389-ds [edit]

NSL [edit]

CentOS8 (1.4系) [edit]

Information [edit]

Install [edit]

# dnf install epel-release
# dnf update epel-release
# dnf module install 389-directory-server:stable/default

Setup [edit]

# dscreate interactive
Example [edit]
# dscreate interactive
Install Directory Server (interactive mode)
===========================================
selinux is disabled, will not relabel ports or files.
Selinux support will be disabled, continue? [yes]:
Enter system's hostname [altair]: ds.nsl.tuis.ac.jp
Enter the instance name [ds]: nsl
Enter port number [389]:
Create self-signed certificate database [yes]:
Enter secure port number [636]:
Enter Directory Manager DN [cn=Directory Manager]: cn=Manager 
Enter the Directory Manager password: ********
Confirm the Directory Manager Password: ********
Enter the database suffix (or enter "none" to skip) [dc=nsl,dc=tuis,dc=ac,dc=jp]:
Create sample entries in the suffix [no]: yes
Do you want to start the instance after the installation? [yes]:
Are you ready to install? [no]: yes
Starting installation...
Completed installation for nsl
firewall [edit]
# firewall-cmd --add-service=ldap --permanent
# firewall-cmd --add-service=ldaps --permanent
# firewall-cmd --reload
起動 [edit]

check [edit]

ex.) ldapsearch -x -H ldap://localhost -D cn=Manager -W -b dc=nsl,dc=tuis,dc=ac,dc=jp
ex.) ldapsearch -x -H ldaps://localhost -D cn=Manager -W -b dc=nsl,dc=tuis,dc=ac,dc=jp

Client [edit]

属性値の変更 [edit]

変更例 [edit]
# cat change.ldif
dn: cn=config
changetype: modify
replace: nsslapd-security
nsslapd-security: on
aci 内部属性の変更 [edit]
# cat userPass.ldif
dn: dc=nsl,dc=tuis,dc=ac,dc=jp
changetype: modify
add: aci
aci: (targetattr = "userPassword") (version 3.0; acl
 "modify own password"; allow (write) userdn = "ldap:///self";)
ldapサーバが相手の証明書をチェックしない [edit]

Replication [edit]

Cockpit を使った Replication (389-ds => 389-ds) [edit]
OpenLDAP => 389-ds [edit]

Trouble Shooting [edit]

エラー番号 [edit]
パスワードの変更に失敗しました。 サーバーのメッセージ: Insufficient access rights [edit]

old(1.3系) [edit]

Install [edit]

# dnf module enable 389-ds
# dnf install 389-ds-base
# dnf install 389-ds-base-legacy-tools

Setup [edit]

# setup-ds.pl 

Execute [edit]

# systemctl start dirsrv@[Directory server identifier]

ex.) systemctl start dirsrv@nsl
check [edit]

389 Windows Console [edit]

TLS [edit]

サーバ証明書 (p12ファイル) [edit]
# cd /etc/dirsrv
# mkdir certs
# cd certs
# mkdir private
# openssl genrsa 2048 > private/private.key
# openssl req -new -x509 -key private/private.key -out server.crt -days 3650
# openssl pkcs12 -export -inkey private/private.key -in server.crt -out server.p12 -nodes -name Server-Cert
   p12ファイルのパスワードを設定
389 へ配置 [edit]
# pk12util -i server.p12 -d /etc/dirsrv/slapd-nsl
   Internal (Software) Token のパスワードを設定
389のファイル設定 [edit]
firewall [edit]
# firewall-cmd --add-service=ldap --permanent
# firewall-cmd --add-service=ldaps --permanent
# firewall-cmd --reload
check [edit]
# systemctl restart dirsrv@nsl
# ldapsearch -x -H ldaps://localhost -D cn=Manager -W -b dc=nsl,dc=tuis,dc=ac,dc=jp

トップ   編集 凍結 差分 バックアップ 添付 複製 名前変更 リロード   新規 ページ一覧 検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2023-08-29 (火) 11:31:10