openldap

参考情報

LDAP authentication

OpenLDAP

OpenLdap 入門

Client の設定

エントリーの登録

install

# apt-get install slapd ldap-utils

Arch Linux
# pacman -S openldap

# pacman -S phpldapadmin

For Client

# pacman -S nss-pam-ldapd

Samba LDAP 認証

# slaptest
546c2a97 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
config file testing succeeded

# systemctl start slapd
Job for slapd.service failed. See "systemctl status slapd.service" and "journalctl -xe" for details.

# cd /var/lib/openldap/openldap-data
# cp DB_CONFIG.example DB_CONFIG
# mkdir /run/openldap
# chown ldap:ldap /run/openldap
# slaptest -u
config file testing succeeded
# chown -R ldap:ldap /etc/openldap
# systemctl start slapd
Client からの設定の確認
$ ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: namingContexts 
#

#
dn:
namingContexts: dc=example,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
$

ポートを指定
ldapsearch -x -b '' -s base '(objectclass=*)' -p 389 -h localhost namingContexts

サーバーを指定
$ ldapsearch -H ldap://server -x -b '' -s base '(objectclass=*)' namingContexts

$ ldapsearch -H ldap://server -D "cn=Manager,dc=example,dc=com" -w password uid=scott

LDAP Browser/Editor

lbe.sh を編集する
CMD="/usr/bin/java -cp ${COMMON}:${EXEC}"
設定
Version: 3
Base DN: dc=example,dc=com
phpLDAPadmin

/etc/php/php.ini
open_basedir = /var/www/:/var/tmp/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps

extension=ldap.so

ログイン
Login DN:
cn=Manager,dc=example,dc=com
/usr/share/webapps/phpldapadmin/config/config.php

$servers->setValue('server','base',array('dc=ramuda,dc=co,dc=jp'));

$servers->setValue('login','bind_id','cn=admin,dc=ramuda,dc=co,dc=jp');

apachedirectorystudio

$ yaourt -Sb apachedirectorystudio

ログイン
user:
cn=Manager,dc=example,dc=com
データの追加
base.ldif

$ ldapadd -D "cn=Manager,dc=example,dc=com" -w password -f base.ldif
adding new entry "dc=example,dc=com"

adding new entry "cn=Manager,dc=example,dc=com"

adding new entry "ou=People,dc=example,dc=com"

adding new entry "ou=Groups,dc=example,dc=com"

adding new entry "ou=Staff,dc=example,dc=com"

$
データの削除
ldapdelete -x -D "cn=Manager,dc=example,dc=com" -w password \
	"ou=Staff,dc=example,dc=com"
#
ldapdelete -x -D "cn=Manager,dc=example,dc=com" -w password \
	"ou=People,dc=example,dc=com"
#
ldapdelete -x -D "cn=Manager,dc=example,dc=com" -w password \
	"ou=Groups,dc=example,dc=com"
#
#ldapdelete -x -D "cn=Manager,dc=example,dc=com" -w password \
#	"ou=Manager,dc=example,dc=com"
#
ldapdelete -x -D "cn=Manager,dc=example,dc=com" -w password \
	"cn=Manager,dc=example,dc=com"
#
ldapdelete -x -D "cn=Manager,dc=example,dc=com" -w password \
	"dc=example,dc=com"
#
データの一括削除
ldapdelete -x -D "cn=Manager,dc=example,dc=com" -w password \
	-r "dc=example,dc=com"
データの確認
$ ldapsearch -D "cn=Manager,dc=example,dc=com" -w password '(objectclass=*)'

$ ldapsearch -D "cn=Manager,dc=example,dc=com" -w password cn=Manager

$ ldapsearch -D "cn=Manager,dc=example,dc=com" -w password ou=Nankichi

ldifの例
base_bb.ldif

base_cc.ldif    users_cc.ldif

スキーマの追加

/etc/openldap/slapd.conf

	include         /etc/openldap/schema/core.schema
	include         /etc/openldap/schema/cosine.schema
	include         /etc/openldap/schema/nis.schema
	include         /etc/openldap/schema/inetorgperson.schema
データのコピー
export
# slapcat > tmp01.ldif

フィルター
awk '!/structuralObjectClass/{print $0}' | \
awk '!/entryUUID/{print $0}' | \
awk '!/creatorsName/{print $0}' | \
awk '!/createTimestamp/{print $0}' | \
awk '!/entryCSN/{print $0}' | \
awk '!/modifiersName/{print $0}' | \
awk '!/modifyTimestamp/{print $0}'
import
$ ldapadd -x -D "cn=Manager,dc=example,dc=com" -w password -f ./tmp01.ldif

Ubuntu Server

Client Trouble Shooting

Arch Linux

/var/lib/openldap/openldap-data/id2entry.bdb がない時

# slapadd -l /etc/openldap/schema/core.ldif

Return

Jan/25/2016 AM 08:15