LDAP/upgrade/CentOS5 をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
|
ログイン
]
開始行:
CentOS5のOpenLDAP 2.3からRockyLinux8のOpenLDAP 2.4にLDAP...
でも2.4でも「slapd.conf」でLDAPを作れるのだが、2.6が目に...
-RHEL8系 RockyLinux8 openldap-2.4.46
-RHEL9系 RockyLinux9 openldap-2.6.2
-ubuntu 18.04 LTS openldap-2.4.45
-ubuntu 20.04 LTS openldap-2.4.49
-ubuntu 22.04 LTS openldap-2.5.11
まずは簡単に CetnOS5 のopenLDAPでサービスを作ってみる.
#code(nonumber){{
[root@centos5 ~]# cat /etc/redhat-release
CentOS release 5.11 (Final)
[root@centos5 ~]# yum install openldap-servers openldap-c...
[root@centos5 ~]# /usr/sbin/slapd -VV
@(#) $OpenLDAP: slapd 2.3.43 (Sep 29 2015 06:22:05) $
mockbuild@builder17.centos.org:/builddir/build/BU...
[root@centos5 ~]#
}}
sambaスキーマも載せたいのでスキーマ格納場所にコピーします...
#code(nonumber){{
[root@centos5 ~]# cp /usr/share/doc/samba-3.0.33/LDAP/sam...
[root@centos5 ~]# vi /etc/openldap/slapd.conf
[root@centos5 ~]# grep -v -e '^\s*#' -e '^\s*$' /etc/open...
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap
database hdb
suffix "dc=sybyl,dc=lab"
rootdn "cn=manager,dc=sybyl,dc=lab"
rootpw secret
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
access to attrs=userPassword,shadowLastChange,sambaNTPass...
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by self write
by * read
[root@centos5 ~]#
}}
データベース(hdb:Hierarchical variant of bdb backend)向け...
#code(nonumber){{
[root@centos5 ~]# cp /etc/openldap/DB_CONFIG.example /var...
[root@centos5 ~]# chown -R ldap. /var/lib/ldap/
[root@centos5 ~]# chmod 700 /var/lib/ldap/
[root@centos5 ~]# service ldap start
Starting slapd: ...
[root@centos5 ~]#
[root@centos5 ~]# ps -ef |grep ldap
ldap 3580 1 0 05:06 ? 00:00:00 /usr/sbin...
root 3585 3342 0 05:06 pts/0 00:00:00 grep ldap
[root@centos5 ~]#
}}
コンテンツやsmbを載せて「LDAP Admin」から見ると下記のよう...
&ref(2022y11m22d_100037694.png,nolink);
この状態での設定関係のフォルダは下記のようになってます
#code(nonumber){{
[root@centos5 ~]# ls -l /etc/openldap/
total 40
drwxr-xr-x 2 root root 4096 Sep 29 2015 cacerts
-rw-r----- 1 root ldap 921 Sep 29 2015 DB_CONFIG.example
-rw-r--r-- 1 root root 327 Nov 21 23:22 ldap.conf
drwxr-xr-x 3 root root 4096 Nov 23 01:03 schema
-rw-r----- 1 root ldap 4095 Nov 23 01:09 slapd.conf
[root@centos5 ~]#
}}
っで、本題. 次にupgradeのために データを書き出します. [[L...
#code(nonumber){{
[root@centos5 ~]# slapcat -b dc=sybyl,dc=lab > main.ldif
}}
ですが、一方で「cn=config」のデータは「&color(orangered){...
#code(nonumber){{
[root@centos5 ~]# slapcat -b cn=config
slapcat: could not open database.
[root@centos5 ~]#
}}
なのでupgradeサイトには
-「&color(darkorange){main.ldif};」
-「&color(magenta){slapd.conf};」
を持参します.
***upgrade先 [#ube64e9b]
新規にLDAPサービスを稼働させるマシンは「RockyLinux8(ホス...
その前にデータをupgrade先にコピーします
#code(nonumber){{
[root@centos5 ~]# scp main.ldif root@ldap-server:main.ldif
[root@centos5 ~]# scp /etc/openldap/slapd.conf root@ldap-...
}}
下拵えを行います. 移植なので既存のLDAP関係のカケラを消し...
#code(nonumber){{
[root@ldap-server ~]# cat /etc/redhat-release
Rocky Linux release 8.5 (Green Obsidian)
[root@ldap-server ~]# dnf --enablerepo=powertools install...
[root@ldap-server ~]# rm -rf /etc/openldap/slapd.d/*
[root@ldap-server ~]# rm -rf /var/lib/ldap/*
[root@ldap-server ~]# grep -v -e '^\s*#' -e '^\s*$' ./sla...
[root@ldap-server ~]# rm -rf ./slapd.conf
}}
持ってきた「&color(magenta){slapd.conf};」は不要な行を削...
まずは「/var/lib/ldap/」に置かれるmdb関係を捌きます. オリ...
&size(10){「bdb」を「mdb」に変更. 末尾に「database monito...
#code(nonumber){{
[root@ldap-server ~]# cp ./slapd.conf.orig ./slapd.conf
[root@ldap-server ~]# vi ./slapd.conf
[root@ldap-server ~]# diff -y ./slapd.conf.orig ./sl...
include /etc/openldap/schema/core.schema ...
include /etc/openldap/schema/cosine.schema ...
include /etc/openldap/schema/inetorgperson.schema...
include /etc/openldap/schema/nis.schema ...
include /etc/openldap/schema/samba.schema ...
pidfile /var/run/openldap/slapd.pid ...
argsfile /var/run/openldap/slapd.args ...
modulepath /usr/lib64/openldap ...
database bdb ...
suffix "dc=sybyl,dc=lab" ...
rootdn "cn=manager,dc=sybyl,dc=lab" ...
rootpw secret ...
directory /var/lib/ldap ...
index objectClass eq,pres ...
index ou,cn,mail,surname,givenname eq,pres,sub ...
index uidNumber,gidNumber,loginShell eq,pres ...
index uid,memberUid eq,pres,sub ...
index nisMapName,nisMapEntry eq,pres,sub ...
access to attrs=userPassword,shadowLastChange,sambaNTPass...
by self write ...
by anonymous auth ...
by * none ...
access to dn.base="" by * read ...
access to * ...
by self write ...
by * read ...
...
[root@ldap-server ~]#
[root@ldap-server ~]# cp -a /usr/share/openldap-servers/D...
[root@ldap-server ~]# echo "" | slapadd -f ./slapd.conf
(確認)
[root@ldap-server ~]# ls -l /var/lib/ldap/
total 20
-rw-------. 1 root root 12288 Nov 22 08:24 data.mdb
-rw-r--r--. 1 root root 845 Oct 11 2021 DB_CONFIG
-rw-------. 1 root root 8192 Nov 22 08:24 lock.mdb
[root@ldap-server ~]#
}}
以上でmdbの作成は完了. ここにコンテンツが入るのかな.
次に「&color(orangered){slapd.d};」の構築. いわゆる「cn=c...
&size(10){「&color(magenta){slapd.conf};」の行頭に「datab...
#code(nonumber){{
[root@ldap-server ~]# cp ./slapd.conf.orig ./slapd.conf
[root@ldap-server ~]# vi ./slapd.conf
[root@ldap-server ~]# diff -y ./slapd.conf.orig ./sl...
...
include /etc/openldap/schema/core.schema ...
include /etc/openldap/schema/cosine.schema ...
include /etc/openldap/schema/inetorgperson.schema...
include /etc/openldap/schema/nis.schema ...
include /etc/openldap/schema/samba.schema ...
pidfile /var/run/openldap/slapd.pid ...
argsfile /var/run/openldap/slapd.args ...
modulepath /usr/lib64/openldap ...
database bdb ...
suffix "dc=sybyl,dc=lab" ...
rootdn "cn=manager,dc=sybyl,dc=lab" ...
rootpw secret ...
directory /var/lib/ldap ...
index objectClass eq,pres ...
index ou,cn,mail,surname,givenname eq,pres,sub ...
index uidNumber,gidNumber,loginShell eq,pres ...
index uid,memberUid eq,pres,sub ...
index nisMapName,nisMapEntry eq,pres,sub ...
access to attrs=userPassword,shadowLastChange,sambaNTPass...
by self write ...
by anonymous auth ...
by * none ...
access to dn.base="" by * read ...
access to * ...
by self write ...
by * read ...
...
...
[root@ldap-server ~]#
[root@ldap-server ~]# slaptest -f ./slapd.conf -F /etc/op...
config file testing succeeded
[root@ldap-server ~]#
(確認)
[root@ldap-server ~]# ls -l /etc/openldap/slapd.d/
total 4
drwxr-x---. 3 root root 182 Nov 22 11:57 'cn=config'
-rw-------. 1 root root 1107 Nov 22 11:57 'cn=config.ldif'
[root@ldap-server ~]# ls -l /etc/openldap/slapd.d/cn\=con...
total 64
drwxr-x---. 2 root root 132 Nov 22 11:57 'cn=schema'
-rw-------. 1 root root 46206 Nov 22 11:57 'cn=schema.ldif'
-rw-------. 1 root root 605 Nov 22 11:57 'olcDatabase={...
-rw-------. 1 root root 596 Nov 22 11:57 'olcDatabase={...
-rw-------. 1 root root 536 Nov 22 11:57 'olcDatabase={...
-rw-------. 1 root root 1436 Nov 22 11:57 'olcDatabase={...
[root@ldap-server ~]#
}}
これで準備が完了したので、LDAPサービスを開始します
#code(nonumber){{
[root@ldap-server ~]# chown -R ldap. /etc/openldap/slapd.d
[root@ldap-server ~]# chown -R ldap. /var/lib/ldap
[root@ldap-server ~]# systemctl start slapd
[root@ldap-server ~]# ldapsearch -x -D cn=config -w secre...
[root@ldap-server ~]# ldapsearch -x -LLL -w secret -D cn=...
dn: cn=config
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}inetorgperson,cn=schema,cn=config
dn: cn={3}nis,cn=schema,cn=config
dn: cn={4}samba,cn=schema,cn=config
dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config
dn: olcDatabase={1}monitor,cn=config
dn: olcDatabase={2}mdb,cn=config
[root@ldap-server ~]#
}}
最後にコンテンツ「&color(darkorange){main.ldif};」を戻し...
#code(nonumber){{
[root@ldap-server ~]# systemctl stop slapd
[root@ldap-server ~]# cat ./main.ldif | slapadd -F /etc/o...
[root@ldap-server ~]# systemctl start slapd
}}
再度「LDAP Admin」で確認します. 運営ノードが「centos5」か...
&ref(2022y11m23d_020343776.png,nolink);
終了行:
CentOS5のOpenLDAP 2.3からRockyLinux8のOpenLDAP 2.4にLDAP...
でも2.4でも「slapd.conf」でLDAPを作れるのだが、2.6が目に...
-RHEL8系 RockyLinux8 openldap-2.4.46
-RHEL9系 RockyLinux9 openldap-2.6.2
-ubuntu 18.04 LTS openldap-2.4.45
-ubuntu 20.04 LTS openldap-2.4.49
-ubuntu 22.04 LTS openldap-2.5.11
まずは簡単に CetnOS5 のopenLDAPでサービスを作ってみる.
#code(nonumber){{
[root@centos5 ~]# cat /etc/redhat-release
CentOS release 5.11 (Final)
[root@centos5 ~]# yum install openldap-servers openldap-c...
[root@centos5 ~]# /usr/sbin/slapd -VV
@(#) $OpenLDAP: slapd 2.3.43 (Sep 29 2015 06:22:05) $
mockbuild@builder17.centos.org:/builddir/build/BU...
[root@centos5 ~]#
}}
sambaスキーマも載せたいのでスキーマ格納場所にコピーします...
#code(nonumber){{
[root@centos5 ~]# cp /usr/share/doc/samba-3.0.33/LDAP/sam...
[root@centos5 ~]# vi /etc/openldap/slapd.conf
[root@centos5 ~]# grep -v -e '^\s*#' -e '^\s*$' /etc/open...
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap
database hdb
suffix "dc=sybyl,dc=lab"
rootdn "cn=manager,dc=sybyl,dc=lab"
rootpw secret
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
access to attrs=userPassword,shadowLastChange,sambaNTPass...
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by self write
by * read
[root@centos5 ~]#
}}
データベース(hdb:Hierarchical variant of bdb backend)向け...
#code(nonumber){{
[root@centos5 ~]# cp /etc/openldap/DB_CONFIG.example /var...
[root@centos5 ~]# chown -R ldap. /var/lib/ldap/
[root@centos5 ~]# chmod 700 /var/lib/ldap/
[root@centos5 ~]# service ldap start
Starting slapd: ...
[root@centos5 ~]#
[root@centos5 ~]# ps -ef |grep ldap
ldap 3580 1 0 05:06 ? 00:00:00 /usr/sbin...
root 3585 3342 0 05:06 pts/0 00:00:00 grep ldap
[root@centos5 ~]#
}}
コンテンツやsmbを載せて「LDAP Admin」から見ると下記のよう...
&ref(2022y11m22d_100037694.png,nolink);
この状態での設定関係のフォルダは下記のようになってます
#code(nonumber){{
[root@centos5 ~]# ls -l /etc/openldap/
total 40
drwxr-xr-x 2 root root 4096 Sep 29 2015 cacerts
-rw-r----- 1 root ldap 921 Sep 29 2015 DB_CONFIG.example
-rw-r--r-- 1 root root 327 Nov 21 23:22 ldap.conf
drwxr-xr-x 3 root root 4096 Nov 23 01:03 schema
-rw-r----- 1 root ldap 4095 Nov 23 01:09 slapd.conf
[root@centos5 ~]#
}}
っで、本題. 次にupgradeのために データを書き出します. [[L...
#code(nonumber){{
[root@centos5 ~]# slapcat -b dc=sybyl,dc=lab > main.ldif
}}
ですが、一方で「cn=config」のデータは「&color(orangered){...
#code(nonumber){{
[root@centos5 ~]# slapcat -b cn=config
slapcat: could not open database.
[root@centos5 ~]#
}}
なのでupgradeサイトには
-「&color(darkorange){main.ldif};」
-「&color(magenta){slapd.conf};」
を持参します.
***upgrade先 [#ube64e9b]
新規にLDAPサービスを稼働させるマシンは「RockyLinux8(ホス...
その前にデータをupgrade先にコピーします
#code(nonumber){{
[root@centos5 ~]# scp main.ldif root@ldap-server:main.ldif
[root@centos5 ~]# scp /etc/openldap/slapd.conf root@ldap-...
}}
下拵えを行います. 移植なので既存のLDAP関係のカケラを消し...
#code(nonumber){{
[root@ldap-server ~]# cat /etc/redhat-release
Rocky Linux release 8.5 (Green Obsidian)
[root@ldap-server ~]# dnf --enablerepo=powertools install...
[root@ldap-server ~]# rm -rf /etc/openldap/slapd.d/*
[root@ldap-server ~]# rm -rf /var/lib/ldap/*
[root@ldap-server ~]# grep -v -e '^\s*#' -e '^\s*$' ./sla...
[root@ldap-server ~]# rm -rf ./slapd.conf
}}
持ってきた「&color(magenta){slapd.conf};」は不要な行を削...
まずは「/var/lib/ldap/」に置かれるmdb関係を捌きます. オリ...
&size(10){「bdb」を「mdb」に変更. 末尾に「database monito...
#code(nonumber){{
[root@ldap-server ~]# cp ./slapd.conf.orig ./slapd.conf
[root@ldap-server ~]# vi ./slapd.conf
[root@ldap-server ~]# diff -y ./slapd.conf.orig ./sl...
include /etc/openldap/schema/core.schema ...
include /etc/openldap/schema/cosine.schema ...
include /etc/openldap/schema/inetorgperson.schema...
include /etc/openldap/schema/nis.schema ...
include /etc/openldap/schema/samba.schema ...
pidfile /var/run/openldap/slapd.pid ...
argsfile /var/run/openldap/slapd.args ...
modulepath /usr/lib64/openldap ...
database bdb ...
suffix "dc=sybyl,dc=lab" ...
rootdn "cn=manager,dc=sybyl,dc=lab" ...
rootpw secret ...
directory /var/lib/ldap ...
index objectClass eq,pres ...
index ou,cn,mail,surname,givenname eq,pres,sub ...
index uidNumber,gidNumber,loginShell eq,pres ...
index uid,memberUid eq,pres,sub ...
index nisMapName,nisMapEntry eq,pres,sub ...
access to attrs=userPassword,shadowLastChange,sambaNTPass...
by self write ...
by anonymous auth ...
by * none ...
access to dn.base="" by * read ...
access to * ...
by self write ...
by * read ...
...
[root@ldap-server ~]#
[root@ldap-server ~]# cp -a /usr/share/openldap-servers/D...
[root@ldap-server ~]# echo "" | slapadd -f ./slapd.conf
(確認)
[root@ldap-server ~]# ls -l /var/lib/ldap/
total 20
-rw-------. 1 root root 12288 Nov 22 08:24 data.mdb
-rw-r--r--. 1 root root 845 Oct 11 2021 DB_CONFIG
-rw-------. 1 root root 8192 Nov 22 08:24 lock.mdb
[root@ldap-server ~]#
}}
以上でmdbの作成は完了. ここにコンテンツが入るのかな.
次に「&color(orangered){slapd.d};」の構築. いわゆる「cn=c...
&size(10){「&color(magenta){slapd.conf};」の行頭に「datab...
#code(nonumber){{
[root@ldap-server ~]# cp ./slapd.conf.orig ./slapd.conf
[root@ldap-server ~]# vi ./slapd.conf
[root@ldap-server ~]# diff -y ./slapd.conf.orig ./sl...
...
include /etc/openldap/schema/core.schema ...
include /etc/openldap/schema/cosine.schema ...
include /etc/openldap/schema/inetorgperson.schema...
include /etc/openldap/schema/nis.schema ...
include /etc/openldap/schema/samba.schema ...
pidfile /var/run/openldap/slapd.pid ...
argsfile /var/run/openldap/slapd.args ...
modulepath /usr/lib64/openldap ...
database bdb ...
suffix "dc=sybyl,dc=lab" ...
rootdn "cn=manager,dc=sybyl,dc=lab" ...
rootpw secret ...
directory /var/lib/ldap ...
index objectClass eq,pres ...
index ou,cn,mail,surname,givenname eq,pres,sub ...
index uidNumber,gidNumber,loginShell eq,pres ...
index uid,memberUid eq,pres,sub ...
index nisMapName,nisMapEntry eq,pres,sub ...
access to attrs=userPassword,shadowLastChange,sambaNTPass...
by self write ...
by anonymous auth ...
by * none ...
access to dn.base="" by * read ...
access to * ...
by self write ...
by * read ...
...
...
[root@ldap-server ~]#
[root@ldap-server ~]# slaptest -f ./slapd.conf -F /etc/op...
config file testing succeeded
[root@ldap-server ~]#
(確認)
[root@ldap-server ~]# ls -l /etc/openldap/slapd.d/
total 4
drwxr-x---. 3 root root 182 Nov 22 11:57 'cn=config'
-rw-------. 1 root root 1107 Nov 22 11:57 'cn=config.ldif'
[root@ldap-server ~]# ls -l /etc/openldap/slapd.d/cn\=con...
total 64
drwxr-x---. 2 root root 132 Nov 22 11:57 'cn=schema'
-rw-------. 1 root root 46206 Nov 22 11:57 'cn=schema.ldif'
-rw-------. 1 root root 605 Nov 22 11:57 'olcDatabase={...
-rw-------. 1 root root 596 Nov 22 11:57 'olcDatabase={...
-rw-------. 1 root root 536 Nov 22 11:57 'olcDatabase={...
-rw-------. 1 root root 1436 Nov 22 11:57 'olcDatabase={...
[root@ldap-server ~]#
}}
これで準備が完了したので、LDAPサービスを開始します
#code(nonumber){{
[root@ldap-server ~]# chown -R ldap. /etc/openldap/slapd.d
[root@ldap-server ~]# chown -R ldap. /var/lib/ldap
[root@ldap-server ~]# systemctl start slapd
[root@ldap-server ~]# ldapsearch -x -D cn=config -w secre...
[root@ldap-server ~]# ldapsearch -x -LLL -w secret -D cn=...
dn: cn=config
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}inetorgperson,cn=schema,cn=config
dn: cn={3}nis,cn=schema,cn=config
dn: cn={4}samba,cn=schema,cn=config
dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config
dn: olcDatabase={1}monitor,cn=config
dn: olcDatabase={2}mdb,cn=config
[root@ldap-server ~]#
}}
最後にコンテンツ「&color(darkorange){main.ldif};」を戻し...
#code(nonumber){{
[root@ldap-server ~]# systemctl stop slapd
[root@ldap-server ~]# cat ./main.ldif | slapadd -F /etc/o...
[root@ldap-server ~]# systemctl start slapd
}}
再度「LDAP Admin」で確認します. 運営ノードが「centos5」か...
&ref(2022y11m23d_020343776.png,nolink);
ページ名:
1
![[PukiWiki]](image/picc.png "[PukiWiki]")
