OpenLDAPによるLinuxユーザの統合管理 
LDAPサーバの構築
openldap-serversとopenldap-clientsのパッケージをインストール
# yum install openldap-servers openldap-clients
BDB(Berkeley DB)パラメータ・ファイルの作成
# vi /var/lib/ldap/DB_CONFIG
set_cachesize 0 268435456 1 set_lg_regionmax 262144 set_lg_bsize 2097152 set_flags DB_LOG_AUTOREMOVE
ログ管理設定
# vi /etc/syslog.conf
*.info;mail.none;authpriv.none;cron.none;local4.none /var/log/messages local4.* -/var/log/slapd.log
# vi /etc/logrotate.d/syslog
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron /var/log/slapd.log{
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
rootパスワードの設定
# slappasswd -h {SSHA} -s passwd
OpenLDAPサーバ設定ファイル作成
# vi /etc/openldap/slapd.conf
# Schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
# Others
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# SSL/TLS
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Access Control
access to attrs=userPassword
by dn="cn=Manager,dc=my-company,dc=com" write
by self write
by anonymous auth
by * none
access to *
by dn="cn=Manager,dc=my-company,dc=com" write
by self write
by * read
# root suffix
database bdb
suffix "dc=my-company,dc=com"
rootdn "cn=Manager,dc=my-company,dc=net"
rootpw {SSHA}QyhR2cIOifrvls9af4Xr9bMo4337EMfL
directory /var/lib/ldap
# Index
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# chgrp ldap /etc/openldap/slapd.conf # chmod g+r /etc/openldap/slapd.conf
LDAPサービス起動
# chkconfig ldap on # service ldap on
最新コメント