Solaris10/openldap - PukiWiki

Solaris10

2008/11/08

LDAP サーバー

  • インストールと設定
    • pkg-get -i openldap
      vi /opt/csw/etc/openldap/slapd.conf
        suffix          "dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp"
        rootdn          "cn=Manager,dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp"
        rootpw          secret
        include         /opt/csw/etc/openldap/schema/core.schema
        include         /opt/csw/etc/openldap/schema/nis.schema
        include         /opt/csw/etc/openldap/schema/samba.schema
        include         /opt/csw/etc/openldap/schema/cosine.schema
        include         /opt/csw/etc/openldap/schema/inetorgperson.schema
  • 確認と登録
    ldapsearch -x -b '' -s base +
    
    ldapadd -x -W -D "cn=manager,dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp" -f sakura.ldif
    ldapsearch -x -L -b 'dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp' '*'
    
    ldapadd -x -W -D "cn=manager,dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp" -f testuser.ldif
    ldapsearch -x -L -b 'dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp' 'uid=testuser'
    
    ldappasswd -x -W -D "cn=manager,dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp" "uid=testuser,ou=People,dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp"
      New password: W1iqszGx
    • sakura.ldif
      dn: dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp
      objectClass: dcObject
      objectClass: organization
      o: sakura ldap
      dc: sakura
      
      dn: ou=People,dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp
      ou: People
      objectClass: top
      objectClass: organizationalUnit
    • testuser.ldif
      dn: uid=testuser,ou=People,dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp
      uid: testuser
      cn: Yoshihiro Mizoguchi
      objectClass: top
      objectClass: inetOrgPerson
      objectClass: posixAccount
      objectClass: shadowAccount
      loginShell: /opt/csw/bin/tcsh
      uidNumber: 5001
      gidNumber: 5000
      homeDirectory: /home/testuser
      gecos: Test User
      mail: testuser@sakura.math.kyushu-u.ac.jp
      sn: Mizoguchi
      givenName: Yoshihiro

LDAPクライアント

  • clientの設定
    # ldapclient manual \
      -a domainName=dc=sakura.math.kyushu-u.ac.jp \
      -a credentialLevel=proxy \
      -a authenticationMethod=simple \
      -a defaultSearchBase=dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp \
      -a proxyDN=cn=manager,dc=sakura,dc=math,dc=kyushu-u,dc=ac,dc=jp \
      -a proxyPassword=xxxxxxxx 127.0.0.1 \
  • 確認
    ldapclient list
    svcs -x ldap/client
    getent passwd ym
  • /etc/nsswitch.conf
    host dns files
    passwd,group以外はldap参照しないようにしておく.
  • perl
    perl -MCPAN -e shell <-- ftp.ring.gr.jp
    install Samba::LDAP
  • clientの設定解除
    ldapclient uninit

Apache Directory Studio

  • http://directory.apache.org/studio/
    export PATH=/opt/csw/bin:$PATH
    pkg-get -i eclipse
    eclipse
     help->software updates->find and install->search for new features->new remote site
       http://directory.apache.org/studio/update/1.x
       Apache Directory Update Site
        Apache Directory Studio LDAP Browser -> Install All

LDAPサーバの引越し

  • バックアップ (Linux openldap)
    /usr/local/ldap/sbin/slapcat > export20080930.dat
  • リストア (Solaris CSWopenldap)
    pkg-get -i openldap
    mv /opt/csw/var/openldap-data /opt/csw/var/openldap-data.old
    cp /opt/csw/var/openldap-data.old/DB_CONFIG.sample /opt/csw/var/openldap-data/DB_CONFIG
    /opt/csw/sbin/slapadd < export20080930.dat
  • /opt/csw/openldap/slapd.conf
    ★ access to attribute -> access to attrs, lbdb -> bdb (module?)
    ★ /opt/csw/openldap/schema/samba.schema 'ntPassword' 'lmPassword' のコメントを外す.
  • 起動
    svcadm enable cswopenldap
  • 停止
    svcadm disable cswopenldap
  • 異常終了後の設定変更後の再起動
    svcadm clear cswopenldap

リンク


トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSSPDF
Last-modified: 2008-11-08 (土) 15:19:39 (3848d)