
ãã®ããããŸãããã£ã¬ã¯ããªãµãŒãã¹ãµãŒããŒïŒä»¥éãLDAPãµãŒããŒãšåŒã³ãŸãïŒã䜿çšããçç±ã«ã€ããŠç°¡åã«èª¬æããŸãã LDAPãµãŒããŒã¯ãäž»ã«ã¢ã«ãŠã³ããšããã«é¢é£ãããã¹ãŠã®ã¹ãã¬ãŒãžãéäžç®¡çããããã«äœ¿çšãããŸãã LDAPãµãŒããŒã¯éå±€åããŒã¿ããŒã¹ã§ããã€ãŸããä»»æã®ããŒã¿ãæ ŒçŽã§ããŸãã
è«ççãªè³ªåã¯æ¬¡ã®ããã«æãããŸãïŒãªãLDAPãªã®ãïŒ MySQLãŸãã¯PostgreSQLã§ã¢ã«ãŠã³ããä¿åããã®ãé£ããã®ã¯ãªãã§ããïŒ çãã¯æããã§ã-äœã=ïŒ
ããããRDBMSã«æ¯ã¹ãŠããã£ã¬ã¯ããªãµãŒãã¹ã«ã¯å€ãã®å©ç¹ããããŸãã
- ãããæšæºã§ãã å€ãã®ã¢ããªã±ãŒã·ã§ã³ã¯ãLDAPãä»ããèªèšŒ/æ¿èªããµããŒãããŠããŸãã
- ããŒã¿ã¯éå±€ããªãŒãšããŠä¿åãããŸããããã«ãããããªãŒã®ç®çã®éšåã匷調衚瀺ããããšã«ãããå¹ççãªæ€çŽ¢æäœãè¡ãããšãã§ããŸãã
- èªã¿åãæäœã®æ°ã¯ãæžã蟌ã¿æäœã®æ°ãããæ°ååå€ãããã®ç¹ã§éåžžã«å€ãã®å©ç¹ããããŸãããã©ã³ã¶ã¯ã·ã§ã³ãšããŒã«ããã¯ã䜿çšããå¿ èŠããªããã¬ããªã±ãŒã·ã§ã³ã¯RDBMSã«åºæã®åé¡ãªãåäœããŸãã
- ã¢ããªã±ãŒã·ã§ã³ã¯ããã¹ãŠã®ãã£ã¬ã¯ããªãµãŒãã¹ãµãŒããŒã§åãæ å ±ã衚瀺ããå¿ èŠããããŸãããµãŒããŒãã¯ã©ã€ã¢ã³ãã¢ããªã±ãŒã·ã§ã³ã«å¿ èŠãªæ å ±ãä¿åããªãå Žåãå¥ã®ãµãŒããŒã«èŠæ±ããããã¢ããªã±ãŒã·ã§ã³ãå¥ã®ãµãŒããŒã«ãªãã€ã¬ã¯ããããã§ããŸãã
- äžèšã®ãã£ã¬ã¯ããªãµãŒãã¹ã®æ©èœã«ããããã®ãµãŒãã¹ã¯å®å šã«æ°Žå¹³ã«æ¡åŒµãããŸãã
ãã£ã¬ã¯ããªãµãŒãã¹ãµãŒããŒã389 Directory Serverã«ãªããŸããã ãã®LDAPãµãŒããŒã®å±¥æŽã¯ãNetscapeãšå¯æ¥ã«é¢é£ããŠããŸãïŒèå³ãããå Žåã¯ã ããã§å±¥æŽãèªãããšãã§ããŸã ïŒã
ãã®LDAPãµãŒããŒã®äž»ãªæ©èœïŒ
- ãã«ããã¹ã¿ãŒè€è£œã MMã¬ããªã±ãŒã·ã§ã³ã«åå ããŠãããã¹ãŠã®ãµãŒããŒã«åæã«ããŒã¿ãæžã蟌ãããšãã§ããå€æŽãã°ããŒã¿ããŒã¹ãšèªå競å解決ã·ã¹ãã ã®ãããã§ãã¬ããªã±ãŒã·ã§ã³ã®ç«¶åãèªåçã«è§£æ±ºãããŸãã MMã¬ããªã±ãŒã·ã§ã³ã¯ããã¹ã¿ãŒã¹ã¬ãŒãããã³ã«ã¹ã±ãŒãã¬ããªã±ãŒã·ã§ã³ãšçµã¿åãããããšãã§ãããããæè»ã§ã¹ã±ãŒã©ãã«ãªãµãŒãã¹ãå©çšã§ããŸãã éšåã¬ããªã±ãŒã·ã§ã³ããµããŒããããŠããŸããããã¯ãã¬ããªã«äžã«ããŒã¿ãååšãããããªãå Žåã«éåžžã«åœ¹ç«ã¡ãŸãã
- 匷åãªACLãšã³ãžã³ã ACLã䜿çšããŠã誰ã«ããã€ãã©ã®LDAPãµãŒããŒã«ãã©ã®å±æ§ãšã©ã®ã¢ã¯ã·ã§ã³ãå®è¡ããããæå®ã§ããŸãã ACLã¯ãæäœå±æ§ãšããŠããŒã¿ãšãšãã«ä¿åãããŸããããããä»ã®ããŒã¿ãšåæ§ã«ãACLã«å¯ŸããŠè€è£œããã³ããã¯ã¢ããæäœãæ©èœããçç±ã§ãã
- Microsoft Active Directoryãšã®åæã ãŠãŒã¶ãŒãã°ã«ãŒãããã¹ã¯ãŒãã®åæ¹ååæããµããŒããããŠããŸãïŒADãã389-dsã«ãã¹ã¯ãŒããåæããã«ã¯ãåãã¡ã€ã³ã³ã³ãããŒã©ãŒã«ç¹å¥ãªãœãããŠã§ã¢ãé 眮ããå¿ èŠããããŸãïŒ
- SSL / TLSã åçŽãªSSL / TLSãµããŒãã¯ãçŸæç¹ã§ã¯èª°ãé©ããªãã§ãããã 389-dsã¯ãSSL蚌ææžã«åºã¥ãèªèšŒ/æ¿èªããµããŒãããŸãã ãã£ã¹ã¯ãžã®æžã蟌ã¿æã«å±æ§ãæå·åããããšãã§ããŸãã ãµãŒããŒã®èµ·åæã«æåã§ããŒãå ¥åããå ŽåãããŒã¿ããŒã¹ãããã¡ã€ã«ãã³ããŒããããšã§ããŒã¿æŒæŽ©ãé²ãããšãã§ããŸãã
- LDAPãä»ãããµãŒããŒç®¡çã ãµãŒããŒã¯ãcn = configã®å±æ§ãå€æŽããããšã«ããæ§æããµããŒãããŸããã»ãšãã©ã®ãã©ã¡ãŒã¿ãŒã¯ããµãŒããŒãåèµ·åããã«é©çšãããŸãã ãŸãããµãŒããŒã§ãcn = tasksãcn = configã«æ°ãããšã³ããªãè¿œå ããããšã«ãããããã¯ã¢ãã/埩å ããã³ãã®ä»ã®ã¿ã¹ã¯ãéå§ã§ããŸãã
- ãã©ã°ã€ã³ ãã¹ãŠã®æ©èœã¯ãã©ã°ã€ã³ã®åœ¢åŒã§å®è£ ãããŸãïŒMMã¬ããªã±ãŒã·ã§ã³ãADãšã®åæãACLãªã©ïŒã ãã©ã°ã€ã³ã®äœæãšè¿œå ã¯ãšãŠãç°¡åã§ãã äŸãå«ãåªããããã¥ã¡ã³ãããããŸãã
389 Directory Serverã確èªããåŸããã®æ§é ã詳ããèŠãŠãããŸãã
389 Directory Serverã®äžè¬çãªæ§é
389 DSã¯ããã€ãã®ã³ã³ããŒãã³ãã§æ§æãããŠããŸãã
- ãã£ã¬ã¯ããªãµãŒããŒèªäœã ããã¯ns-slapdã¢ããªã±ãŒã·ã§ã³ã§ããã¯ã©ã€ã¢ã³ãããã®èŠæ±ãåä¿¡ããŠââåŠçããããŒã¿ããŒã¹ã«ããŒã¿ãè€è£œãèªã¿åããæžã蟌ã¿ããã©ã°ã€ã³ã«å¶åŸ¡ã転éãããªã©ã®ããã»ã¹ã§ãã
- 管çãµãŒã㌠ãã£ã¬ã¯ããªãµãŒããŒã管çããŸãã ãµãŒããŒã¯ãHTTPïŒSïŒãããã³ã«ãä»ããŠç®¡çã€ã³ã¿ãŒãã§ãŒã¹ãæäŸãããã°ããã³è€è£œã¹ããŒã¿ã¹ã衚瀺ããããã®Webã€ã³ã¿ãŒãã§ãŒã¹ãæäŸããŸãã ç©ççã«ã¯ããããã¯ns-slapdã管çããããã®Apache +ã¢ãžã¥ãŒã«ã§ãã
- 管çã³ã³ãœãŒã« 管çãµãŒããŒã«æ¥ç¶ãã䟿å©ãªã€ã³ã¿ãŒãã§ã€ã¹ãä»ããŠãã£ã¬ã¯ããªãµãŒããŒãèšå®ã§ããJavaã¢ããªã±ãŒã·ã§ã³ã Windowsããã³Linuxçšã®ããŒãžã§ã³ããããŸããMacOSã§ã¯ãLinuxãã·ã³ããXã»ãã·ã§ã³ã転éããããšã§æ©èœããŸãã
æåã¯çè«çéšåãšå®çšçéšåãå¥ã ã«æžãããã£ãã®ã§ãããæåã®éšåã¯éå±ã«ãªãããã2çªç®ã®éšåã¯ä¹Ÿç¥ããããããšãæããã«ãªããŸããã ãããã£ãŠãçè«ã®äžéšã®çŽåŸã«å®çšåãããŸãã
ã ããææŠã ãã©ãŒã«ããã¬ã©ã³ããã£ã¬ã¯ããªãµãŒãã¹ãæ§æããå¿ èŠããããŸãã ãããè¡ãã«ã¯ã2ã€ã®ãµãŒããŒãæ§æãããããã®éã®ãã«ããã¹ã¿ãŒã¬ããªã±ãŒã·ã§ã³ãæ§æãã移åIPã¢ãã¬ã¹ãäžããŸãïŒpacemaker + openaisïŒã

ãµãŒããŒã®1ã€ã䜿çšã§ããªããªã£ãå Žåãä»ã®ãµãŒããŒããã®IPãåŒãç¶ãããµãŒãã¹ã¯åŒãç¶ãåäœããŸãã

ãµãŒããŒã埩å ããããšãããŒã¿ããµãŒããŒã«è€è£œãããIPã¢ãã¬ã¹ãLDAP00ã«åãæ¿ããããŸãããŸãã¯ãã¯ã©ã¹ã¿ãŒæ§æã«å¿ããŠãLDAP01ã«æ®ããŸãã

åããµãŒããŒäžã«ãç¬èªã®èšå®ãã¹ããŒããã¬ããªã±ãŒã·ã§ã³ã«ãŒã«ãªã©ãæã€è€æ°ã®åé¢ãããns-slapdã€ã³ã¹ã¿ã³ã¹ãååšããå ŽåããããŸãã ãããã®ã€ã³ã¹ã¿ã³ã¹ã管çã³ã³ãœãŒã«ãã管çã§ããããã«ããã«ã¯ãåãµãŒããŒã«ç®¡çãµãŒããŒïŒä»¥éã管çãµãŒããŒïŒãå¿ èŠã§ãã 管çãµãŒããŒèªäœã«ã¯ãå®è¡æèšå®ãä¿åãããŠããããã1ã€ã®LDAPãµãŒããŒã€ã³ã¹ã¿ã³ã¹ãå¿ èŠã§ãã ããã©ã«ãã§ã¯ã管çãµãŒããŒã®èšå®ã¯ãŠãŒã¶ãŒããŒã¿ãšãšãã«ä¿åãããŸãããããã¯å®å šã§ã¯ãªããšèããŠãããããåãµãŒããŒã«2ã€ã®ã€ã³ã¹ã¿ã³ã¹ããããŸãïŒ1ã€ã¯ç®¡çãµãŒããŒã®èšå®ãå«ã¿ã2ã€ç®ã¯ããŒã¿ã§ãã ãã®ã¹ããŒã ã§ã¯ãããŒãã®1ã€ã«é害ãçºçããå ŽåãLDAPãµãŒãã¹ã ãã§ãªããããã管çããæ©èœãåäœããŸãã
ãã£ã¬ã¯ããªãµãŒãã¹ã§ã¯ã2ã€ã®ldap00ãµãŒããŒãšldap01ãµãŒããŒã䜿çšããŸãã ããããã«2ã€ã®LDAPãµãŒããŒã€ã³ã¹ã¿ã³ã¹ãã€ã³ã¹ããŒã«ãããŸãã1ã€ã¯ç®¡çãµãŒããŒã®ããŒãºçšããã1ã€ã¯ããŒã¿çšã§ãã
ã€ã³ã¹ããŒã«èšç»ã¯æ¬¡ã®ãšããã§ãã
- ldap00ã«æåã®ãµãŒããŒãã€ã³ã¹ããŒã«ããŸãã
- ldap00ã§ã¬ããªã±ãŒã·ã§ã³ãæ§æããŸãã
- ldap01ã«ldapã€ã³ã¹ã¿ã³ã¹ãã€ã³ã¹ããŒã«ããŠæ§æããŸãã
- ldap01ã«ç®¡çãµãŒããŒãã€ã³ã¹ããŒã«ããŸãã
- ãŠãŒã¶ãŒããŒã¿ãä¿åããããã«ãLDAPã€ã³ã¹ã¿ã³ã¹ãã€ã³ã¹ããŒã«ããŠæ§æããŸãã
ldap00ã«æåã®ãµãŒããŒãã€ã³ã¹ããŒã«ãã
æ¢è£œã®rpmã¯ãCentosãRHELãFedora Coreã®EPELãªããžããªã§ã³ã³ãã€ã«ãããŸãã ãããã®ã·ã¹ãã ã®ãããããããå Žåã¯ãEPELãªããžããªã«æ¥ç¶ããyumãä»ããŠã€ã³ã¹ããŒã«ãå®äºããŸãã
SLESã䜿çšããŠãããããOpenSUSEãã«ããµãŒãã¹ã§ãã®ã·ã¹ãã ã®ãã¹ãŠã®ããã±ãŒãžãåéããå¿ èŠããããŸããã debian / ubuntuããæã¡ã®å Žå- ãã®ããã¥ã¡ã³ãããèªã¿ãã ããã
389 DSã«å ããŠããµãŒããŒã€ã³ã¹ã¿ã³ã¹ã®ã€ã³ã¹ããŒã«ã«äœ¿çšãããperlã¹ã¯ãªããã®ã»ããããããŸãã
ãããã®ããã€ãã次ã«ç€ºããŸãã
- setup - ds.pl -LDAPãµãŒããŒã€ã³ã¹ã¿ã³ã¹ãã€ã³ã¹ããŒã«ããŸãããµãŒããŒã¯ç®¡çãµãŒããŒã«æ¥ç¶ããã«äœæãããŸãã
- setup - ds - admin.pl-管çãµãŒããŒãã€ã³ã¹ããŒã«ããŸããå¿ èŠã«å¿ããŠãLDAPãµãŒããŒã€ã³ã¹ã¿ã³ã¹ãã€ã³ã¹ããŒã«ããŠæ§æãä¿åããŸãã
- register -ds-admin.pl-ã€ã³ã¹ã¿ã³ã¹ã管çãµãŒããŒã«æ¥ç¶ããå¿ èŠã«å¿ããŠç®¡çãµãŒããŒãã€ã³ã¹ããŒã«ããŸãã
- remove - ds.pl-ã€ã³ã¹ã¿ã³ã¹ãåé€ããŸãã
- remove - ds - admin.pl-管çãµãŒããŒãšãã¹ãŠã®ã€ã³ã¹ã¿ã³ã¹ãåé€ããŸãã
- dsktune-ããã©ãŒãã³ã¹ãåäžãããããã«å€æŽããå¿ èŠãããã·ã¹ãã ãã©ã¡ãŒã¿ã衚瀺ããŸãã
ãŸããdsktuneãå®è¡ããŸãã
ldap00ïŒãïŒdsktune
389 Directory Serverã·ã¹ãã ãã¥ãŒãã³ã°åæããŒãžã§ã³10-AUGUST-2007ã
泚æïŒã·ã¹ãã ã¯x86_64-unknown-linux2.6.27.42-0.1-xenïŒ1ããã»ããµãŒïŒã§ãã
泚æïŒnet.ipv4.tcp_keepalive_timeã¯7200000ããªç§ã«èšå®ãããŠããŸã
ïŒ120åïŒã ããã«ãããäžæçãªãµãŒããŒã®èŒ»èŒ³ã倱ãããå¯èœæ§ããããŸã
ã¯ã©ã€ã¢ã³ãæ¥ç¶ã
èŠåïŒäœ¿çšå¯èœãªãã¡ã€ã«èšè¿°åïŒããŒãå¶éïŒã¯1024ã®ã¿ã§ãã
åææ¥ç¶ã®æ°ãå¶éããŸãã
èŠåïŒå©çšã§ãããã¡ã€ã«èšè¿°åã¯1024ïŒãœããå¶éïŒã®ã¿ã§ãã
åææ¥ç¶ã®æ°ãå¶éããŸãã
ãŠãŒãã£ãªãã£ã¯ã匷åããå¿ èŠãããã·ã¹ãã ãã©ã¡ãŒã¿ã«ã€ããŠèšè¿°ããŸããã ç§ã®å Žåãããã¯net.ipv4.tcp_keepalive_timeã§ãããéããŠãããã¡ã€ã«ã®å¶éã§ãã
tcp_keepalive_timeã¯ãæåŸã«éä¿¡ããããã±ããããæåã®ããŒãã¢ã©ã€ããéä¿¡ããããŸã§ã®æéã§ãã å€ã倧ããå Žåãã¯ã©ã€ã¢ã³ãããæ»ãã§ãããå Žåãæ¥ç¶ã¯é·æéïŒããã©ã«ãã§ã¯120åïŒéãããŸãŸã«ãªããŸãã ãã®å€ã10åã«èšå®ããŸãã
echo 600 > /proc/sys/net/ipv4/tcp_keepalive_time
/etc/sysctl.confã«è¿œå ããŸãã
net.ipv4.tcp_keepalive_time = 600
éããŠãããã¡ã€ã«ã®å¶éãå¢ããã«ã¯ã/ etc / security / limits.confã«è¿œå ããŸãã
* - nofile 8192
dsktuneãå床å®è¡ããŠããã¹ãŠã®ã€ã³ã¹ããŒã«ã®æºåãæŽã£ãŠããããšã確èªããŠãã ããã
次ã«ã setup-ds-admin.plã¹ã¯ãªãããå®è¡ããŸã
ã©ã€ã»ã³ã¹ã«åæãããã389 Directory and Administration Serverãã€ã³ã¹ããŒã«ãããã©ãããå°ããããdsktuneãå床å®è¡ããŸããæåŸã«ãã€ã³ã¹ããŒã«ã®çš®é¡ãéžæããããã®ã¡ãã¥ãŒã衚瀺ãããŸãã
ã»ããã¢ããã¿ã€ããéžæããŸãã
1.ãšã¯ã¹ãã¬ã¹
ã䜿çšããŠãµãŒããŒãè¿ éã«ã»ããã¢ããã§ããŸã
å ±éãªãã·ã§ã³ãšäºåå®çŸ©ãããããã©ã«ãã è¿ éã«åœ¹ç«ã€
補åã®è©äŸ¡ã
2.å žåçãª
äžè¬çãªããã©ã«ããšãªãã·ã§ã³ãæå®ã§ããŸãã
3.ã«ã¹ã¿ã
ãã詳现ãªãªãã·ã§ã³ãæå®ã§ããŸãã ããã¯
çµéšè±å¯ãªãµãŒããŒç®¡çè ã®ã¿ã«æšå¥šã
æ¬åŒ§å ã«ç€ºãããŠããããã©ã«ããåãå ¥ããã«ã¯ãEnterããŒãæŒããŸãã
ã»ããã¢ããã¿ã€ããéžæ[2]ïŒ
3çªç®ã®é ç®ãéžæããŸãïŒçµéšè±å¯ãªãµãŒããŒç®¡çè =ïŒ
次ã«ãLDAPãµãŒããŒãèµ·åããFQDNãšåå/ã°ã«ãŒããæå®ããããæ±ããããŸãã
æ§æãã£ã¬ã¯ããªãµãŒããŒããŸã ãªãå Žåã¯ãããããããå ¥åããŠ
1ã€èšå®ããããã«æ±ããããŸãã
ãã®ãœãããŠã§ã¢ãæ¢åã®ãœãããŠã§ã¢ã«ç»é²ããŸãã
èšå®ãã£ã¬ã¯ããªãµãŒããŒïŒ [ããã]ïŒ
ããã§ã¯ãæ¢åã®ãã£ã¬ã¯ããªãµãŒããŒã䜿çšããŠãµãŒããŒã«é¢ããæ å ±ãä¿åãããã©ãããå°ããããŸãã ãããæåã®ãµãŒããŒã§ããããã ããããšçããŸãã
管çãµãŒããŒã«é¢ãã質åã¯æ¬¡ã®ãšããã§ãã管çè IDããã¹ã¯ãŒãã管çãã¡ã€ã³ãããã©ã«ãã§ã¯åçãæ®ããŸãïŒãã¹ã¯ãŒããé€ãïŒã
次ã«ãLDAPãµãŒããŒããªãã¹ã³ããããŒããæå®ããå¿ èŠããããŸãã ããã¯ç®¡çãµãŒããŒã®æ§æã®ã¿ãä¿åããã€ã³ã¹ã¿ã³ã¹ã§ããããšã«åæããŸããããã®ãããããŒã6389ã«è»¢éããŸãã次ã«ããã£ã¬ã¯ããªãµãŒããŒèå¥åãæå®ããŸãã ã€ã³ã¹ã¿ã³ã¹ã«config-instanceãšããååãä»ããŸãããã ããã©ã«ãã§ã¯ãã«ãŒãããªãŒã®ãµãã£ãã¯ã¹ã«é¢ãã質åã«åçããŸãããã®ã€ã³ã¹ã¿ã³ã¹ã«ã¯ã«ãŒãããªãŒããªããããåŸã§åé€ã§ããŸãã
次ã«ãDirectory Manager DNã«ã€ããŠè³ªåããããŸãã
Directory Managerã¯ãLDAPãµãŒããŒã®ã«ãŒããŠãŒã¶ãŒã§ãã åã€ã³ã¹ã¿ã³ã¹ã«ã¯ãç¬èªã®ããŒã«ã«Directory ManagerããããŸãã
以äžã¯ãDirectory Managerã®ãã¹ã¯ãŒãã«é¢ãã質åã§ãããµã³ãã«ãšã³ããªãã«ãŒããµãã£ãã¯ã¹ã«è¿œå ããæ°ããã€ã³ã¹ã¿ã³ã¹ã«ããŒã¿ãå ¥åãã管çãµãŒããŒãæ©èœããããŒãåãIPã¢ãã¬ã¹ããŠãŒã¶ãŒåãå°ããŸããã ãã®åŸãæåŸã«ç¢ºèªãæ±ããŠã€ã³ã¹ããŒã«ãéå§ããŸãã
ldap00ã§ã¬ããªã±ãŒã·ã§ã³ãæ§æãã
ãµãŒããŒã«æ¥ç¶ããã«ã¯ã389ã³ã³ãœãŒã«ç®¡çã³ã³ãœãŒã«ãã€ã³ã¹ããŒã«ããŠå®è¡ããå¿ èŠããããŸãã

管çURLãšããŠãã€ã³ã¹ããŒã«äžã«æå®ãã管çãµãŒããŒã®ã¢ãã¬ã¹ãšããŒããå ¥åããå¿ èŠããããŸãã
次ã«ããµãŒããŒã³ã³ãããŒã«ããã«ãéããŸãã ããã§ã€ã³ã¹ã¿ã³ã¹ã¯1ã€ã ãã«ãªããŸãããéžæããŸãã

管çã³ã³ãœãŒã«ããããµãã£ãã¯ã¹dc = eduãdc = scalaxyãdc = localãåé€ããŸã

æ®ã£ãŠãããµãã£ãã¯ã¹ã¯1ã€ã ãã§ãããŒã¿ããŒã¹ã«ã¯ç®¡çãµãŒããŒã®æ§æããŒã¿ããããŸãã
è€è£œã®åçã«ã€ããŠå°ã説æããŸãã
ãµãã©ã€ã€ãšã³ã³ã·ã¥ãŒãã®2çš®é¡ã®ãµãŒããŒãã¬ããªã±ãŒã·ã§ã³ã«åå ããŸãã
ãµãã©ã€ã€ -ã¬ããªã«ãå¥ã®ãµãŒããŒã«ã³ããŒãããµãŒããŒã
ãµãŒããŒãµãã©ã€ã€ãŒã®è²¬ä»»ïŒ
- 顧客ã®èªã¿æžãèŠæ±ã«å¿ããŸãã
- ã¬ããªã«å€æŽã¹ããŒã¿ã¹æ å ±ã®ç¶æ
- ã³ã³ã·ã¥ãŒããµãŒããŒãžã®ã¬ããªã±ãŒã·ã§ã³ã®åæåã
èšé²ã¯ãã®ãµãŒããŒã§ã®ã¿è¡ããããã®åŸä»ã®åéšã«è€è£œãããããããµãã©ã€ã€ãŒãµãŒããŒã¯åžžã«å©çšå¯èœã§ããå¿ èŠããããŸãã
ãµãã©ã€ã€ãµãŒããŒãšã®éä¿¡ã倱ããããšããã£ã¬ã¯ããªãžã®æžã蟌ã¿ãã§ããªããªããŸãã
ã³ã³ã·ã¥ãŒãã¯ãå¥ã®ãµãŒããŒããã¬ããªã«ãä¿åãããµãŒããŒã§ãã ãã«ããã¹ã¿ãŒã¬ããªã±ãŒã·ã§ã³ã®å Žåã2ã€ã®ãµãŒããŒããµãã©ã€ã€ãšã³ã³ã·ã¥ãŒãã®äž¡æ¹ã«ãªããŸãã
æ¶è²»è ã¯ïŒ
- ã¯ã©ã€ã¢ã³ãããã®èªã¿åãèŠæ±ã«çããŸãã
- ããŒã¿æŽæ°ã®ãªã¯ãšã¹ãããµãŒããŒã«è»¢éããŸãã
- ã¬ã³ãŒããè¿œå ãåé€ããŸãã¯æŽæ°ããèŠæ±ãåä¿¡ãããšãèŠæ±ã¯ãµãã©ã€ã€ãµãŒããŒã«è»¢éãããŸãã
åãµãã©ã€ã€ãµãŒããŒã«ã¯ç¬èªã®å€æŽãã°ããããã¬ããªã«ã§çºçãããã¹ãŠã®å€æŽã«é¢ããæ å ±ãä¿åãããŸãã
ãµãã©ã€ã€ãµãŒããŒã¯ãåã³ã³ã·ã¥ãŒããµãŒããŒã§ãããã®å€æŽãç¹°ãè¿ããŸãã
çè«çã«å°ãç¥èãè±å¯ã«ãªã£ãã®ã§ãæ§æã䜿çšããŠãã«ããã¹ã¿ãŒã€ã³ã¹ã¿ã³ã¹ã®ã¬ããªã±ãŒã·ã§ã³ãæ§æã§ããŸãã
å€æŽãã°ç®¡çã¯ããã©ã«ãã§ç¡å¹ã«ãªã£ãŠããã[ã¬ããªã±ãŒã·ã§ã³]ã¿ãã§æå¹ã«ãªã£ãŠããŸãã å€æŽãã°ã¯ããã¹ãŠã®ããŒã¿ããŒã¹ã«å¯ŸããŠåæã«ãªã³ã«ãªããŸãã
次ã«ãNetscapeRootããŒã¿ããŒã¹ã®ã¬ããªã±ãŒã·ã§ã³ãæå¹ã«ããŸãã ã¬ããªã«IDãšãµãã©ã€ã€ãŒDNãæå®ããå¿ èŠããããŸãã
ãµãã©ã€ã€DNã¯ãLDAPãµãŒããŒã§ã®è€è£œãèš±å¯ãããŠãããŠãŒã¶ãŒã®ååã§ãã ãã®ãããªãŠãŒã¶ãŒã¯ãã¬ããªã±ãŒã·ã§ã³ãã«ããã¹ã¿ãŒã«åå ãããã¹ãŠã®LDAPãµãŒããŒã§äœæããå¿ èŠããããŸãã
ãããè¡ãæãéãæ¹æ³ã¯ãldapmodifyãŠãŒãã£ãªãã£ã䜿çšããããšã§ãã ãã®ãŠãŒãã£ãªãã£ã䜿çšãããšãLDAPã®ããŒã¿ã察話圢åŒã§å€æŽããããldifãã¡ã€ã«ããã³ãã³ããååŸãããã§ããŸãã
ldapmodify -h 127.0.0.1 -p 6389 -x -D "cn=root" -W
Enter LDAP Password:
dn: cn=replication manager,cn=config
changetype: add
objectClass: inetorgperson
objectClass: person
objectClass: top
objectClass: organizationalPerson
cn: replication manager
sn: RM
userPassword: <password>
passwordExpirationTime: 20380119031407Z
çãã¯
adding new entry "cn=replication manager,cn=config"
åèšãæã ã¯åŸãïŒ

2çªç®ã®ãµãŒããŒã®ã¬ããªã±ãŒã·ã§ã³ã¢ã°ãªãŒã¡ã³ããããã«äœæããŸãã NetscapeRootããŒã¹ã®ã³ã³ããã¹ãã¡ãã¥ãŒã§ã[æ°ããè€è£œåæ]ãéžæããåãæ¹æ³ã§å ¥åããŸãã

ãµãŒããŒã«æ¥ç¶ã§ããªãããšãèŠåããŸãïŒãŸã æ¥ç¶ããŠããªãããïŒãæåŸã®ãã€ã³ãã«å°éããã ã³ã³ã·ã¥ãŒããŒãåæåããªã ããèšå®ããŸã ã
ldap01ã«ldapã€ã³ã¹ã¿ã³ã¹ãã€ã³ã¹ããŒã«ããŠæ§æããŸã
次ã«ã2çªç®ã®LDAPãµãŒããŒãæ§æããå¿ èŠããããŸãã 圌ãšã¯å°ãéãããªããªã 管çãµãŒããŒã®ã€ã³ã¹ããŒã«ã¯ãã€ã³ã¹ããŒã«æžã¿ã®LDAPãµãŒããŒã§æ¢ã«è¡ãããŠããã¯ãã§ããldapmodifyãŠãŒãã£ãªãã£ã䜿çšããŠã³ã³ãœãŒã«ããåææ§æãå®è¡ããŸãïŒãã®ãã£ã¬ã¯ããªãµãŒããŒã®åäœãææ¡ããããšãã¿ã¹ã¯ã®å Žåã¯ãã©ã¹ã§ãïŒã
æåã«ã setup-ds.plã¹ã¯ãªããã䜿çšãã2çªç®ã®ãµãŒããŒã§ã管çãµãŒããŒã«ãã£ãŠå¶åŸ¡ãããªãã€ã³ã¹ã¿ã³ã¹ãäœæããå¿ èŠããããŸãã
ã¹ã¯ãªããã®è³ªåã«å¯Ÿããåçã¯ãåã®è³ªåãšåæ§ã§ãã
LDAPãµãŒããŒãã€ã³ã¹ããŒã«ããåŸã ldapmodifyãä»ããŠæ¥ç¶ããæ§æããŸãã
æ¥ç¶ã¯ããã次ã®ãšããã§ãã
ldapmodify -h 127.0.0.1 -p 6389 -D "cn=root" -W
1ïŒ changelogããªã³ã«ããŸãã
dn: cn=changelog5,cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
cn: changelog5
nsslapd-changelogdir: /var/lib/dirsrv/slapd-ldap01/changelogdb
changelogdirã¯ãã€ã³ã¹ã¿ã³ã¹ã®ååãæã€ãã£ã¬ã¯ããªãæãå¿ èŠããããŸãã
2ïŒãŠãŒã¶ãŒè€è£œãããŒãžã£ãŒãè¿œå ããŸãïŒ
dn: cn=replication manager,cn=config
changetype: add
objectClass: inetorgperson
objectClass: person
objectClass: top
objectClass: organizationalPerson
cn: replication manager
sn: RM
userPassword: <passowrd>
passwordExpirationTime: 20380119031407Z
20380119031407Zã¯ããã¹ã¯ãŒãã®æå¹æéãåããŠããªãããšãæå³ããŸãã
3ïŒ netscaperootãµãã£ãã¯ã¹ãäœæããŸã ã
dn: cn="o=netscaperoot",cn=mapping tree,cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
objectclass: nsMappingTree
nsslapd-state: backend
nsslapd-backend: NetscapeRoot
cn: "o=netscaperoot"
4ïŒ netscaperootãµãã£ãã¯ã¹ã®ããŒã¹ãäœæããŸãã
dn: cn=NetscapeRoot,cn=ldbm database,cn=plugins,cn=config
changetype: add
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: o=netscaperoot
ãšããã§ã389 DSã¯ããã©ã«ãã§Berkeley DBéãªã¬ãŒã·ã§ãã«ããŒã¿ããŒã¹ã®ä¿®æ£ããŒãžã§ã³ã䜿çšããŠãã£ã¬ã¯ããªãšã³ããªãä¿åããŸãã ãåžæã®å Žåã¯ã ãã¡ããã芧ãã ãã ã
5ïŒã«ãŒããäœæããŸão = NetScapeRoot ïŒ
dn: o=NetscapeRoot
changetype: add
objectClass: organization
objectClass: top
o: NetscapeRoot
6ïŒo = netscaperootã®è€è£œãèš±å¯ããŸãã
dn: cn=replica,cn="o=netscaperoot", cn=mapping tree, cn=config
changetype: add
objectClass: nsDS5Replica
objectClass: top
nsDS5ReplicaId: 2
nsDS5ReplicaRoot: o=netscaperoot
cn: replica
nsDS5Flags: 1
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsds5ReplicaChangeCount: 0
nsds5ReplicaPurgeDelay: 604800
nsDS5ReplicaType: 3
nsDS5ReplicaIdããµãŒããŒçªå·ïŒ nsDS5ReplicaType-ã¬ããªã±ãŒã·ã§ã³ã¿ã€ãã3-ãã«ããã¹ã¿ãŒïŒã«å€æŽããããšãå¿ããªãã§ãã ããã
ãã®æç¹ã§ããã§ã«ldap00ããldap01ãžã®çæ¹åã¬ããªã±ãŒã·ã§ã³ãæ§æãããŠããŸãã
æåŸã®ã¹ãããã¯æ¬¡ã®ãšããã§ãã
7ïŒldap01ããldap00ãžã®ã¬ããªã±ãŒã·ã§ã³ãæ§æããŸãã
dn: cn=Multimaster replication, cn=replica, cn="o=netscaperoot", cn=mapping
tree, cn=config
changetype: add
objectClass: top
objectClass: nsDS5ReplicationAgreement
cn: Multimaster replication
description: replication for netscaperoot
nsDS5ReplicaBindDN: cn=replication manager,cn=config
nsDS5ReplicaBindMethod: SIMPLE
nsds5replicaChangesSentSinceStartup:
nsDS5ReplicaCredentials: <password>
nsDS5ReplicaHost: ldap00.edu.scalaxy.local
nsDS5ReplicaPort: 6389
nsDS5ReplicaRoot: o=netscaperoot
nsDS5ReplicaTransportInfo: LDAP
nsds5replicaUpdateInProgress: FALSE
nsDS5ReplicaBindDN-ã¬ããªã±ãŒã·ã§ã³ãå®è¡ããããŠãŒã¶ãŒã®åå
nsDS5ReplicaCredentials-ãã¹ã¯ãŒã
8ïŒldap00ããldap01ãžã®åæã¬ããªã±ãŒã·ã§ã³éå§ïŒ
æåã®ãµãŒããŒã§ã 次ã®ã³ãã³ããå®è¡ããŸãã
dn: cn=Multimaster replication,cn=replica,cn="o=netscaperoot",cn=mapping tree,cn=config
changetype: modify
replace: nsds5beginreplicarefresh
nsds5beginreplicarefresh: start
ãã®ã³ãã³ãã¯ãldap00ããldap01ã«ããŒã¿ãè€è£œããŸãã2çªç®ã®ãµãŒããŒã§ã¯o = netscaperootã空ã§ããããããã®æäœãå¿ èŠã§ãã
ããã§ã管çãµãŒããŒæ§æã§ãã£ã¬ã¯ããªãå®å šã«è€è£œã§ããŸããã
ldap01ã«ç®¡çãµãŒããŒãã€ã³ã¹ããŒã«ãã
2çªç®ã®ãµãŒããŒã§ç®¡çãµãŒããŒãäžããå¿ èŠããããŸãã
register-ds-admin.pl
ã¹ã¯ãªãããå®è¡ããŸã
æ§æãã£ã¬ã¯ããªãµãŒããŒURLãæå®ããããã«æ±ãããããã2çªç®ã®ãµãŒããŒldapã® LDAP URLãå ¥åããŸãã//ldap01.edu.scalaxy.localïŒ6389 / o = NetscapeRoot
ãã以äžã®èšå®ã¯ç°¡åã§ããã¹ã¯ãªããã®æ瀺ã«åŸã£ãŠãã ããã
ãŠãŒã¶ãŒããŒã¿ãä¿åããããã®LDAPã€ã³ã¹ã¿ã³ã¹ã®ã€ã³ã¹ããŒã«ãšæ§æ
ããã§ã管çã³ã³ãœãŒã«ãä»ããŠä»»æã®ç®¡çãµãŒããŒã«æ¥ç¶ã§ããŸãã
ãµãŒããŒã°ã«ãŒãã®åãµãŒããŒã§ãæ°ããLDAPãµãŒããŒã€ã³ã¹ã¿ã³ã¹ãäœæããŸããããã¯ãããŒã¿ãä¿åããLDAPãµãŒããŒã«ãªããŸãã

åãååã«åŸã£ãŠ2ã€ã®ã€ã³ã¹ã¿ã³ã¹éã®ãã«ããã¹ã¿ãŒã¬ããªã±ãŒã·ã§ã³ãæ§æããŸãïŒGUIãšã³ã³ãœãŒã«ã®äž¡æ¹ã§ã¬ããªã±ãŒã·ã§ã³ãæ§æã§ããããã«ãªããŸããïŒã
ããã§ãšãããããŸãïŒ ãã§ãŒã«ã»ãŒããã£ã¬ã¯ããªãµãŒãã¹ãèšå®ããŸããïŒ æ¬¡ã«ããµãŒãã¹ã®ããŠã³ã¿ã€ã ããªããããã«ãopenais + pacemakerãæ§æããå¿ èŠããããŸãã
䜿çšãããããã¥ã¡ã³ãïŒ
directory.fedoraproject.org/wiki/Documentation
www.redhat.com/docs/manuals/dir-server