13: 2021-06-26 (土) 18:41:41 iseki  |
14: 2021-06-27 (日) 21:59:15 iseki |
| | # dnf update epel-release | | # dnf update epel-release |
| | # dnf module install 389-directory-server:stable/default | | # dnf module install 389-directory-server:stable/default |
| | + | |
| | + | - openldap のクライアントも入れておいた方が便利 |
| | #br | | #br |
| | | | |
| | -- NSSのデータベース用パスワードは /etc/dirsrv/slapd-[Directory server identifier]/pin.txt | | -- NSSのデータベース用パスワードは /etc/dirsrv/slapd-[Directory server identifier]/pin.txt |
| | - Create just the top suffix entry [no]: yes | | - Create just the top suffix entry [no]: yes |
| | + | - DataBase は ''/var/lib/dirsrv/slapd-[Directory server identifier] ''にできる. |
| | - [[Cockpit]] からも接続可能 | | - [[Cockpit]] からも接続可能 |
| | + | #br |
| | + | |
| | + | **** Example [#p39549e6] |
| | + | # dscreate interactive |
| | + | Install Directory Server (interactive mode) |
| | + | =========================================== |
| | + | selinux is disabled, will not relabel ports or files. |
| | + | Selinux support will be disabled, continue? [yes]: |
| | + | Enter system's hostname [altair]: ds.nsl.tuis.ac.jp |
| | + | Enter the instance name [ds]: nsl |
| | + | Enter port number [389]: |
| | + | Create self-signed certificate database [yes]: |
| | + | Enter secure port number [636]: |
| | + | Enter Directory Manager DN [cn=Directory Manager]: cn=Manager |
| | + | Enter the Directory Manager password: ******** |
| | + | Confirm the Directory Manager Password: ******** |
| | + | Enter the database suffix (or enter "none" to skip) [dc=nsl,dc=tuis,dc=ac,dc=jp]: |
| | + | Create sample entries in the suffix [no]: yes |
| | + | Do you want to start the instance after the installation? [yes]: |
| | + | Are you ready to install? [no]: yes |
| | + | Starting installation... |
| | + | Completed installation for nsl |
| | #br | | #br |
| | | | |
| | # firewall-cmd --add-service=ldaps --permanent | | # firewall-cmd --add-service=ldaps --permanent |
| | # firewall-cmd --reload | | # firewall-cmd --reload |
| | + | |
| | + | **** 起動 [#i3f71e60] |
| | + | - systemctl start dirsrv@[Directory server identifier] |
| | + | #br |
| | | | |
| | *** check [#c4ab40fc] | | *** check [#c4ab40fc] |
| | - [[nss_ldap]], [[nslcd]] | | - [[nss_ldap]], [[nslcd]] |
| | - [[sssd]] | | - [[sssd]] |
| | + | #br |
| | + | |
| | + | *** 属性値の変更 [#bed30db8] |
| | + | - dapmodify -x -H ldap://202.26.150.51 -D cn=Manager -W -f ''change.ldif'' |
| | + | |
| | + | # cat change.ldif |
| | + | dn: cn=config |
| | + | changetype: modify |
| | + | replace: nsslapd-security |
| | + | nsslapd-security: on |
| | + | **** aci 内部属性の変更 [#adeb9eca] |
| | + | - 一般ユーザに userPassword の変更権限の aci内部属性を与える |
| | + | - ldapmodify -x -H ldap://202.26.150.51 -D cn=Manager -W -f ''userPass.ldif'' |
| | + | |
| | + | # cat userPass.ldif |
| | + | dn: dc=nsl,dc=tuis,dc=ac,dc=jp |
| | + | changetype: modify |
| | + | add: aci |
| | + | aci: (targetattr = "userPassword") (version 3.0; acl |
| | + | "modify own password"; allow (write) userdn = "ldap:///self";) |
| | + | |
| | + | *** Trouble Shooting [#xce00c43] |
| | + | **** エラー番号 [#f1f44c73] |
| | + | - https://software.fujitsu.com/jp/manual/manualfiles/M050000/B1WN4901/02/irepab/irep0158.htm |
| | + | #br |
| | + | |
| | + | **** パスワードの変更に失敗しました。 サーバーのメッセージ: Insufficient access rights [#p22fa258] |
| | + | - 一般ユーザにパスワード変更の権限がない(err=50) |
| | + | - 上記の 「aci 内部属性の変更」 を参照 |
| | #br | | #br |
| | | | |
