- ツールを使わない方法
- 概要 → コマンドオプションがちょいちょい古い
dscreate ~ サーバの作成
初期設定のテンプレートを作成
sudo -s
#以降rootで実行
dscreate create-template /tmp/x
中身を確認
grep Default /tmp/x -A1
# Default value: 2
;config_version = 2
--
# Default value: 999999999
;defaults = 999999999
--
# Default value: localhost.localdomain
;full_machine_name = localhost.localdomain
--
# Default value: True
;selinux = True
--
# Default value: True
;start = True
--
# Default value: True
;strict_host_checking = True
--
# Default value: True
;systemd = True
--
# Default value: /var/lib/dirsrv/slapd-{instance_name}/bak
;backup_dir = /var/lib/dirsrv/slapd-{instance_name}/bak
--
# Default value: /usr/bin
;bin_dir = /usr/bin
--
# Default value: /etc/dirsrv/slapd-{instance_name}
;cert_dir = /etc/dirsrv/slapd-{instance_name}
--
# Default value: /etc/dirsrv/slapd-{instance_name}
;config_dir = /etc/dirsrv/slapd-{instance_name}
--
# Default value: /usr/share
;data_dir = /usr/share
--
# Default value: /var/lib/dirsrv/slapd-{instance_name}/db
;db_dir = /var/lib/dirsrv/slapd-{instance_name}/db
--
# Default value: dirsrv
;group = dirsrv
--
# Default value: /etc/sysconfig
;initconfig_dir = /etc/sysconfig
--
# Default value: /usr/lib64/dirsrv/slapd-{instance_name}
;inst_dir = /usr/lib64/dirsrv/slapd-{instance_name}
--
# Default value: localhost
;instance_name = localhost
--
# Default value: /var/lib/dirsrv/slapd-{instance_name}/ldif
;ldif_dir = /var/lib/dirsrv/slapd-{instance_name}/ldif
--
# Default value: /usr/lib64
;lib_dir = /usr/lib64
--
# Default value: /var
;local_state_dir = /var
--
# Default value: /var/lock/dirsrv/slapd-{instance_name}
;lock_dir = /var/lock/dirsrv/slapd-{instance_name}
--
# Default value: /var/log/dirsrv/slapd-{instance_name}
;log_dir = /var/log/dirsrv/slapd-{instance_name}
--
# Default value: 389
;port = 389
--
# Default value: /usr
;prefix = /usr
--
# Default value: cn=Directory Manager
;root_dn = cn=Directory Manager
--
# Default value: Directory_Manager_Password
;root_password = Directory_Manager_Password
--
# Default value: /var/run/dirsrv
;run_dir = /var/run/dirsrv
--
# Default value: /usr/sbin
;sbin_dir = /usr/sbin
--
# Default value: /etc/dirsrv/slapd-{instance_name}/schema
;schema_dir = /etc/dirsrv/slapd-{instance_name}/schema
--
# Default value: 636
;secure_port = 636
--
# Default value: True
;self_sign_cert = True
--
# Default value: 24
;self_sign_cert_valid_months = 24
--
# Default value: /etc
;sysconf_dir = /etc
--
# Default value: /tmp
;tmp_dir = /tmp
--
# Default value: dirsrv
;user = dirsrv
--
# Default value: False
;create_suffix_entry = False
--
# Default value: False
;require_index = False
--
# Default value: no
;sample_entries = no
--
# Default value:
;suffix =
バインドを簡単にしておく
sed -ri 's/;(root_dn).*/\1=cn=manager/;s/;(root_password).*/\1=secret/' /tmp/x
作成(と起動)
dscreate from-file /tmp/x
#起動してるか確認
ps -C ns-slapd -f
#再起動してみる
systemctl restart dirsrv@localhost
dsconf ~ 各種設定
ルートDNを作成(三つ)
#定義だけ
dsconf localhost backend create --suffix dc=example1,dc=com --be-name userRoot1
dsconf localhost backend create --suffix dc=example2,dc=com --be-name userRoot2
dsconf localhost backend create --suffix dc=example3,dc=com --be-name userRoot3
#DNの一覧
dsconf localhost backend suffix list
#実際のデータ(ルートDNだけを作ってくれるコマンドがない?)
cat <<EOS | ldapadd -D cn=manager -wsecret
dn: dc=example1,dc=com
objectClass: dcObject
dc: example1
dn: dc=example2,dc=com
objectClass: dcObject
dc: example2
dn: dc=example3,dc=com
objectClass: dcObject
dc: example3
EOS
ルートDNを削除
echo 'Yes I am sure' | dsconf localhost backend delete userRoot3
dsidm ~ データの登録/変更/削除
ユーザ用のOUを作成
dsidm -b dc=example1,dc=com localhost organizationalunit create --ou users
dsidm -b dc=example2,dc=com localhost organizationalunit create --ou users
ユーザを作成
dsidm -b ou=users,dc=example1,dc=com localhost user create --uid teacher --cn teacher --displayName teacher --uidNumber 1000 --gidNumber 1000 --homeDirectory /home/teacher
dsidm -b ou=users,dc=example2,dc=com localhost user create --uid student --cn student --displayName student --uidNumber 2000 --gidNumber 2000 --homeDirectory /home/student
Error: {'desc': 'No such object', 'matched': 'ou=users,dc=example1,dc=com'}
ユーザ用のOUは、 ou=people,... という前提
dsctl ~ その他の操作
サーバを削除
dsctl localhost remove --do-it
蛇足:本体(389-ds-base)に含まれるコマンド
dlclt ~ 負荷テスト
- 389ds(ns-slapd)専用という訳ではない
- リファレンス
#バグ対処
echo ... > x.jpg
#登録
ldclt -D cn=manager -wsecret -b ou=users,dc=example,dc=com -f uid=hogeXX -r1 -R99 -e incr,noloop,commoncounter,add,inetOrgPerson,imagesdir=.
#変更
ldclt -D cn=manager -wsecret -b ou=users,dc=example,dc=com -f uid=hogeXX -r1 -R99 -e incr,noloop,commoncounter,attreplace=displayName:ホゲXXXX
#検索
ldclt -D cn=manager -wsecret -b ou=users,dc=example,dc=com -f uid=hogeXX -r1 -R99 -e incr,noloop,commoncounter,esearch
#削除
ldclt -D cn=manager -wsecret -b ou=users,dc=example,dc=com -f uid=hogeXX -r1 -R99 -e incr,noloop,commoncounter,delete
オプションの説明
-D cn=manager -wsecret -b ... ... LDAPコマンドと同様
-H ...などを指定する-f uid=hogeXX -r1 -R99 ... RDNのパターンと範囲
X...の部分が数字で埋めれらるuid=hoge01~uid=hoge99
-e incr,noloop,commoncounter ... インクリメント、ループしない、スレッド間で重複しない
incrでなければrandom
noloopとcommoncounterはincr専用-e add,inetOrgPerson,imagesdir=. ... オブジェクトクラスinetOrgPersonを登録
personとemailPerson
person以外はimagesdirが必要imagesdirはjpegPhoto属性のために.jpgファイルを探す場所
(.jpgがなければクラッシュする)-e attreplace=displayName:ホゲXXXX ... 属性displayNameを変更
X...の部分がランダム文字で埋められる
logconv.pl ~ アクセスログの集計
- 何故かこれだけPerl
- リファレンス
#全ての集計を表示
sudo logconv.pl /var/log/dirsrv/slapd-localhost/access -V
#分単位の集計表を出力
sudo logconv.pl /var/log/dirsrv/slapd-localhost/access -M hoge.csv
-V の結果Access Log Analyzer 8.2
Command: logconv.pl /var/log/dirsrv/slapd-localhost/access
Processing 1 Access Log(s)...
[001] /var/log/dirsrv/slapd-localhost/access size (bytes): 31232891
25000 Lines Processed 3037352 of 31232891 bytes (9.725%)
50000 Lines Processed 6086090 of 31232891 bytes (19.486%)
75000 Lines Processed 9168125 of 31232891 bytes (29.354%)
100000 Lines Processed 12255766 of 31232891 bytes (39.240%)
125000 Lines Processed 15343372 of 31232891 bytes (49.126%)
150000 Lines Processed 18431013 of 31232891 bytes (59.012%)
175000 Lines Processed 21497493 of 31232891 bytes (68.830%)
200000 Lines Processed 24583018 of 31232891 bytes (78.709%)
225000 Lines Processed 27670624 of 31232891 bytes (88.595%)
250000 Lines Processed 30758265 of 31232891 bytes (98.480%)
Total Log Lines Analysed: 254038
----------- Access Log Output ------------
Start of Logs: 16/Apr/2020:09:48:22.654258930
End of Logs: 16/Apr/2020:10:08:14.867321284
Processed Log Time: 0 Hours, 19 Minutes, 52.21305344 Seconds
Restarts: 0
Peak Concurrent Connections: 0
Total Operations: 126913
Total Results: 126913
Overall Performance: 100.0%
Total Connections: 103 (0.09/sec) (5.18/min)
- LDAP Connections: 103 (0.09/sec) (5.18/min)
- LDAPI Connections: 0 (0.00/sec) (0.00/min)
- LDAPS Connections: 0 (0.00/sec) (0.00/min)
- StartTLS Extended Ops: 0 (0.00/sec) (0.00/min)
Searches: 126612 (106.20/sec) (6371.95/min)
Modifications: 99 (0.08/sec) (4.98/min)
Adds: 0 (0.00/sec) (0.00/min)
Deletes: 99 (0.08/sec) (4.98/min)
Mod RDNs: 0 (0.00/sec) (0.00/min)
Compares: 0 (0.00/sec) (0.00/min)
Binds: 103 (0.09/sec) (5.18/min)
Proxied Auth Operations: 0
Persistent Searches: 0
Internal Operations: 0
Entry Operations: 0
Extended Operations: 0
Abandoned Requests: 0
Smart Referrals Received: 0
VLV Operations: 0
VLV Unindexed Searches: 0
VLV Unindexed Components: 0
SORT Operations: 0
Entire Search Base Queries: 0
Paged Searches: 0
Unindexed Searches: 0
Unindexed Components: 0
FDs Taken: 103
FDs Returned: 113
Highest FD Taken: 73
Broken Pipes: 0
Connections Reset By Peer: 0
Resource Unavailable: 0
Max BER Size Exceeded: 0
Binds: 103
Unbinds: 3
---------------------------------
- LDAP v2 Binds: 0
- LDAP v3 Binds: 103
- AUTOBINDs(LDAPI): 0
- SSL Client Binds: 0
- Failed SSL Client Binds: 0
- SASL Binds: 0
- Directory Manager Binds: 0
- Anonymous Binds: 0
----- Connection Latency Details -----
(in seconds) <=1 2 3 4-5 6-10 11-15 >15
--------------------------------------------------------------------------
(# of connections) 3 40 70
----- Errors -----
err=0 126715 Successful Operations
err=32 198 No Such Object
----- Total Connection Codes -----
B1 108 Bad Ber Tag Encountered
U1 3 Cleanly Closed Connections
----- Top 20 Clients -----
Number of Clients: 1
[1] Client: ::1
103 - Connections
98 - B1 (Bad Ber Tag Encountered)
3 - U1 (Cleanly Closed Connections)
----- Top 20 Bind DN's -----
Number of Unique Bind DN's: 1
103 cn=manager
----- Top 20 Search Bases -----
Number of Unique Search Bases: 3
126411 ou=users,dc=example,dc=com
198 ou=users,dc=example1,dc=com
3 dc=example,dc=com
----- Top 20 Search Filters -----
Number of Unique Search Filters: 198
1390 (uid=f-tarou64)
1380 (uid=f-tarou97)
1376 (uid=f-tarou56)
1357 (uid=f-tarou47)
1357 (uid=f-tarou76)
1356 (uid=f-tarou77)
1356 (uid=f-tarou50)
1349 (uid=f-tarou17)
1345 (uid=f-tarou54)
1338 (uid=f-tarou99)
1337 (uid=f-tarou26)
1337 (uid=f-tarou62)
1333 (uid=f-tarou45)
1332 (uid=f-tarou10)
1331 (uid=f-tarou29)
1329 (uid=f-tarou12)
1327 (uid=f-tarou52)
1327 (uid=f-tarou78)
1326 (uid=f-tarou43)
1324 (uid=f-tarou51)
----- Top 20 Most Frequent etimes -----
7 etime=0.0000121133
6 etime=0.0000121755
6 etime=0.0000121857
6 etime=0.0000106785
6 etime=0.0000121726
5 etime=0.0000121786
5 etime=0.0000121462
5 etime=0.0000121770
5 etime=0.0000122473
5 etime=0.0000104470
5 etime=0.0000229719
5 etime=0.0000121573
5 etime=0.0000107007
5 etime=0.0000104749
5 etime=0.0000104101
5 etime=0.0000229269
5 etime=0.0000121447
5 etime=0.0000121226
5 etime=0.0000107083
5 etime=0.0000111169
----- Top 20 Longest etimes -----
etime=0.1999855984 1
etime=0.1999770550 1
etime=0.1999673439 1
etime=0.1999662544 1
etime=0.1999631747 1
etime=0.1999595500 1
etime=0.1999559786 1
etime=0.1999552360 1
etime=0.1999550394 1
etime=0.1999516172 1
etime=0.1999502807 1
etime=0.1999499795 1
etime=0.1999479053 1
etime=0.1999452273 1
etime=0.1999430328 1
etime=0.1999418265 1
etime=0.1999391314 1
etime=0.1999391222 1
etime=0.1999376977 1
etime=0.1999363996 1
----- Top 20 Largest nentries -----
nentries=1 126414
nentries=0 198
----- Top 20 Most returned nentries -----
126414 nentries=1
198 nentries=0
----- Top 20 Most Requested Attributes -----
108240 cn
108240 sn
18372 All Attributes
----- Recommendations -----
1. You have a significant difference between binds and unbinds. You may want to investigate this difference.
2. You have more abnormal connection codes than cleanly closed connections. You may want to investigate this difference.
3. You have a majority of etimes that are greater than zero, you may want to investigate this performance problem.
Cleaning up temp files...
Done.
-M のCSVTime,time_t,Results,Search,Add,Mod,Modrdn,Moddn,Compare,Delete,Abandon,Connections,SSL Conns,Bind,Anon Bind,Unbind,Unindexed search,Unindexed component,ElapsedTime
16/Apr/2020:09:48:22.654258900 +0900,1586998080,75702,75692,0,0,0,0,0,0,0,10,0,10,0,0,0,0,15.2383253021001
16/Apr/2020:09:49:00.509301100 +0900,1586998140,50442,50422,0,0,0,0,0,0,0,20,0,20,0,0,0,0,12.8409661904
16/Apr/2020:09:50:00.099331400 +0900,1586998200,109,99,0,0,0,0,0,0,0,10,0,10,0,0,0,0,0.1941425189
16/Apr/2020:09:58:16.535995200 +0900,1586998680,218,198,0,0,0,0,0,0,0,20,0,20,0,0,0,0,0.5506085747
16/Apr/2020:10:00:02.438920100 +0900,1586998800,109,99,0,0,0,0,0,0,0,10,0,10,0,0,0,0,1.645754401
16/Apr/2020:10:04:48.382675600 +0900,1586999040,109,0,0,99,0,0,0,0,0,10,0,10,0,0,0,0,1.9310870437
16/Apr/2020:10:05:08.382504300 +0900,1586999100,2,1,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0.002618222
16/Apr/2020:10:06:31.886534000 +0900,1586999160,4,2,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0.2000212735
16/Apr/2020:10:07:25.744255300 +0900,1586999220,218,99,0,0,0,0,0,99,0,20,0,20,0,0,0,0,0.5538454234
16/Apr/2020:10:08:14.866995400 +0900,1586999280,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0