中止
openLDAPからこの「389 Directory Server」をLDAPサーバとして用意するディストリビューターが増えてきた.
ここではこの「389 Directory Server」を作ってみる. 本家様https://directory.fedoraproject.org/
インストール †
参照先https://directory.fedoraproject.org/docs/389ds/download.html
「dnf module」で入れるようで初めて.
[root@ldap-server ~]# dnf install epel-release
[root@ldap-server ~]# dnf module list 389-directory-server
Last metadata expiration check: 0:09:07 ago on Sat 23 Apr 2022 05:51:51 AM EDT.
Extra Packages for Enterprise Linux Modular 8 - x86_64
Name Stream Profiles Summary
389-directory-server next default, minimal 389 Directory Server
389-directory-server stable default [d], legacy, minimal 389 Directory Server
389-directory-server testing default [d], legacy, minimal 389 Directory Server
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
[root@ldap-server ~]# dnf module install 389-directory-server
[root@ldap-server ~]# rpm -qi 389-ds-base
Name : 389-ds-base
Version : 2.0.15
Release : 1.module_el8+14185+adb3f555
Architecture: x86_64
Install Date: Sat 23 Apr 2022 06:04:14 AM EDT
Group : Unspecified
Size : 11771947
License : GPLv3+ and (ASL 2.0 or MIT)
Signature : RSA/SHA256, Thu 24 Mar 2022 08:10:06 AM EDT, Key ID 21ea45ab2f86d6a1
Source RPM : 389-ds-base-2.0.15-1.module_el8+14185+adb3f555.src.rpm
Build Date : Thu 24 Mar 2022 07:17:41 AM EDT
Build Host : buildvm-x86-19.iad2.fedoraproject.org
Relocations : (not relocatable)
Packager : Fedora Project
Vendor : Fedora Project
URL : https://www.port389.org
Bug URL : https://bugz.fedoraproject.org/389-ds-base
Summary : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.
[root@ldap-server ~]#
設定 †
「dscreate」コマンドで実行なのだが
[root@ldap-server ~]# dscreate --help
usage: dscreate [-h] [-v] [-j] {from-file,interactive,create-template} ...
positional arguments:
{from-file,interactive,create-template}
action
from-file Create an instance of Directory Server from an inf
answer file
interactive Start interactive installer for Directory Server
installation
create-template Display an example inf answer file, or provide a file
name to write it to disk.
optional arguments:
-h, --help show this help message and exit
-v, --verbose Display verbose operation tracing during command
execution
-j, --json Return the result as a json message
[root@ldap-server ~]#
とあように「interactive」で作るか「create-template」でテンプレートを吐き出して「from-file」でシステムに反映させるみたい.
作成ドキュメントが残るのがいいか、いやそれはシステムに反映されるので最新ではなくなる. 初期の構成よりも今だろ. とかとかとか.
ここでは「interactive」で作ってみる
[root@ldap-server ~]# dscreate interactive
Install Directory Server (interactive mode)
===========================================
Enter system's hostname [ldap-server.sybyl.local]:
Enter the instance name [ldap-server]: sybyl
Enter port number [389]:
Create self-signed certificate database [yes]:
Enter secure port number [636]:
Enter Directory Manager DN [cn=Directory Manager]: cn=Manager,dc=sybyl,dc=local
Enter the Directory Manager password:
Confirm the Directory Manager Password:
Enter the database suffix (or enter "none" to skip) [dc=ldap-server,dc=sybyl,dc=local]: dc=sybyl,dc=local
Create sample entries in the suffix [no]:
Create just the top suffix entry [no]: yes
Do you want to start the instance after the installation? [yes]:
Are you ready to install? [no]: yes
Starting installation ...
Validate installation settings ...
Create file system structures ...
Create self-signed certificate database ...
Perform SELinux labeling ...
Create database backend: dc=sybyl,dc=local ...
Perform post-installation tasks ...
Completed installation for instance: slapd-sybyl
[root@ldap-server ~]#
完了すると「/etc/dirsrv」にフォルダが用意される. インスタンス名を「sybyl」としたので「slapd-sybyl」として作られ、稼働状態になってます.
[root@ldap-server ~]# ls -l /etc/dirsrv/
total 4
drwxr-xr-x. 2 root root 55 Apr 23 06:04 config
drwxr-xr-x. 2 root root 25 Apr 23 06:04 schema
drwxrwx---. 3 dirsrv dirsrv 4096 Apr 23 07:08 slapd-sybyl
drwxrwx---. 2 root root 156 Apr 23 07:08 ssca
[root@ldap-server ~]# dsctl sybyl status
Instance "sybyl" is running
[root@ldap-server ~]# ps -ef |grep sybyl
dirsrv 5373 1 0 07:08 ? 00:00:01 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-sybyl -i /run/dirsrv/slapd-sybyl.pid
root 5420 1690 0 07:11 pts/0 00:00:00 grep --color=auto sybyl
[root@ldap-server ~]# lsof -i
:
ns-slapd 5905 dirsrv 8u IPv6 55547 0t0 TCP *:ldap (LISTEN)
ns-slapd 5905 dirsrv 9u IPv6 55548 0t0 TCP *:ldaps (LISTEN)
:
[root@ldap-server ~]# ldapsearch -x -LLL -W -D cn=Manager,dc=sybyl,dc=local -b cn=config dn -o ldif-wrap=no <-- 結構な数のスキーマが登録されている
っで一度作ったインスタンスを削除するには「dsctl <インスタンス> remove --do-it」で消せます. プロセスも止まります
[root@ldap-server ~]# dsctl sybyl remove --do-it
Removing instance ...
Completed instance removal
[root@ldap-server ~]#
firewall †
[root@ldap-server ~]# firewall-cmd --add-service=ldap --add-service=ldaps --zone=public --permanent
[root@ldap-server ~]# firewall-cmd --reload
コンテンツ操作 †
この状態でLDAP Adminで開いてみるとこんな感じ
![[PukiWiki]](image/picc.png "[PukiWiki]")
