インストール
yum install openldap openldap-servers openldap-clients
slapd.d いらない
mv /etc/openldap/slapd.d /etc/openldap/slapd.d.bk
slapd.conf 作る
cd /etc/openldap/
vi slapd.conf
include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema allow bind_v2 pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args ####################################################################### # ldbm and/or bdb database definitions ####################################################################### database bdb suffix "dc=my-domain,dc=com" checkpoint 1024 15 rootdn "cn=Manager,dc=my-domain,dc=com" rootpw secret directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub database monitor access to * by dn.exact="cn=Manager,dc=my-domain,dc=com" read by * none access to attrs=userPassword by self write by dn="cn=Manager,dc=my-domain,dc=com" write by anonymous auth by * none access to * by dn="cn=Manager,dc=my-domain,dc=com" write by self write by * read
service slapd start
とりあえず suffix と Manager を入れておく
ldapadd -x -D cn=Manager,dc=my-domain,dc=com -W -f suffix.ldif
dn: dc=my-domain,dc=com objectClass: dcObject objectClass: organization dc: my-domain o: Example Corporation dn: cn=Manager,dc=my-domain,dc=com objectClass: organizationalRole cn: Manager
使う
ldapsearch -x -h localhost -b dc=my-domain,dc=com -LLL
ldapadd -x -D cn=Manager,dc=my-domain,dc=com -W -f add.ldif
ldifはこんな感じ
dn: cn=AAAA,ou=Platform,o=portal,o=gatein,dc=my-domain,dc=com objectClass: top objectClass: groupOfNames cn: AAAA member: ou=placeholder,o=portal,o=gatein,dc=my-domain,dc=com
gatein の initial-openldap.ldif
dn: o=gatein,dc=my-domain,dc=com objectclass: top objectclass: organization o: gatein dn: o=portal,o=gatein,dc=my-domain,dc=com objectclass: top objectclass: organization o: portal dn: ou=placeholder,o=portal,o=gatein,dc=my-domain,dc=com objectclass: top objectclass: organizationalUnit ou: placeholder description: entry used to satisfy schmema restrictions for required member attribute in groupOfNames objectClass
これだけ入っていれば、gatein起動時にサンプルユーザを add してくれる
ldapdelete -x -r -D cn=Manager,dc=my-domain,dc=com -W -f deletedn.txt
こっちは削除したいdnを並べる
ou=People,o=portal,o=gatein,dc=my-domain,dc=com ou=Platform,o=portal,o=gatein,dc=my-domain,dc=com ou=Organization,o=portal,o=gatein,dc=my-domain,dc=com
ログ
# vi /etc/rsyslog.conf local4.* /var/log/ldap.log # service syslog restart
GateIn 関連
GateInのopenldapサンプルは dc=my-domain,dc=com だ。 dc=example,dc=com じゃないぞ。気をつけろ!
あと、slapdはポート389を使うけど、サンプルの方は1389。サンプルを直せばいい
http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Portal_Platform/5.2/html-single/Reference_Guide/index.html#sect-Reference_Guide_eXo_JCR_1.14-LDAP_Integration
- 02portal.war/WEB-INF/conf/organization/idm-configuration.xml の
war:/conf/organization/picketlink-idm/picketlink-idm-config.xml をコメントアウト war:/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-config.xml をアンコメント- 以下をアンコメント
- 02portal.war/WEB-INF/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-config.xml の 1389 を 389 に修正
https://community.jboss.org/wiki/GateInWithLDAPInReadonlyMode
https://community.jboss.org/wiki/GateInwithLDAPasadefaultuserandgroupstore