13: 2021-06-26 (土) 18:41:41 iseki |
14: 2021-06-27 (日) 21:59:15 iseki |
| # dnf update epel-release | | # dnf update epel-release |
| # dnf module install 389-directory-server:stable/default | | # dnf module install 389-directory-server:stable/default |
| + | |
| + | - openldap のクライアントも入れておいた方が便利 |
| #br | | #br |
| | | |
| -- NSSのデータベース用パスワードは /etc/dirsrv/slapd-[Directory server identifier]/pin.txt | | -- NSSのデータベース用パスワードは /etc/dirsrv/slapd-[Directory server identifier]/pin.txt |
| - Create just the top suffix entry [no]: yes | | - Create just the top suffix entry [no]: yes |
| + | - DataBase は ''/var/lib/dirsrv/slapd-[Directory server identifier] ''にできる. |
| - [[Cockpit]] からも接続可能 | | - [[Cockpit]] からも接続可能 |
| + | #br |
| + | |
| + | **** Example [#p39549e6] |
| + | # dscreate interactive |
| + | Install Directory Server (interactive mode) |
| + | =========================================== |
| + | selinux is disabled, will not relabel ports or files. |
| + | Selinux support will be disabled, continue? [yes]: |
| + | Enter system's hostname [altair]: ds.nsl.tuis.ac.jp |
| + | Enter the instance name [ds]: nsl |
| + | Enter port number [389]: |
| + | Create self-signed certificate database [yes]: |
| + | Enter secure port number [636]: |
| + | Enter Directory Manager DN [cn=Directory Manager]: cn=Manager |
| + | Enter the Directory Manager password: ******** |
| + | Confirm the Directory Manager Password: ******** |
| + | Enter the database suffix (or enter "none" to skip) [dc=nsl,dc=tuis,dc=ac,dc=jp]: |
| + | Create sample entries in the suffix [no]: yes |
| + | Do you want to start the instance after the installation? [yes]: |
| + | Are you ready to install? [no]: yes |
| + | Starting installation... |
| + | Completed installation for nsl |
| #br | | #br |
| | | |
| # firewall-cmd --add-service=ldaps --permanent | | # firewall-cmd --add-service=ldaps --permanent |
| # firewall-cmd --reload | | # firewall-cmd --reload |
| + | |
| + | **** 起動 [#i3f71e60] |
| + | - systemctl start dirsrv@[Directory server identifier] |
| + | #br |
| | | |
| *** check [#c4ab40fc] | | *** check [#c4ab40fc] |
| - [[nss_ldap]], [[nslcd]] | | - [[nss_ldap]], [[nslcd]] |
| - [[sssd]] | | - [[sssd]] |
| + | #br |
| + | |
| + | *** 属性値の変更 [#bed30db8] |
| + | - dapmodify -x -H ldap://202.26.150.51 -D cn=Manager -W -f ''change.ldif'' |
| + | |
| + | # cat change.ldif |
| + | dn: cn=config |
| + | changetype: modify |
| + | replace: nsslapd-security |
| + | nsslapd-security: on |
| + | **** aci 内部属性の変更 [#adeb9eca] |
| + | - 一般ユーザに userPassword の変更権限の aci内部属性を与える |
| + | - ldapmodify -x -H ldap://202.26.150.51 -D cn=Manager -W -f ''userPass.ldif'' |
| + | |
| + | # cat userPass.ldif |
| + | dn: dc=nsl,dc=tuis,dc=ac,dc=jp |
| + | changetype: modify |
| + | add: aci |
| + | aci: (targetattr = "userPassword") (version 3.0; acl |
| + | "modify own password"; allow (write) userdn = "ldap:///self";) |
| + | |
| + | *** Trouble Shooting [#xce00c43] |
| + | **** エラー番号 [#f1f44c73] |
| + | - https://software.fujitsu.com/jp/manual/manualfiles/M050000/B1WN4901/02/irepab/irep0158.htm |
| + | #br |
| + | |
| + | **** パスワードの変更に失敗しました。 サーバーのメッセージ: Insufficient access rights [#p22fa258] |
| + | - 一般ユーザにパスワード変更の権限がない(err=50) |
| + | - 上記の 「aci 内部属性の変更」 を参照 |
| #br | | #br |
| | | |