中止

openLDAPからこの「389 Directory Server」をLDAPサーバとして用意するディストリビューターが増えてきた.

ここではこの「389 Directory Server」を作ってみる. 本家様https://directory.fedoraproject.org/

インストール

参照先https://directory.fedoraproject.org/docs/389ds/download.html
「dnf module」で入れるようで初めて.

[root@ldap-server ~]# dnf install epel-release
[root@ldap-server ~]# dnf module list 389-directory-server
Last metadata expiration check: 0:09:07 ago on Sat 23 Apr 2022 05:51:51 AM EDT.
Extra Packages for Enterprise Linux Modular 8 - x86_64
Name                                Stream                       Profiles                                       Summary
389-directory-server                next                         default, minimal                               389 Directory Server
389-directory-server                stable                       default [d], legacy, minimal                   389 Directory Server
389-directory-server                testing                      default [d], legacy, minimal                   389 Directory Server
 
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
 
[root@ldap-server ~]# dnf module install 389-directory-server
 
[root@ldap-server ~]# rpm -qi 389-ds-base
Name        : 389-ds-base
Version     : 2.0.15
Release     : 1.module_el8+14185+adb3f555
Architecture: x86_64
Install Date: Sat 23 Apr 2022 06:04:14 AM EDT
Group       : Unspecified
Size        : 11771947
License     : GPLv3+ and (ASL 2.0 or MIT)
Signature   : RSA/SHA256, Thu 24 Mar 2022 08:10:06 AM EDT, Key ID 21ea45ab2f86d6a1
Source RPM  : 389-ds-base-2.0.15-1.module_el8+14185+adb3f555.src.rpm
Build Date  : Thu 24 Mar 2022 07:17:41 AM EDT
Build Host  : buildvm-x86-19.iad2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : https://www.port389.org
Bug URL     : https://bugz.fedoraproject.org/389-ds-base
Summary     : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server.  The base package includes
the LDAP server and command line utilities for server administration.
 
[root@ldap-server ~]#

設定

「dscreate」コマンドで実行なのだが

[root@ldap-server ~]# dscreate --help
usage: dscreate [-h] [-v] [-j] {from-file,interactive,create-template} ...
 
positional arguments:
  {from-file,interactive,create-template}
                        action
    from-file           Create an instance of Directory Server from an inf
                        answer file
    interactive         Start interactive installer for Directory Server
                        installation
    create-template     Display an example inf answer file, or provide a file
                        name to write it to disk.
 
optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Display verbose operation tracing during command
                        execution
  -j, --json            Return the result as a json message
[root@ldap-server ~]#

とあように「interactive」で作るか「create-template」でテンプレートを吐き出して「from-file」でシステムに反映させるみたい.
作成ドキュメントが残るのがいいか、いやそれはシステムに反映されるので最新ではなくなる. 初期の構成よりも今だろ. とかとかとか.
ここでは「interactive」で作ってみる

[root@ldap-server ~]# dscreate interactive
Install Directory Server (interactive mode)
===========================================
 
Enter system's hostname [ldap-server.sybyl.local]:
 
Enter the instance name [ldap-server]: sybyl
 
Enter port number [389]:
 
Create self-signed certificate database [yes]:
 
Enter secure port number [636]:
 
Enter Directory Manager DN [cn=Directory Manager]: cn=Manager,dc=sybyl,dc=local
Enter the Directory Manager password:
Confirm the Directory Manager Password:
 
Enter the database suffix (or enter "none" to skip) [dc=ldap-server,dc=sybyl,dc=local]: dc=sybyl,dc=local
 
Create sample entries in the suffix [no]:
 
Create just the top suffix entry [no]: yes
 
Do you want to start the instance after the installation? [yes]:
 
Are you ready to install? [no]: yes
Starting installation ...
Validate installation settings ...
Create file system structures ...
Create self-signed certificate database ...
Perform SELinux labeling ...
Create database backend: dc=sybyl,dc=local ...
Perform post-installation tasks ...
Completed installation for instance: slapd-sybyl
 
[root@ldap-server ~]#

完了すると「/etc/dirsrv」にフォルダが用意される. インスタンス名を「sybyl」としたので「slapd-sybyl」として作られ、稼働状態になってます.

[root@ldap-server ~]# ls -l /etc/dirsrv/
total 4
drwxr-xr-x. 2 root   root     55 Apr 23 06:04 config
drwxr-xr-x. 2 root   root     25 Apr 23 06:04 schema
drwxrwx---. 3 dirsrv dirsrv 4096 Apr 23 07:08 slapd-sybyl
drwxrwx---. 2 root   root    156 Apr 23 07:08 ssca
 
[root@ldap-server ~]# dsctl sybyl status
Instance "sybyl" is running
 
[root@ldap-server ~]# ps -ef |grep sybyl
dirsrv      5373       1  0 07:08 ?        00:00:01 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-sybyl -i /run/dirsrv/slapd-sybyl.pid
root        5420    1690  0 07:11 pts/0    00:00:00 grep --color=auto sybyl
 
[root@ldap-server ~]# lsof -i
 :
ns-slapd  5905 dirsrv    8u  IPv6  55547      0t0  TCP *:ldap (LISTEN)
ns-slapd  5905 dirsrv    9u  IPv6  55548      0t0  TCP *:ldaps (LISTEN)
 :
[root@ldap-server ~]# ldapsearch -x -LLL -W -D cn=Manager,dc=sybyl,dc=local -b  cn=config dn -o ldif-wrap=no     <-- 結構な数のスキーマが登録されている

っで一度作ったインスタンスを削除するには「dsctl <インスタンス> remove --do-it」で消せます. プロセスも止まります

[root@ldap-server ~]# dsctl sybyl remove --do-it
Removing instance ...
Completed instance removal
 
[root@ldap-server ~]#

firewall

[root@ldap-server ~]# firewall-cmd --add-service=ldap --add-service=ldaps --zone=public --permanent
[root@ldap-server ~]# firewall-cmd --reload

コンテンツ操作

この状態でLDAP Adminで開いてみるとこんな感じ
2022y04m23d_203526346.png


トップ   編集 添付 複製 名前変更     ヘルプ   最終更新のRSS
Last-modified: 2022-04-23 (土) 23:59:25 (118d)