kyoyaの日記: 5.2 - 505SX - LDAPでログイン.1 - pam_ldap-1.7.1_1/nss_ldap-204
参考文献
ITMedia
LDAP導入
nss_ldap
LDAPv3 HOWTO
NSSとPAMを導入
依存関係でOpenLDAP2.2/BerkeleyDB2.2をInstallする。portsがやってくれると思うのだがここは手動で。
$ pkg_remove openldap21-server openldap21-cluent bdb4 bdb41
$ cd /usr/ports/net/openldap22-server
$ make install
...エラー。時間がないのでpackages。
$ pkg_remove openldap2.*
# とやったらsambaも一緒にremoveされてしまって…
$ pkg_add ftp://ftp.jp.freebsd.org/pub/FreeBSD/releases/i386/5.3-RC1/packages/net/samba-3.0.7,1.tbz
$ pkg_add ftp://ftp.jp.freebsd.org/pub/FreeBSD/releases/i386/5.3-RC1/packages/security/pam_ldap-1.7.1_1.tbz
================================================================================
Copy /usr/local/etc/ldap.conf.dist to /usr/local/etc/ldap.conf, then edit
/usr/local/etc/ldap.conf in order to use this module. Add a line similar to
the following to /etc/pam.conf on 4.X, or create an /etc/pam.d/ldap on 5.X
with a line similar to the following:
login auth sufficient /usr/local/lib/pam_ldap.so
================================================================================
$ pkg_add ftp://ftp.jp.freebsd.org/pub/FreeBSD/releases/i386/5.3-RC1/packages/net/nss_ldap-1.204_5.tbz
=====================================================================
The nss_ldap module expects to find its configuration files at the
following paths:
LDAP configuration: /usr/local/etc/nss_ldap.conf
LDAP secret (optional): /usr/local/etc/nss_ldap.secret
WARNING: For users of previous versions of this port:
WARNING:
WARNING: Previous versions of this port expected configuration files
WARNING: to be located at /etc/ldap.conf and /etc/ldap.secret. You
WARNING: may need to move these configuration files to their new
WARNING: location specified above.
=====================================================================
$ pkg_add ftp://ftp.jp.freebsd.org/pub/FreeBSD/releases/i386/5.3-RC1/packages/net/openldap-server-2.2.15.tbz
************************************************************
The OpenLDAP server package has been successfully installed.
In order to run the LDAP server, you need to edit
/usr/local/etc/openldap/slapd.conf
to suit your needs and add the following lines to /etc/rc.conf:
slapd_enable="YES"
slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"'
slapd_sockets="/var/run/openldap/ldapi"
Then start the server with
/usr/local/etc/rc.d/slapd.sh start
or reboot.
Try `man slapd' and the online manual at
http://www.OpenLDAP.org/doc/admin22/
for more information.
NOTE: Some variable names have been changed to conform with rc.subr(8)
If you are upgrading, you may want to check your configuration with
grep ^slapd_ /etc/rc.conf
slapd runs under a non-privileged user id (by default `ldap'),
see /usr/local/etc/rc.d/slapd.sh for more information.
************************************************************
5.3用バイナリではslapdの起動に問題があるようで、5.2.1Rに戻す。
$ pkg_remove openldap-client-2.2.15 openldap-server-2.2.15
remove: samba-3.0.7,1
remove: pam_ldap-1.7.1_1
remove: nss_ldap-1.204_5
remove: openldap-server-2.2.15
remove: openldap-client-2.2.15
$ pkg_add ftp://ftp2.jp.freebsd.org/pub/FreeBSD/releases/i386/5.2.1-RELEASE/packages/net/samba-3.0.0,1.tbz
$ pkg_add ftp://ftp2.jp.freebsd.org/pub/FreeBSD/releases/i386/5.2.1-RELEASE/packages/net/nss_ldap-1.204_2.tbz
Fetching ftp://ftp2.jp.freebsd.org/pub/FreeBSD/releases/i386/5.2.1-RELEASE/packages/net/nss_ldap-1.204_2.tbz... Done.
Fetching ftp://ftp2.jp.freebsd.org/pub/FreeBSD/releases/i386/5.2.1-RELEASE/packages/All/openldap-client-2.0.27.tbz... Done.
************************************************************
The OpenLDAP client package has been successfully installed.
Edit
/usr/local/etc/openldap/ldap.conf
to change the system-wide client defaults.
Try `man ldap.conf' and visit the OpenLDAP FAQ-O-Matic at
http://www.OpenLDAP.org/faq/index.cgi?file=3
for more information.
************************************************************
$ pkg_add ftp://ftp2.jp.freebsd.org/pub/FreeBSD/releases/i386/5.2.1-RELEASE/packages/security/pam_ldap-1.6.5.tbz
まて、PAMはopenldap-client-2.1.23.tbzだが、NSSはopenldap-client-2.0.27.tbz
を要求する。
openldap-client-2.1.23.tbzを先に入れそれを使う。
$ pkg_add ftp://ftp2.jp.freebsd.org/pub/FreeBSD/releases/i386/5.2.1-RELEASE/packages/net/openldap-client-2.1.23.tbz
$ pkg_add ftp://ftp2.jp.freebsd.org/pub/FreeBSD/releases/i386/5.2.1-RELEASE/packages/net/openldap-server-2.1.23.tbz
$ pkg_add ftp://ftp2.jp.freebsd.org/pub/FreeBSD/releases/i386/5.2.1-RELEASE/packages/net/nss_ldap-1.204_2.tbz
$ pkg_add ftp://ftp2.jp.freebsd.org/pub/FreeBSD/releases/i386/5.2.1-RELEASE/packages/security/pam_ldap-1.6.5.tbz
次回に続く
5.2 - 505SX - LDAPでログイン.1 - pam_ldap-1.7.1_1/nss_ldap-204 More ログイン