SVX日記
2010-04-06(Tue) LDAPに浸かる
というわけで、 先日、東京にてねっとりとLDAPの研修を受けさせてもらったので、自分の環境でも動かしてみるのである。
zakato.itline.jp:/root # yum install openldap openldap-servers openldap-clients
zakato.itline.jp:/root # rm -rf /var/lib/ldap/*
zakato.itline.jp:/root # cd /etc/openldap/
zakato.itline.jp:/etc/openldap # cp -a slapd.d slapd.d.org
zakato.itline.jp:/etc/openldap # cp mave.schema schema
zakato.itline.jp:/etc/openldap # cp slapd.conf.bak slapd.conf
zakato.itline.jp:/etc/openldap # slappasswd
New password:
Re-enter new password:
{SSHA}+zaTN/KKRmbEvh3MMru+tD5AS9fWatt5
zakato.itline.jp:/etc/openldap # vi slapd.conf
zakato.itline.jp:/etc/openldap # diff slapd.conf.bak slapd.conf
17a18,19
> include /etc/openldap/schema/samba.schema
> include /etc/openldap/schema/mave.schema
89c91
< suffix "dc=my-domain,dc=com"
---
> suffix "ou=zakato,dc=itline,dc=jp"
91c93
< rootdn "cn=Manager,dc=my-domain,dc=com"
---
> rootdn "cn=Manager,ou=zakato,dc=itline,dc=jp"
96a99
> rootpw {SSHA}+zaTN/KKRmbEvh3MMru+tD5AS9fWatt5
122c125
< by dn.exact="cn=Manager,dc=my-domain,dc=com" read
---
> by dn.exact="cn=Manager,ou=zakato,dc=itline,dc=jp" read
zakato.itline.jp:/etc/openldap # cp -a /usr/share/doc/openldap-servers-2.4.19/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
zakato.itline.jp:/etc/openldap # rm -rf slapd.d/*
zakato.itline.jp:/etc/openldap # slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
bdb_db_open: database "ou=zakato,dc=itline,dc=jp": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
backend_startup_one (type=bdb, suffix="ou=zakato,dc=itline,dc=jp"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)
zakato.itline.jp:/etc/openldap # chown -R ldap:ldap /etc/openldap/slapd.d
zakato.itline.jp:/etc/openldap # chown -R ldap:ldap /var/lib/ldap
zakato.itline.jp:/etc/openldap # service slapd start
slapd を起動中: [ OK ]
zakato.itline.jp:/etc/openldap # cp -a ldap.conf ldap.conf.org
zakato.itline.jp:/etc/openldap # vi ldap.conf
zakato.itline.jp:/etc/openldap # diff ldap.conf.org ldap.conf
9a10
> BASE ou=zakato,dc=itline,dc=jp
zakato.itline.jp:/etc/openldap # vi test.ldif
dn: ou=zakato,dc=itline,dc=jp
objectClass: organizationalUnit
ou: zakato
dn: ou=People,ou=zakato,dc=itline,dc=jp
objectClass: organizationalUnit
ou: People
dn: cn=Taro Yamada,ou=People,ou=zakato,dc=itline,dc=jp
objectClass: inetOrgPerson
objectClass: mavePerson
cn: Taro Yamada
sn: Yamada
gn: Taro
mail: t-yamada@example.com
maveID: self@work
displayName: Yamada
sendName: Yamada
reading: yamada
o: ox software Ltd.
ou: ox department ox section
post: chief
telephoneNumber: 090-1234-1234
birth: 1970-01-01
blood: A+
zakato.itline.jp:/etc/openldap # ldapadd -x -W -D "cn=Manager,ou=zakato,dc=itline,dc=jp" -f test.ldif
Enter LDAP Password:
adding new entry "ou=zakato,dc=itline,dc=jp"
adding new entry "ou=People,ou=zakato,dc=itline,dc=jp"
adding new entry "cn=Taro Yamada,ou=People,ou=zakato,dc=itline,dc=jp"
zakato.itline.jp:/etc/openldap # cp -a /etc/rsyslog.conf /etc/rsyslog.conf.org
zakato.itline.jp:/etc/openldap # vi /etc/rsyslog.conf
zakato.itline.jp:/etc/openldap # diff /etc/rsyslog.conf.org /etc/rsyslog.conf
59a60
> local4.* /var/log/ldap
zakato.itline.jp:/etc/openldap # service rsyslog reload
zakato.itline.jp:/etc/openldap # ldapadd -x -W -D "cn=Manager,ou=zakato,dc=itline,dc=jp" -f test.ldif
Enter LDAP Password:
adding new entry "ou=zakato,dc=itline,dc=jp"
ldap_add: Already exists (68)
zakato.itline.jp:/etc/openldap # tail /var/log/ldap
Apr 18 23:45:04 zakato slapd[6289]: conn=4 fd=13 ACCEPT from IP=[::1]:54463 (IP=[::]:389)
Apr 18 23:45:04 zakato slapd[6289]: conn=4 op=0 BIND dn="cn=Manager,ou=zakato,dc=itline,dc=jp" method=128
Apr 18 23:45:04 zakato slapd[6289]: conn=4 op=0 BIND dn="cn=Manager,ou=zakato,dc=itline,dc=jp" mech=SIMPLE ssf=0
Apr 18 23:45:04 zakato slapd[6289]: conn=4 op=0 RESULT tag=97 err=0 text=
Apr 18 23:45:04 zakato slapd[6289]: conn=4 op=1 ADD dn="ou=zakato,dc=itline,dc=jp"
Apr 18 23:45:04 zakato slapd[6289]: conn=4 op=1 RESULT tag=105 err=68 text=
Apr 18 23:45:04 zakato slapd[6289]: conn=4 op=2 UNBIND
Apr 18 23:45:04 zakato slapd[6289]: conn=4 fd=13 closed
zakato.itline.jp:/etc/openldap # ldapsearch -x
2010-04-11(Sun) LPICレベル3を受験す
というわけで、先日、東京にてねっとりとLDAPの研修を受けさせてもらったうえに、自分でも、ねっとりとLDAP環境を整え実用に供したので、前日にガーっと問題集に目を通して、名古屋駅前の会場に受験に行った。