LoginSignup
13
14

More than 5 years have passed since last update.

@gigatune

OpenLDAPサーバーで、属性をスキーマに追加

Posted at

スキーマの設定

項目 設定値
スキーマ名 jack
設定ファイル /etc/openldap/schema/jack.schema
継承クラス inetOrgPerson

追加する属性

id 名前 タイプ
1.1.2.1.1 exampleCoJpSex UTF-8文字列
1.1.2.1.2 exampleCoJpBirthday UTF-8文字列
1.1.2.1.3 exampleCoJpMail UTF-8文字列

スキーマファイルの作成

/etc/openldap/schema/jack.schema を作成

attributeTypes: ( 1.1.2.1.1
        NAME 'eampleCoJpSex'
        DESC 'sex'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributeTypes: ( 1.1.2.1.2
        NAME 'exampleCoJpMail'
        DESC 'MailAddress'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )


attributeTypes: ( 1.1.2.1.3
        NAME 'exampleCoJpBirthday'
        DESC 'Birthday'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

objectclass (1.1.2.1.1
        Name 'jack'
        DESC 'user object'
        SUP inetOrgPerson
        STRUCTURAL
        MAY ( exampleCoJpSex $ exampleCoJpMail $ exampleCoJpBirthday ) )

LDAPサーバーの設定に反映

slapd.confの修正

/etc/openldap/slapd.conf のincludeにスキーマファイルを設定

(略)
include         /etc/openldap/schema/jack.schema
(略)

テスト

# slaptest -f /etc/openldap/slapd.conf
config file testing succeeded

slad.d 以下に展開

# rm -rf /etc/openldap/slapd.d/*
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
config file testing succeeded

# chown -R ldap. /etc/openldap/slapd.d

再起動

# /etc/rc.d/init.d/slapd stop
# /etc/rc.d/init.d/slapd start

登録のテスト

sample.ldif

dn: uid=101, ou=people, dc=example, dc=co, dc=jp
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: jack
uid: 101
cn: Test User
sn: user
o: people
userPassword: {SSHA}wvxuaDL+/m3phJE6fyrtGU8UODCfjA2i
exampleCoJpSex: 1
exampleCoJpMail: test@localhost.com
exampleCoJpBirthday: 1980/1/1

確認

# slapcat

(略)

dn: uid=101,ou=people,dc=example,dc=co,dc=jp
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: jack
uid: 101
cn: Test User
sn: user
o: people
userPassword:: e1NTSEF9d3Z4dWFETCsvbTNwaEpFNmZ5cnRHVThVT0RDZmpBMmk=
exampleCoJpSex: 1
exampleCoJpMail: test@localhost.com
exampleCoJpBirthday: 1980/1/1
structuralObjectClass: jack
entryUUID: b7bca988-8f62-1035-8aee-7dafcba3c12c
creatorsName: cn=Manager,dc=example,dc=co,dc=jp
createTimestamp: 20160405101259Z
entryCSN: 20160405101259.282635Z#000000#000#000000
modifiersName: cn=Manager,dc=example,dc=co,dc=jp
modifyTimestamp: 20160405101259Z
13
14
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
13
14