメント:
コメントを投稿