Last active
August 18, 2022 04:05
-
-
Save yukihane/05e4a95052c508d4a0c917b3a5926dcb to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| OpenLDAP | |
| 基本的には書籍p.476-の手順に従っている。 | |
| パッケージインストール | |
| sudo yum install openldap-servers openldap-clients libtool-ltdl | |
| サービス自動起動 | |
| sudo systemctl enable slapd.service | |
| パケットフィルタリング設定&有効化 | |
| sudo firewall-cmd --permanent --add-service=ldap && sudo firewall-cmd --reload | |
| データベースチューニング設定(サンプルファイルのコピー) | |
| sudo cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG | |
| サービス起動 | |
| sudo systemctl start slapd.service | |
| LDAPデータベースの基本設定 | |
| データ用ディレクトリの管理情報の変更 | |
| sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f 01hdb-init.ldif | |
| LDAPスキーマの登録 | |
| sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif | |
| sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif | |
| sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif | |
| (書籍記載より登録するスキーマファイルは多いので注意) | |
| LDAPエントリの登録 | |
| (パスワードはアドミニストレータ用のもの) | |
| ldapadd -x -D "cn=Manager,dc=myorg,dc=local" -W -f 02init.ldif | |
| ldapadd -x -D "cn=Manager,dc=myorg,dc=local" -W -f 03group.ldif | |
| ldapadd -x -D "cn=Manager,dc=myorg,dc=local" -W -f 04user.ldif | |
| === | |
| 01hdb-init.ldif: | |
| dn: olcDatabase={2}hdb,cn=config | |
| changetype: modify | |
| replace: olcRootDN | |
| olcRootDn: cn=Manager,dc=myorg,dc=local | |
| - | |
| replace: olcSuffix | |
| olcSuffix: dc=myorg,dc=local | |
| - | |
| add: olcRootPW | |
| olcRootPW: {SSHA}xxxxxxxxx | |
| === | |
| 02init.ldif: | |
| dn: dc=myorg,dc=local | |
| objectClass: dcObject | |
| objectClass: organization | |
| o: myorganization | |
| dc: myorg | |
| dn: cn=Manager,dc=myorg,dc=local | |
| objectClass: organizationalRole | |
| cn: Manager | |
| dn: ou=People,dc=myorg,dc=local | |
| objectClass: organizationalUnit | |
| ou: People | |
| dn: ou=Group,dc=myorg,dc=local | |
| objectClass: organizationalUnit | |
| ou: Group | |
| === | |
| 03group.ldif: | |
| dn: cn=users,ou=Group,dc=myorg,dc=local | |
| objectClass: posixGroup | |
| objectClass: top | |
| cn: users | |
| gidNumber: 100 | |
| === | |
| 04access.ldif: | |
| dn: olcDatabase={2}hdb,cn=config | |
| changetype: modify | |
| add: olcAccess | |
| olcAccess: to * | |
| by dn="cn=Manager,dc=myorg,dc=local" write | |
| olcAccess: to attrs=userPassword | |
| by self write | |
| by anonymous auth | |
| by * none | |
| olcAccess: to * | |
| by * read | |
| === | |
| user-ldif.txt | |
| dn: uid={uid},ou=People,dc=myorg,dc=local | |
| objectClass: inetOrgPerson | |
| objectClass: organizationalPerson | |
| objectClass: person | |
| objectClass: top | |
| objectClass: posixAccount | |
| cn: {sn}{givenName} | |
| gidNumber: 100 | |
| homeDirectory: /home/{uid} | |
| sn: {sn} | |
| uid: {uid} | |
| uidNumber: {uidNumber} | |
| givenName: {givenName} | |
| loginShell: /bin/bash | |
| mail: {uid}@myorg.local | |
| userPassword: {uid} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment