{"id":951,"date":"2004-12-17T23:00:00","date_gmt":"2004-12-17T14:00:00","guid":{"rendered":"\/?p=951"},"modified":"2004-12-20T09:44:32","modified_gmt":"2004-12-20T00:44:32","slug":"ldap-client","status":"publish","type":"post","link":"https:\/\/www.hiro345.net\/blogs\/hiro345\/archives\/951.html","title":{"rendered":"LDAP Client"},"content":{"rendered":"<p>OpenLDAP\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a2d\u5b9a\u3092\u3057\u305f\u306e\u3067\u3001\u305d\u306e\u3068\u304d\u306e\u30e1\u30e2\u3002<\/p>\n<p>\u4e00\u756a\u7c21\u5358\u306a\u306e\u306f\u3001authconfig\u3068\u3044\u3046\u30b3\u30de\u30f3\u30c9\u3067LDAP\u3092\u4f7f\u3046\u65b9\u6cd5\u3067\u3059\u3002\u3053\u306e\u3068\u304d\u306b\u3001LDAP\u30b5\u30fc\u30d0\u306eIP\u30a2\u30c9\u30ec\u30b9\u3084LDAP\u3067\u306e\u30c9\u30e1\u30a4\u30f3\u540d\u3092\u805e\u304b\u308c\u308b\u306e\u3067\u3001\u3042\u3089\u304b\u3058\u3081\u8abf\u3079\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u3046\u3053\u3068\u306b\u3088\u308a\u3001\u6b21\u306e4\u3064\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u66f4\u65b0\u3055\u308c\u307e\u3059\u3002<br \/>\n<br \/>\n    * \/etc\/nsswitch.conf<br \/>\n    * \/etc\/ldap.conf<br \/>\n    * \/etc\/openldap\/ldap.conf<br \/>\n    * \/etc\/pam.d\/system-auth <\/p>\n<p>\u305b\u3063\u304b\u304f\u306a\u306e\u3067\u3001\u5404\u30d5\u30a1\u30a4\u30eb\u306e\u3069\u3053\u304c\u66f4\u65b0\u3055\u308c\u308b\u304b\u308f\u304b\u308b\u3088\u3046\u306b\u3001\u624b\u4f5c\u696d\u3067\u306e\u8a2d\u5b9a\u65b9\u6cd5\u3082\u7c21\u5358\u306b\u8aac\u660e\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n<p>\/etc\/nsswitch.conf\u3067\u306f\u3001\u30a2\u30ab\u30a6\u30f3\u30c8\u60c5\u5831\u3084\u30d1\u30b9\u30ef\u30fc\u30c9\u60c5\u5831\u3092\u3069\u3053\u304b\u3089\u3068\u308b\u304b\u3068\u3044\u3046\u8a2d\u5b9a\u3092\u3059\u308b\u306e\u3067\u3001\u6b21\u306e\u9805\u76ee\u3067ldap\u3092\u8ffd\u52a0\u3057\u3066\u304a\u304b\u306a\u3051\u308c\u3070\u306a\u308a\u307e\u305b\u3093\u3002<\/p>\n<blockquote class=\"border\"><p>passwd:   files  ldap<br \/>\nshadow:   files  ldap<br \/>\ngroup:    files  ldap<\/p><\/blockquote>\n<p>\/etc\/ldap.conf<br \/>\n\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3067\u3042\u308b\/etc\/ldap.conf\u3092\u7de8\u96c6\u3057\u3066\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u7d44\u7e54\u3068\u691c\u7d22\u30d9\u30fc\u30b9\u3092\u53cd\u6620\u3055\u305b\u307e\u3059\u3002<\/p>\n<blockquote class=\"border\"><p>host 127.0.0.1<br \/>\nbase dc=sssg,dc=org<\/p><\/blockquote>\n<p>\u4e00\u5fdc\u3001TLS\u3092\u4f7f\u3063\u3066\u3044\u306a\u304b\u3063\u305f\u308a\u3001MD5\u3092\u4f7f\u3063\u3066\u3044\u305f\u308a\u3059\u308b\u5834\u5408\u306f\u3001\u6b21\u306e\u3088\u3046\u306a\u8a2d\u5b9a\u3082\u8ffd\u52a0\u3057\u3066\u304a\u3044\u305f\u65b9\u304c\u3044\u3044\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002<\/p>\n<blockquote class=\"border\"><p>ssl no<br \/>\npam_password md5<\/p><\/blockquote>\n<p>\/etc\/openldap\/ldap.conf\u306b\u3082\u540c\u3058\u8a2d\u5b9a\u3092\u3057\u306a\u3044\u3068OpenLDAP\u7cfb\u306e\u30c4\u30fc\u30eb\u304c\u3046\u307e\u304f\u52d5\u4f5c\u3057\u307e\u305b\u3093\u3002<\/p>\n<blockquote class=\"border\"><p>host 127.0.0.1<br \/>\nbase dc=sssg,dc=org<\/p><\/blockquote>\n<p>\u6700\u5f8c\u306fPAM\u7528\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\/etc\/pam.d\/system-auth\u3067\u3059\u3002\u6b21\u306e\u3088\u3046\u306a\u611f\u3058\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<blockquote class=\"border\"><p>auth        required      \/lib\/security\/$ISA\/pam_env.so<br \/>\nauth        sufficient    \/lib\/security\/$ISA\/pam_unix.so likeauth nullok<br \/>\nauth        sufficient    \/lib\/security\/$ISA\/pam_ldap.so use_first_pass<br \/>\nauth        required      \/lib\/security\/$ISA\/pam_deny.so<\/p>\n<p>account     required      \/lib\/security\/$ISA\/pam_unix.so broken_shadow<br \/>\naccount     sufficient    \/lib\/security\/$ISA\/pam_succeed_if.so uid < 100 quiet\naccount     [default=bad success=ok user_unknown=ignore] \/lib\/security\/$ISA\/pam_ldap.so<br \/>\naccount     required      \/lib\/security\/$ISA\/pam_permit.so<\/p>\n<p>password    requisite     \/lib\/security\/$ISA\/pam_cracklib.so retry=3<br \/>\npassword    sufficient    \/lib\/security\/$ISA\/pam_unix.so nullok use_authtok md5 shadow<br \/>\npassword    sufficient    \/lib\/security\/$ISA\/pam_ldap.so use_authtok<br \/>\npassword    required      \/lib\/security\/$ISA\/pam_deny.so<\/p>\n<p>session     required      \/lib\/security\/$ISA\/pam_limits.so<br \/>\nsession     required      \/lib\/security\/$ISA\/pam_unix.so<br \/>\nsession     optional      \/lib\/security\/$ISA\/pam_ldap.so<\/p>\n<p>auth sufficient \/lib\/security\/pam_ldap.so use_first_pass<\/><\/p><\/blockquote>\n<p>\u8a2d\u5b9a\u304c\u7d42\u308f\u3063\u305f\u3089\u3001nscd\uff08Name Service Cache Daemon\uff09\u3092\u8d77\u52d5\u3057\u3066\u304a\u304f\u3068\u3001\u30a2\u30af\u30bb\u30b9\u304c\u9ad8\u901f\u306b\u306a\u308a\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u691c\u7d22\u7d50\u679c\u306e\u30ad\u30e3\u30c3\u30b7\u30e5\u3092\u6709\u52b9\u306b\u3057\u3066\u3044\u308b\u3060\u3051\u306a\u306e\u3067\u3001\u3053\u308c\u3092\u8d77\u52d5\u3055\u305b\u306a\u304f\u3066\u3082LDAP\u306e\u52d5\u4f5c\u306b\u652f\u969c\u306f\u3042\u308a\u307e\u305b\u3093\u3002<\/p>\n<blockquote><p># cd start<br \/>\n  # chkconfig nscd on<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>OpenLDAP\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a2d\u5b9a\u3092\u3057\u305f\u306e\u3067\u3001\u305d\u306e\u3068\u304d\u306e\u30e1\u30e2\u3002 \u4e00\u756a\u7c21\u5358\u306a\u306e\u306f\u3001authconfig\u3068\u3044\u3046\u30b3\u30de\u30f3\u30c9\u3067LDAP\u3092\u4f7f\u3046\u65b9\u6cd5\u3067\u3059\u3002\u3053\u306e\u3068\u304d\u306b\u3001LDAP\u30b5\u30fc\u30d0\u306eIP\u30a2\u30c9\u30ec\u30b9\u3084LDAP\u3067\u306e\u30c9\u30e1\u30a4\u30f3\u540d\u3092\u805e\u304b\u308c\u308b\u306e\u3067\u3001 &hellip; <a href=\"https:\/\/www.hiro345.net\/blogs\/hiro345\/archives\/951.html\">\u7d9a\u304d\u3092\u8aad\u3080 <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-951","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/951","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/comments?post=951"}],"version-history":[{"count":0,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/951\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/media?parent=951"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/categories?post=951"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/tags?post=951"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}