¥æ¡¼¥¶¡¼¤ò°ì¸µ´ÉÍý LDAP ¤Î¥Ð¥Ã¥¯¥¢¥Ã¥×(No.7)

• ¥Ð¥Ã¥¯¥¢¥Ã¥×°ìÍ÷
• º¹Ê¬ ¤òɽ¼¨
• ¸½ºß¤È¤Îº¹Ê¬ ¤òɽ¼¨
• ¥½¡¼¥¹ ¤òɽ¼¨
• ¥æ¡¼¥¶¡¼¤ò°ì¸µ´ÉÍý LDAP ¤Ø¹Ô¤¯¡£
  • 1 (2007-09-10 (·î) 02:24:57)
  • 2 (2007-09-10 (·î) 05:52:33)
  • 3 (2007-09-10 (·î) 09:15:42)
  • 4 (2007-09-11 (²Ð) 06:08:00)
  • 5 (2007-10-04 (ÌÚ) 00:59:52)
  • 6 (2007-10-04 (ÌÚ) 06:56:58)
  • 7 (2007-10-05 (¶â) 02:52:24)

---

ÆÉ¤ß ¡Ú¥¨¥ë¥À¥Ã¥×¡Û

´Êñ¤Ë¸À¤¨¤ÐID¤ä¥Ñ¥¹¥ï¡¼¥É¤ò°ì¸µ´ÉÍý¤¹¤ë¥Ç¡¼¥¿¥Ù¡¼¥¹¡£
°ìÈÌŪ¤Ë¥ª¡¼¥×¥ó¥½¡¼¥¹¤ÎOpenLDAP¤Î¤³¤È¤ò¸À¤¦¡£

¥µ¡¼¥Ð¤Ë¤ÏApacheDS¤â¤¢¤ë¤¬¡¢¥É¥­¥å¥á¥ó¥È¤¬½¼¼Â¤·¤Æ¤¤¤ëOpenLDAP¤ò¥µ¡¼¥Ð¤ËºÎÍÑ
¥¯¥é¥¤¥¢¥ó¥È¤ÏApache Directory Studio¤òºÎÍѤ¹¤ë

OpenLDAP¤Î¥¤¥ó¥¹¥È¡¼¥ë †

# yum install openldap openldap-devel openldap-servers openldap-clients

ÀßÄê

# vi /etc/openldap/slapd.conf

# ¥¹¥­¡¼¥Þ¥Õ¥¡¥¤¥ë»ØÄê
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

# PID,µ¯Æ°»þ¥ª¥×¥·¥ç¥óÊݸ¾ì½ê
pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

# »ÈÍÑDB Berkeley DB
database        bdb
# ¥Ù¡¼¥¹¤ÎDN
suffix          "dc=example,dc=com"
# ´ÉÍý¼Ô¤ÎDN
rootdn          "cn=Manager,dc=example,dc=com"
# ´ÉÍý¼Ô¤Î¥Ñ¥¹¥ï¡¼¥É
rootpw          secret

# ¥Ç¡¼¥¿Êݸ¾ì½ê
directory       /var/lib/ldap

# INDEX
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

# /etc/rc.d/init.d/ldap start

LDIF¤ÎºîÀ® †

¥Ç¥£¥ì¥¯¥È¥ê¹½Â¤¤Ç´ÉÍý¤¹¤ë¤Î¤Ç¥ë¡¼¥È¤òLDIF¤Î·Á¼°¤Î¥Õ¥¡¥¤¥ë¤òºîÀ®¤·¡¢Äɲ乤ë
¥Õ¥¡¥¤¥ë̾¤ÏǤ°Õ

root.ldif

dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: example

# ldapadd -x -D 'cn=Manager,dc=example,dc=com' -w secret -f root.ldif

• -x ´Ê°×ǧ¾Ú
• -D ´ÉÍý¼ÔDN
• -w ¥Ñ¥¹¥ï¡¼¥É¤ò»ØÄê
• -f ldif¥Õ¥¡¥¤¥ë¤ò»ØÄê

Éô½ð¤ÎLDIF¤òºîÀ®¤·¡¢ÄɲÃ

unit.ldif

dn: ou=abc,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: abc

dn: ou=xyz,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: xyz

# ldapadd -x -D 'cn=Manager,dc=example,dc=com' -w secret -f unit.ldif

¥æ¡¼¥¶¡¼¤ÎLDIF¤òºîÀ®¤·¡¢ÄɲÃ

user.ldif

dn: cn=Taro Yamada,ou=abc,dc=example,dc=com
objectClass: top
objectClass: person
cn: Taro Yamada
sn: Yamada

dn: cn=Hanako Yamada,ou=abc,dc=example,dc=com
objectClass: top
objectClass: person
cn: Hanako Yamada
sn: Yamada

# ldapadd -x -D 'cn=Manager,dc=example,dc=com' -w secret -f user.ldif

¸¡º÷ †

Éôʬ°ìÃ׸¡º÷¤âOK

• -b ¸¡º÷¥Ù¡¼¥¹
• -s ¸¡º÷¥¹¥³¡¼¥× base(¥Ù¡¼¥¹¥¨¥ó¥È¥ê¤Î¤ß),one(¥Ù¡¼¥¹Ä¾²¼¤Î¤ß),sub(¥Ù¡¼¥¹°Ê²¼Á´Éô)

# ldapsearch -x -b 'dc=example,dc=com' -s sub '(cn=Hanako Yamada)'

¥¯¥é¥¤¥¢¥ó¥È †

Apache Directory Studio¤òÍøÍÑ
eclipse¤ò»ÈÍѤ¹¤ë¤Î¤Ç¡¢¤³¤Á¤éEclipse PDT¤ò»²¹Í¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤ª¤¯

¥Ø¥ë¥× - ¥½¥Õ¥È¥¦¥§¥¢¹¹¿· - ¸¡º÷¤ª¤è¤Ó¥¤¥ó¥¹¥È¡¼¥ë - ¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¿·µ¬¥Õ¥£¡¼¥Á¥ã¡¼¤ò¸¡º÷
¿·µ¬¥ê¥â¡¼¥È¡¦¥µ¥¤¥È ¤«¤é̾Á°¡ÖApache Directory Studio Update Site¡×URL¡Öhttp://directory.apache.org/studio/update/1.x¡×¤òÆþÎÏ

Apache Directory Studio LDAP Browser¤òÁªÂò¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë

LDAP connection¤òºîÀ®¤¹¤ë
¥Ý¡¼¥È¤Ï389

¥µ¡¼¥Ð¦¤Îhosts.allow¤Ê¤É¤ÇÀ©¸Â¤ò¤«¤±¤Æ¤¤¤ë¾ì¹ç¤Ï°Ê²¼¤Î¤è¤¦¤ËÄɲ䷤Ƥä¤ë

slapd:          127.0.0.1 192.168.1.

»²¹Í
http://www.atmarkit.co.jp/fjava/rensai3/eclipseplgn21/eclipseplgn21_1.html

¾¤Ë¤ÏLDAP Browser/Editor¤¬¤¢¤ë
ZIP¥Õ¥¡¥¤¥ë¤ò²òÅष¤Æ lbe.bat ¤ò¥À¥Ö¥ë¥¯¥ê¥Ã¥¯¤Çµ¯Æ°

»²¹Í¥µ¥¤¥È †

OpenLDAP

• ¥·¥ó¥°¥ë¡¦¥µ¥¤¥ó¥ª¥ó¡¢¥Ç¥£¥ì¥¯¥È¥ê¥µ¡¼¥Ð
  
• ¤½¤í¤½¤íLDAP¤Ë¤·¤Æ¤ß¤Ê¤¤¤«¡©
  
• ¤Ï¤ä¤°¤¤

SambaϢư

• OpenLDAP+Samba
  
• LDAP+Samba+PAM¤Ç¥×¥é¥¤¥Þ¥ê¥É¥á¥¤¥ó¥³¥ó¥È¥í¡¼¥é¤òºî¤í¤¦¡ª