{"id":582,"date":"2013-01-23T17:02:27","date_gmt":"2013-01-23T08:02:27","guid":{"rendered":"http:\/\/systemdev.comsys-blog.com\/?p=582"},"modified":"2013-01-23T17:02:27","modified_gmt":"2013-01-23T08:02:27","slug":"centos6-openldap%e3%82%b5%e3%83%bc%e3%83%90","status":"publish","type":"post","link":"https:\/\/tamura.jp\/?p=582","title":{"rendered":"CentOS6 OpenLDAP\u30b5\u30fc\u30d0\u3067\u8a8d\u8a3c\u3059\u308b\u3002TLS\u63a5\u7d9a\u3057\u306a\u3044\u5834\u5408"},"content":{"rendered":"<p>\u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n<p>[text]<br \/>\n# yum -y install openldap-servers<br \/>\n# yum -y install openldap-clients<br \/>\n[\/text]<\/p>\n<p>\u57fa\u672c\u7684\u306a\u30d5\u30a1\u30a4\u30eb\u3092\u7528\u610f\u3059\u308b\u3002<\/p>\n<p>[text]<br \/>\n# rm -rf \/etc\/openldap\/slapd.d<br \/>\n# rm -rf \/var\/lib\/ldap\/*<br \/>\n# cp \/usr\/share\/openldap-servers\/slapd.conf.obsolete \/etc\/openldap\/slapd.conf<br \/>\n[\/text]<\/p>\n<p>conf\u30d5\u30a1\u30a4\u30eb\u3092\u7de8\u96c6\u3059\u308b\u3002<\/p>\n<p>[text]<br \/>\nvi \/etc\/openldap\/slapd.conf<br \/>\n[\/text]<\/p>\n<p>\u5185\u5bb9\u3092\u4fee\u6b63<br \/>\nOPenLdap\u306b\u63a5\u7d9a\u3059\u308b\u3068\u304d\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u3068\u308a\u3042\u3048\u305a secret \u306b\u3059\u308b\u3002\u5f8c\u3067\u304b\u3048\u305f\u65b9\u304c\u3044\u3044<\/p>\n<p>[text]<br \/>\nsuffix          &#8220;dc=hogehoge,dc=com&#8221;<br \/>\nrootdn          &#8220;cn=manager,dc=hogehoge,dc=com&#8221;<br \/>\nrootpw          secret<br \/>\n[\/text]<\/p>\n<p>OS\u8d77\u52d5\u6642\u306bOpenLDAP\u3092\u8d77\u52d5\u3059\u308b\u3088\u3046\u306b\u3059\u308b\u3002<br \/>\nOpenLDAP\u3092\u8d77\u52d5\u3059\u308b\u3002<\/p>\n<p>[text]<br \/>\n# chkconfig slapd on<br \/>\n# \/etc\/init.d\/slapd start<br \/>\n[\/text]<\/p>\n<p>\u52d5\u3044\u3066\u3044\u308b\u304b\u3092\u78ba\u8a8d\u3059\u308b\u3002OK\u306a\u3089\u3070\u3088\u3044\u3002<\/p>\n<p>[text]<br \/>\n# ldapsearch -x -D &#8220;cn=manager,dc=hogehoge,dc=com&#8221; -w secret<br \/>\n[\/text]<\/p>\n<p>\u30d9\u30fc\u30b9\u3068\u306a\u308bDN\u3092\u4f5c\u6210\u3059\u308b\u305f\u3081LDIF\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3059\u308b\u3002<\/p>\n<p>[text]<br \/>\n# cat schema.ldif<br \/>\ndn: dc=hogehoge,dc=com<br \/>\nobjectClass: dcObject<br \/>\nobjectClass: organization<br \/>\ndc: hogehoge<br \/>\no: hogehoge<\/p>\n<p>dn: ou=users,dc=hogehoge,dc=com<br \/>\nobjectclass: organizationalUnit<br \/>\nou: users<\/p>\n<p>dn: ou=groups,dc=hogehoge,dc=com<br \/>\nobjectclass: organizationalUnit<br \/>\nou: groups<br \/>\n[\/text]<\/p>\n<p>LDIF\u30d5\u30a1\u30a4\u30eb\u3092LDAP\u30b5\u30fc\u30d0\u306b\u30a4\u30f3\u30dd\u30fc\u30c8\u3059\u308b\u3002<\/p>\n<p>[text]<br \/>\n# ldapadd -x -D &#8220;cn=manager,dc=hogehoge,dc=com&#8221; -w secret -f schema.ldif<br \/>\n[\/text]<\/p>\n<p>LINUX \u3092TSL\u306a\u3057\u3067LDAP\u8a8d\u8a3c\u306b\u3059\u308b\u306b\u306fsssd\u3092\u524a\u9664\u3057\u3066\u304a\u304f\u3002SSSD\u3092\u4f7f\u3044\u305f\u3044\u5834\u5408\u306fTLS\u306e\u8a2d\u5b9a\u304c\u5fc5\u8981\u3002<\/p>\n<p>[text]<br \/>\n# yum -y erase sssd<br \/>\n[\/text]<\/p>\n<p>\u5fc5\u8981\u306a\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u8ffd\u52a0<\/p>\n<p>[text]<br \/>\n# yum -y install pam_ldap nss-pam-ldapd<br \/>\n[\/text]<\/p>\n<p>authconfig-tui \u30b3\u30de\u30f3\u30c9\u3067LDAP\u8a8d\u8a3c\u306e\u8a2d\u5b9a\u3092\u3059\u308b<\/p>\n<p>[text]<br \/>\n\u6700\u521d\u306e\u30da\u30fc\u30b8\u3067\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u8a2d\u5b9a<br \/>\nLDAP\u3092\u4f7f\u7528<br \/>\nLDAP\u8a8d\u8a3c\u3092\u4f7f\u7528<br \/>\n\u6b21\u306e\u30da\u30fc\u30b8\u3067\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u8a2d\u5b9a\u3059\u308b<br \/>\nTLS\u3092\u4f7f\u7528\u306b\u306f\u30c1\u30a7\u30c3\u30af\u3092\u3044\u308c\u306a\u3044<br \/>\n\u30b5\u30fc\u30d0\u30fc :ldap:\/\/127.0.0.1\/<br \/>\n\u30d9\u30fc\u30b9DN :dc=hogehoge,dc=com<br \/>\n[\/text]<\/p>\n<p>\u3053\u308c\u3067\u5341\u5206\u4f7f\u3048\u308b\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u884c\u3044\u307e\u3059\u3002 [text] # yum -y install openldap-servers # yum -y install openldap-clients [\/text] \u57fa\u672c\u7684\u306a\u30d5\u30a1\u30a4\u30eb [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,18,21],"tags":[],"class_list":["post-582","post","type-post","status-publish","format-standard","hentry","category-centos6","category-ldap","category-openldap"],"_links":{"self":[{"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/posts\/582","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tamura.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=582"}],"version-history":[{"count":0,"href":"https:\/\/tamura.jp\/index.php?rest_route=\/wp\/v2\/posts\/582\/revisions"}],"wp:attachment":[{"href":"https:\/\/tamura.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=582"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tamura.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tamura.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}