インストール
yum install openldap openldap-servers openldap-clients
slapd.d いらない
mv /etc/openldap/slapd.d /etc/openldap/slapd.d.bk
slapd.conf 作る
cd /etc/openldap/
vi slapd.conf
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=my-domain,dc=com"
checkpoint 1024 15
rootdn "cn=Manager,dc=my-domain,dc=com"
rootpw secret
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
database monitor
access to *
by dn.exact="cn=Manager,dc=my-domain,dc=com" read
by * none
access to attrs=userPassword
by self write
by dn="cn=Manager,dc=my-domain,dc=com" write
by anonymous auth
by * none
access to *
by dn="cn=Manager,dc=my-domain,dc=com" write
by self write
by * readservice slapd start
とりあえず suffix と Manager を入れておく
ldapadd -x -D cn=Manager,dc=my-domain,dc=com -W -f suffix.ldif
dn: dc=my-domain,dc=com objectClass: dcObject objectClass: organization dc: my-domain o: Example Corporation dn: cn=Manager,dc=my-domain,dc=com objectClass: organizationalRole cn: Manager
使う
ldapsearch -x -h localhost -b dc=my-domain,dc=com -LLL
ldapadd -x -D cn=Manager,dc=my-domain,dc=com -W -f add.ldif
ldifはこんな感じ
dn: cn=AAAA,ou=Platform,o=portal,o=gatein,dc=my-domain,dc=com objectClass: top objectClass: groupOfNames cn: AAAA member: ou=placeholder,o=portal,o=gatein,dc=my-domain,dc=com
gatein の initial-openldap.ldif
dn: o=gatein,dc=my-domain,dc=com objectclass: top objectclass: organization o: gatein dn: o=portal,o=gatein,dc=my-domain,dc=com objectclass: top objectclass: organization o: portal dn: ou=placeholder,o=portal,o=gatein,dc=my-domain,dc=com objectclass: top objectclass: organizationalUnit ou: placeholder description: entry used to satisfy schmema restrictions for required member attribute in groupOfNames objectClass
これだけ入っていれば、gatein起動時にサンプルユーザを add してくれる
ldapdelete -x -r -D cn=Manager,dc=my-domain,dc=com -W -f deletedn.txt
こっちは削除したいdnを並べる
ou=People,o=portal,o=gatein,dc=my-domain,dc=com ou=Platform,o=portal,o=gatein,dc=my-domain,dc=com ou=Organization,o=portal,o=gatein,dc=my-domain,dc=com
ログ
# vi /etc/rsyslog.conf local4.* /var/log/ldap.log # service syslog restart
GateIn 関連
GateInのopenldapサンプルは dc=my-domain,dc=com だ。 dc=example,dc=com じゃないぞ。気をつけろ!
あと、slapdはポート389を使うけど、サンプルの方は1389。サンプルを直せばいい
http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Portal_Platform/5.2/html-single/Reference_Guide/index.html#sect-Reference_Guide_eXo_JCR_1.14-LDAP_Integration
- 02portal.war/WEB-INF/conf/organization/idm-configuration.xml の
war:/conf/organization/picketlink-idm/picketlink-idm-config.xml をコメントアウト war:/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-config.xml をアンコメント- 以下をアンコメント
- 02portal.war/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-config.xml の 1389 を 389 に修正
https://community.jboss.org/wiki/GateInWithLDAPInReadonlyMode
https://community.jboss.org/wiki/GateInwithLDAPasadefaultuserandgroupstore
