Slave Sister Sister Slave Sister
Gcheap Slavesister Slave Slave Sister Bg Slave Sister
Gcheap Slavesister Slave Slave Sister Bg Slave Sister
| Gcheap ¡ Slavesister p Gcheap n Slave D Slavesister P Gcheap XsearchŒ Slavesister [searchuƒ Slave searchƒsearch Slave ’ Sister |
searchpsearche Gcheap nsearchr36
search Gcheap lsearchv Sister search
ttehlike80%40windowslive.comrsearchi Slave e Gcheap rsearchhsearche Slave e Gcheap rsearchh Gcheap Slavesister l Slave vsearch Slavesister n22DsearchP Sister Í Sister {searchƒ Slavesister ƒ Gcheap Slave \search¬ Sister µ
©
s‚ Slave ‚ Slave ‚¹ Gcheap ñ
B
ƒ}ƒXƒ^[ƒT[ƒoˆê‘ä(ƒf[ƒ^XV‰Â”\)
ƒXƒŒ[ƒuƒT[ƒo•¡”‘ä(ƒf[ƒ^XV•s‰Â”\)
‚Æ‚¢‚¤\¬‚Å‚·B
¦ƒ}ƒ‹ƒ`ƒ}ƒXƒ^[\¬‚̓\[ƒX‚ð‘‚«Š·‚¦‚½‚à‚Ì‚ª¢‚Ì’†‚É
@‘¶Ý‚·‚é‚悤‚Å‚·B(NTTƒRƒ€ŠJ”)
@«—ˆ“I‚ɂ̓}ƒ‹ƒ`ƒ}ƒXƒ^[\¬‚ª•W€‚Å‚Å‚«‚é‚悤‚É‚È‚é‚ÆŽv‚í‚ê‚Ü‚·B
[‘O’ñ]
ƒ}ƒXƒ^[‚ÌslapdƒT[ƒo‚ª³í‚ɉғ®‚µ‚Ä‚¢‚邱‚ÆB
[€”õ]
œƒ}ƒXƒ^[ƒT[ƒo
EreplicaƒfƒBƒŒƒNƒeƒBƒu‚ð’Ç‹L
EreplogfileƒfƒBƒŒƒNƒgƒŠ‚ð’Ç‹L
# vi /etc/openldap/slapd.conf
############# FOR REPLICATION#########
replica uri=ldap://10.208.36.166
binddn="cn=replicator,dc=testdom,dc=jp"
bindmethod=simle credentials=secret
replogfile /var/log/replog.log |
‚ð’Ç‹L
# touch /var/log/replog.log
# touch /var/log/replog.log.lock
# chown ldap:ldap /var/log/replog*
œƒXƒŒ[ƒuƒT[ƒo
ƒXƒŒ[ƒuƒT[ƒo‚Æ‚È‚éƒT[ƒo‚Éopenldap‚ðƒCƒ“ƒXƒg[ƒ‹‚µ‚Ü‚·B
ƒCƒ“ƒXƒg[ƒ‹•û–@‚Í‚±‚¿‚ç‚àŽQl‚É
‚Ü‚¸ƒ}ƒXƒ^[‘¤‚Ìslapd.conf‚ðŽ‚Á‚Ä‚«‚Ü‚·B
‚»‚¿‚ç‚ð•ÒW‚µ‚Ä‚¢‚•û‚ª“¯‚¶ƒT[ƒo‚ðì‚èã‚°‚é‚̂ɳŠm‚È‚½‚ß‚Å‚·B
Ž‚Á‚Ä‚«‚½ƒ}ƒXƒ^[‘¤‚Ìslapd.conf‚Ì’†‚É‚ ‚é
EreplicaƒfƒBƒŒƒNƒeƒBƒu‚ÆreplogfileƒfƒBƒŒƒNƒeƒBƒu‚ðíœ
EupdatednƒfƒBƒŒƒNƒeƒBƒu‚ð’Ç‹L
Eupdatedn‚ÅŽw’肵‚½DN‚ª‘‚«ž‚ÝŒ‚ðŽ‚‚悤‚É‚·‚é
EupdaterefƒfƒBƒŒƒNƒeƒBƒu‚ð’Ç‹L
ã‹L‚ðs‚Á‚½‚çƒ}ƒXƒ^[ƒT[ƒo‚ð’âŽ~‚µ‚Ü‚·B
# cp /usr/local/etc/openldap/slapd.conf /usr/local/etc/openldap/slapd.conf.bak
# scp root@masterhost:/etc/openldap/slapd.conf /usr/local/etc/openldap
root@masterhost ‚̃pƒXƒ[ƒh:
slapd.conf 100% |***************************************| 3514 00:00
¦‚±‚±‚Íftp‚ÅŽ‚Á‚Ä‚«‚Ä‚à‚Ç‚ñ‚ÈŽè’i‚Å‚à‚¢‚¢‚Ì‚Å
@ƒ}ƒXƒ^[‘¤‚Ìslapd‚ðŽ‚Á‚Ä‚«‚Ü‚µ‚傤B
# vi /usr/local/etc/openldap/slapd.conf
rootdn "cn=replicator,dc=testdom,dc=jp"
rootpw secret
updatedn cn=replicator,dc=testdom,dc=jp
updateref ldap://10.208.36.166 |
ƒ}ƒXƒ^[ƒT[ƒo‚Ìslapd.conf‚Ƃ̈Ⴂ‚Í
ã‹L‚Ìà–¾‚µ‚½‚Æ‚¨‚èB
ÅŒã‚Ƀ}ƒXƒ^[&ƒXƒŒ[ƒu‚Ìslapd.conf‚ð‚‚¯‚Ä‚¨‚‚Ì‚ÅŽQÆB
œƒf[ƒ^‚̃Rƒs[
‚È‚º‚±‚Ìì‹Æ‚ª•K—v‚©‚Æ‚¢‚¤‚Æ
EƒXƒŒ[ƒu‚Ƀ}ƒXƒ^[‚Æ“¯‚¶ƒf[ƒ^ƒx[ƒX‚ðŽ‚½‚¹‚é
Eƒ}ƒXƒ^[&ƒXƒŒ[ƒu‚Å‹N“®‚·‚é
Eƒ}ƒXƒ^[‚̃f[ƒ^XV‚·‚é
Eƒ}ƒXƒ^[‚©‚çƒXƒŒ[ƒu‚̃f[ƒ^‚ðXV‚µ‚É‚¢‚
‚Æ‚¢‚¤‚Ì‚ªƒ}ƒXƒ^[ƒXƒŒ[ƒu‚ÌŽd‘g‚Ý‚È‚Ì‚Å
ƒXƒŒ[ƒu‘¤‚Ƀ}ƒXƒ^[‚Æ“¯‚¶ƒf[ƒ^‚ª•K—v‚Æ‚¢‚¤‚±‚Æ‚É‚È‚è‚Ü‚·B
‚È‚Ì‚Å‚Ç‚ñ‚ÈŽè’i‚Å‚à‚¢‚¢‚Ì‚Å
ƒ}ƒXƒ^[‚ª’âŽ~‚µ‚½Žž“_‚̃f[ƒ^‚ðŽæ“¾‚µƒXƒŒ[ƒu‘¤‚É“¯‚¶ƒf[ƒ^ƒx[ƒX‚ð\’z‚Å‚«‚ê‚΂悢B
‚Æ‚¢‚¤‚±‚Æ‚Å‚·B
ŽÀÛ‚Ìì‹Æ‚Í
Eƒ}ƒXƒ^[ƒT[ƒoã‚Å
# service ldap stop
or
# /etc/init.d/ldap stop
ƒ}ƒXƒ^[ƒT[ƒo‚ð’âŽ~‚µ‚½‚ç‚·‚ׂẴf[ƒ^ƒx[ƒX‚ðƒXƒŒ[ƒu‚ɃRƒs[
EƒXƒŒ[ƒuƒT[ƒoã‚Å
3’Ê‚è‚قǃf[ƒ^ƒRƒs[‚Ì—á‚Æ‚µ‚Ä‚ ‚°‚Ä‚¨‚«‚Ü‚·B
# ftp master-server
ftp> cd /var/lib/ldap
ftp> bin
ftp> mget *
‚Å‚·‚ׂĎ‚Á‚Ä‚‚é |
‚à‚µ‚‚Í
slapcat‚Å‚·‚ׂẴf[ƒ^ƒx[ƒX‚ðldif‚É‘‚«o‚µ‚Ä
slapadd‚łЂƂ܂¸’ljÁ‚µ‚Ä‚µ‚Ü‚¤B |
‚à‚µ‚‚Í
slapcat‚Ŏ擾‚µ‚½‚·‚ׂẴf[ƒ^ƒx[ƒX‚Ìldifƒtƒ@ƒCƒ‹‚ð
ldapadd‚ÉH‚킹‚éB |
‚à‚µ‚‚Í
E‚ЂƂ܂¸ƒXƒŒ[ƒuƒT[ƒo‚Ìslapd.conf‚©‚ç
@updatedn‚âupdateref‚ðƒRƒƒ“ƒgƒAƒEƒg‚µ
@ƒ}ƒXƒ^[ƒT[ƒo‚Æ‚µ‚Ä‹N“®‚·‚éB
Eƒ}ƒXƒ^[‚Ìslapcat‚Ŏ擾‚µ‚½ldifƒtƒ@ƒCƒ‹‚ð
@ldapadd -x -D "cn=replicator,dc=testdom,dc=jp" -w secret -f ${}
@‚Æ‚µ‚Ä‚¢‚‚à‚Ç‚¨‚è“o˜^B
EƒXƒŒ[ƒuƒT[ƒo‚ð’âŽ~ |
‚È‚Ç‚ªl‚¦‚ç‚ê‚éBŽ©—R‚Ƀf[ƒ^ƒRƒs[‚Íl‚¦‚Ä‚æ‚¢B
œƒ}ƒXƒ^[ƒT[ƒo‚ƃXƒŒ[ƒuƒT[ƒo‚ð‹N“®
ERHEL‘¤
# service ldap start
‚Æ‚·‚é‚Æslapd.conf‚Éreplica‚ÌÝ’è‚ð‚µ‚Ä‚¢‚é‚Æ
slurpd‚àŽ©“®‚Å‹N“®‚µ‚Ä‚‚ê‚Ü‚·B
# ps aux|grep slapd
# ps aux|grep slurpd
ƒvƒƒZƒX‚ª‹N“®‚µ‚Ä‚¢‚é‚©‚Ç‚¤‚©Šm”F‚µ‚Ä‚¨‚«‚«‚Ü‚·B
Esolaris‘¤
# /usr/local/libexec/slapd -f /usr/local/etc/openldap/slapd.conf
# ps -ef|grep slapd
¡ŽÀÛ‚ÌÝ’èƒtƒ@ƒCƒ‹
===>ƒ}ƒXƒ^[ƒT[ƒo‘¤‚Ìslapd.conf<===
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
access to *
by self write
by users read
by anonymous auth
database bdb
suffix "dc=testdom,dc=jp"
rootdn "cn=Manager,dc=testdom,dc=jp"
rootpw secret
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
replica host=slave_server
binddn="cn=replicator,dc=testdom,dc=jp"
bindmethod=simple
credentials=secret
replogfile /var/log/replog.log
|
===>ƒXƒŒ[ƒuƒT[ƒo‘¤‚Ìslapd.conf<===
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
allow bind_v2
loglevel 256
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
access to *
by self write
by users read
by anonymous auth
database bdb
suffix "dc=testdom,dc=jp"
rootdn "cn=replicator,dc=testdom,dc=jp"
rootpw secret
directory /usr/local/var/openldap-data
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
updatedn cn=replicator,dc=testdom,dc=jp
updateref ldap://master_server |
¡‰ñ‚Í
RHEL‚Í•t‘®‚Ìopenldap‚ðŽg—pB
soalris‚̓\[ƒX‚©‚çƒRƒ“ƒpƒCƒ‹‚µ‚½openldap‚ðŽg—pB
‚æ‚Á‚ăfƒBƒŒƒNƒgƒŠ‚̈ʒu‚È‚Çslapd.conf‚ª‘½ŠÂ‹«‚ªˆÙ‚È‚Á‚Ä‚¢‚½‚肵‚Ü‚·B
œƒ}ƒXƒ^[ƒT[ƒo‘¤‚Ńf[ƒ^XV
Œ»ó‚Ì\¬‚Æ‚µ‚Ä‚Í
dc=testdom,dc=jp
@|
@|--cn=Manager,dc=testdom,dc=jp
@|
@|--ou=people,dc=testdom,dc=jp
@| @@@@|
@| @@@@|--uid=test,ou=testdom,dc=jp
@|--ou=gorup,dc=testdom,dc=jp
‚Æ‚È‚Á‚Ä‚¢‚é‚à‚Ì‚Æ‚µ‚Ü‚·B
‚»‚¤‚¢‚¤’†‚Ådn: uid=test,dc=testdom,dc=jp
‚Ì’†‚Écn‘®«‚ª‚ ‚é‚Ì‚Å‚»‚¿‚ç‚ð
<•ÏX‘O>
cn: test
<•ÏXŒã>
cn: test2
‚É•ÏX‚µ‚Ä‚Ý‚Ü‚·B
‚»‚Ìۂ̃ƒO‚È‚Ç‚ðŠm”F‚µ‚Ü‚·B
<ŽÀÛ‚Ì•ÏX‘Oldif>
###test user
dn: uid=test,ou=people,dc=testdom,dc=jp
uid: test
cn: test
objectclass: posixAccount
objectclass: account
userPassword:{}CY9rzUYh03PK3k6DJie09g==
loginshell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /var/tmp
gecos: test
description: "Test User" |
<ŽÀÛ‚Ì•ÏXŒãldif>
###test user
dn: uid=test,ou=people,dc=testdom,dc=jp
uid: test
cn: test2
objectclass: posixAccount
objectclass: account
userPassword:{}CY9rzUYh03PK3k6DJie09g==
loginshell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /var/tmp
gecos: test
description: "Test User" |
# ldapmodify -x -h masterhost -D "cn=manager,dc=testdom,dc=jp"
-w secret -f /home/share/test.ldif
modifying entry "uid=test,ou=people,dc=testdom,dc=jp"
|
===>ƒXƒŒ[ƒu‘¤‚Ìslapd‚̃ƒO<===
Apr 15 16:00:59 solaris10 slapd[13659]: [ID 249368 local4.debug] conn=2 op=4 MOD dn="uid=test,ou=people,dc=testdom,dc=jp"
Apr 15 16:00:59 solaris10 slapd[13659]: [ID 396994 local4.debug] conn=2 op=4 MOD attr=uid cn objectClass userPassword loginShell uidNumber gidNumber homeDirectory gecos description entryCSN modifiersName modifyTimestamp
Apr 15 16:00:59 solaris10 slapd[13659]: [ID 588225 local4.debug] conn=2 op=4 RESULT tag=103 err=0 text= |
===>ƒ}ƒXƒ^[‘¤‚Ìslapd‚̃ƒO<===
Apr 18 12:37:25 as4 slapd[6727]: conn=1 fd=14 ACCEPT from IP=127.0.0.1:32825 (IP=0.0.0.0:389)
Apr 18 12:37:25 as4 slapd[6727]: conn=1 op=0 BIND dn="cn=manager,dc=testdom,dc=jp" method=128
Apr 18 12:37:25 as4 slapd[6727]: conn=1 op=0 BIND dn="cn=Manager,dc=testdom,dc=jp" mech=SIMPLE ssf=0
Apr 18 12:37:25 as4 slapd[6727]: conn=1 op=0 RESULT tag=97 err=0 text=
Apr 18 12:37:25 as4 slapd[6727]: conn=1 op=1 MOD dn="uid=test,ou=people,dc=testdom,dc=jp"
Apr 18 12:37:25 as4 slapd[6727]: conn=1 op=1 MOD attr=uid cn objectclass userPassword loginshell uidNumber gidNumber homeDirectory gecos description
Apr 18 12:37:25 as4 slapd[6727]: conn=1 op=1 RESULT tag=103 err=0 text=
Apr 18 12:37:27 as4 slapd[6727]: conn=1 op=2 UNBIND
Apr 18 12:37:27 as4 slapd[6727]: conn=1 fd=14 closed |
===>replica/slurp.log<===
replica: 10.208.36.175
time: 1145331445
dn: uid=test,ou=people,dc=testdom,dc=jp
changetype: modify
replace: uid
uid: test
-
replace: cn
cn: test2
-
replace: objectClass
objectClass: posixAccount
objectClass: account
-
replace: userPassword
userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0=
-
replace: loginShell
loginShell: /bin/bash
-
replace: uidNumber
uidNumber: 10000
-
replace: gidNumber
gidNumber: 10000
-
replace: homeDirectory
homeDirectory: /var/tmp
-
replace: gecos
gecos: test
-
replace: description
description: "Test User"
-
replace: entryCSN
entryCSN: 20060418033725Z#000001#00#000000
-
replace: modifiersName
modifiersName: cn=Manager,dc=testdom,dc=jp
-
replace: modifyTimestamp
modifyTimestamp: 20060418033725Z |
===>XVŽž‚Ìport389‚̃pƒPƒbƒg<===
as4 -> solaris10 LDAP C port=32819 Modify Request Replace
solaris10 -> as4 LDAP R port=32819 Modify Response Success
as4 -> solaris10 LDAP C port=32819 |
ÚׂȃpƒPƒbƒgƒ_ƒ“ƒv‚ÍŽÀÛ‚ÉŽæ‚Á‚Ä‚Ý‚Ä‚‚¾‚³‚¢B
# ldapsearch -x -D "uid=tes,tou=people,dc=testdom,dc=jp" -h slavehost -b "ou=people,dc=testdom,dc=jp" uid=test -w test
¦ƒRƒ}ƒ“ƒh‚ª–Ê“|‚È‚çLDAP blowser‚È‚Ç‚ðŽg‚Á‚ÄŠm”F‚µ‚Ü‚µ‚傤B
‚ÅŽÀÛ‚Écn: test2‚É•ÏX‚³‚ê‚Ä‚¢‚邱‚Æ‚ðŠm”F‚µ‚Ü‚µ‚傤B
¡XV‚µ‚½ƒ^ƒCƒ~ƒ“ƒO‚ŃXƒŒ[ƒu‚ª‹N“®‚µ‚Ä‚¢‚È‚©‚Á‚½ê‡
ŽÀÛ‚ÉXV‚·‚éۂɃ}ƒXƒ^[‚Í‹N“®‚µ‚Ä‚¢‚邪ƒXƒŒ[ƒu‚ª‹N“®‚µ‚Ä‚¢‚È‚¢ê‡
‚È‚Ç‚àl‚¦‚ç‚ê‚Ü‚·‚ªAƒXƒŒ[ƒu‚ª•œŠˆ‚µ‚½Û‚Ƀ}ƒXƒ^[‚©‚çXV‚És‚«‚Ü‚·B
¡ƒXƒŒ[ƒuƒT[ƒo‚Ƀf[ƒ^XV‚ð‚µ‚És‚Á‚½ê‡
# ldapmodify -h 10.208.36.175 -x -D "uid=test,ou=people,dc=testdom,dc=jp" -w
test -f
/home/share/test.ldif
modifying entry
"uid=test,ou=people,dc=testdom,dc=jp"
ldap_modify: Referral (10)
referrals:
ldap://10.208.36.166/uid=test,ou=people,dc=testdom,dc=jp |
‚Æ‚È‚èXV‚ª‚Å‚«‚¸‚Éupdateref‚ÅŽw’肵‚½ldapƒT[ƒo‚ðŽQÆ‚·‚é‚悤ƒƒbƒZ[ƒW‚ªo‚Ü‚·B
‚½‚¾rootdn‚Åbind‚µ‚ăXƒŒ[ƒu‚̃f[ƒ^‚ðXV‚µ‚Ä‚µ‚Ü‚¤‚ÆXV‚ª‰Â”\‚Å‚·B
‚»‚¤‚µ‚Ä‚µ‚Ü‚¤‚ÆA¡“xƒ}ƒXƒ^[‚ƃf[ƒ^‚Ì®‡«‚ªŽæ‚ê‚È‚‚È‚è‚Ü‚·B
‚»‚µ‚ăXƒŒ[ƒu‚Å•ÏX‚µ‚½‰ÓŠ‚ÌXV‚ªƒ}ƒXƒ^[‚Ås‚í‚ꂽê‡
ƒ}ƒXƒ^[‚©‚ç‚Ìmodify‚ªƒXƒŒ[ƒu‚É”½‰f‚µ‚Ü‚¹‚ñB
‚æ‚Á‚Ä•s®‡‚Ì‚Ü‚Ü‚É‚È‚é‚Ì‚Årootdn‚Å‚ÌXV‚Í‹C‚ð‚‚¯‚Äs‚¢‚Ü‚µ‚傤B
aGcheap Slavesister Slave Slave Sister Bg Slave Sister s Single
oGcheap Slavesister Slave Slave Sister Bg Slave Sister c a Slave Sister j Slave Sister Slave Sister