<HTML ><HEAD ><TITLE >pam_ldap $B$H(B nss_ldap $B$r;H$C$?(B LDAP $BG'>Z(B</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.54"><LINK REL="HOME" TITLE="LDAP Implementation HOWTO" HREF="index.html"><LINK REL="PREVIOUS" TITLE="$B35MW(B" HREF="overview.html"><LINK REL="NEXT" TITLE="LDAP $B$r;H$C$?(B Radius $BG'>Z(B" HREF="radius.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" ><DIV CLASS="NAVHEADER" ><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >LDAP Implementation HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="overview.html" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="radius.html" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="PAMNSS" >2. pam_ldap $B$H(B nss_ldap $B$r;H$C$?(B LDAP $BG'>Z(B</A ></H1 ><P >$B$3$N>O$O(B LDAP $B$r(B NIS $B$NBeMQIJ$H$7$F%f!<%6%+%&%s%H$N4IM}$K(B $B;H$&J}K!$K>GE@$r9g$o$;$^$9!#$?$/$5$s$N%f!<%6%"%+%&%s%H$r4v$D$+$N(B $B%[%9%H$KJ,;6$7$F;}$C$F$$$k$H!"%"%+%&%s%H@_Dj$KIT@09g$,@8$8$k$3$H$,(B $B$h$/$"$j$^$9!#(BLDAP $B$r;H$($P!"=8CfG'>Z%7%9%F%`$r9=C[$9$k$3$H$K$h$C$F(B $B%G!<%?$N=EJ#$rHr$1$?$j0l4S@-$rA}$7$?$j$9$k$3$H$,$G$-$^$9!#(B</P ><P >$B8=;~E@$G$O!"%f!<%6$N%"%+%&%s%H%G!<%?$dB>$N>pJs$r(B $B%M%C%H%o!<%/7PM3$G6!5k$9$k$?$a$K:G$b$h$/;H$o$l$F$$$kJ}<0$O(B Network Information Service (NIS) $B$G$9!#(BLDAP $B$HF1MM$K!"(BNIS $B$b(B $BCf1{%5!<%P$K(B passwd, shadow, groups, services, hosts $BEy!9$N(B $B@_Dj%U%!%$%k$rJ]4I$7$FCV$1$k$h$&$K$9$k%5!<%S%9$G$9!#(B NIS $B%5!<%P$O(B NIS $B%/%i%$%"%s%H$+$iLd$$9g$o$;$r<u$1$F!"(B $B$3$&$7$?>pJs$rDs6!$7$^$9!#(B</P ><P >LDAP $B$O(B NIS $B$HF1$85!G=$rDs6!$G$-!"(B $B$5$i$K4v$D$+!"(BLDAP $B$NJ}$,M%$l$F$$$kE@$,$"$j$^$9!#0J2<$N$H$*$j$G$9!#(B</P ><P ></P ><UL ><LI ><P >LDAP $B%5!<%P>e$N>pJs$O!"MF0W$KJ#?t$NMQES$KMxMQ$G$-$^$9!#$3$N(B HOWTO $B$G(B $B35@b$7$F$$$k$h$&$K!"(BLDAP $B%G!<%?%Y!<%9>e$NF1$8%f!<%6%(%s%H%j$O!"EEOCD"!"(B $BM9JXG[C#!"It0wL>Jm$J$I$N$h$&$JB>$N%"%W%j%1!<%7%g%s$K;H$($k$N$G!"%G!<%?(B $B$N=EJ#$dL7=b$rHr$1$k$3$H$,$G$-$^$9!#(B</P ></LI ><LI ><P >LDAP $B$OJ#;($J%"%/%;%9%3%s%H%m!<%k%j%9%H$r(B $B%G!<%?%Y!<%9$KE,MQ$G$-$^$9!#$3$l$O%G!<%?%Y!<%9$N(B $B%(%s%H%j$KBP$9$k%Q!<%_%C%7%g%s$NE,@Z$JHyD4@0$r2DG=$K$7$^$9!#(B</P ></LI ><LI ><P >Secure Socket Layer (SSL) $B$rDL$9$3$H$K$h$C$F!"(BLDAP $B%5!<%P$H%/%i%$%"%s%H$N4V$K%;%-%e%"$JE>Aw7PO)$r<BAu$G$-$^$9!#(B</P ></LI ><LI ><P >slapd $B%l%W%j%1!<%7%g%s(B <A NAME="AEN115" HREF="#FTN.AEN115" >[1]</A > $B$*$h$S(B DNS round robin query ($B$3$l$OK\J8=q$G$O07$$$^$;$s$,(B) $B$r;H$C$F!"BQ8N>c2=%5!<%S%9$r<BAu$9$k$3$H$,$G$-$^$9(B ($BLuCm!'(BDNS round robin query $B$OBQ8N>c2=$K$J$i$J$$$N$G$O$J$$$+!"(B $B$H$$$&Js9p$,$"$C$FCx<T$K3NG'$7$?$H$3$m!"(B $B!V:G=i$N(B DNS $B%5!<%P$X$N@\B3$,5qH]$5$l$?$H$-$KB>$N%5!<%P$X$N@\B3$r;n9T$9$k$+$O(B $B%/%i%$%"%s%H$K0MB8$9$k!W$H$N2sEz$rF@$^$7$?(B)$B!#(B</P ></LI ><LI ><P >$B%M%C%H%o!<%/>e$N%f!<%6%"%+%&%s%H$r0l2U=j$K=8$a$F$*$/$3$H$O!"(B $B$R$H$D$N4IM}>l=j$+$i$?$/$5$s$N%[%9%H$N%f!<%6$rJ]<i4IM}$9$k=u$1$K$J$j$^$9(B ($B$D$^$j!"(BLDAP $B%5!<%P$G%"%+%&%s%H$r:n@.$*$h$S:o=|$9$l$P!"(B $B$=$NJQ99E@$,B(:B$K(B LDAP $B%/%i%$%"%s%H$+$i3hMQ$G$-$k$h$&$K$J$k$N$G$9(B)$B!#(B</P ></LI ></UL ><P >$B$3$3$G!"(BPluggable Authentication Module (PAM) $B$H(B Name Service Switch (NSS) $B%F%/%N%m%8$rHw$($?%7%9%F%`>e$G(B LDAP $B%5!<%P$,$I$N$h$&$KG'>Z$HG'2D$N$?$a$K;H$($k$+(B $B$K>GE@$r9g$o$;$k$3$H$K$7$^$9!#FC$K(B Linux $B%*%Z%l!<%F%#%s%0(B $B%7%9%F%`$K8@5Z$9$k$D$b$j$G$9$,!"$=$N@bL@$,B>$N%*%Z%l!<%F%#%s%0(B $B%7%9%F%`$KE,MQ$G$-$J$$$H$$$&$o$1$G$O$"$j$^$;$s!#(B</P ><P >$B$3$3$G<h$j>e$2$k4D6-$G$O#1Bf$N(B LDAP $B%5!<%P$,$"$j!"$3$3$K(B $B%f!<%6%"%+%&%s%H%G!<%?$,07$$$d$9$$7A<0$G3JG<$5$l$^$9!#(BUn*x $B%/%i%$%"%s%H(B $B$O!"$3$N>pJs$r;H$C$FI8=`$N(B Un*x $B$NN.57$G$NG'>Z$H%j%=!<%9$KBP$9$k(B $BG'2D$r9T$$$^$9!#(B</P ><P >$B%/%i%$%"%s%H!?%5!<%PDL?.$K$O!"%;%-%e%"$J7PO)$bMW5a$5$l$^$9!#(B $B$H$$$&$N$b!"%f!<%6%"%+%&%s%H$N%G!<%?$N$h$&$K(B $B%/%j%F%#%+%k$J>pJs$O!"(B $B%M%C%H%o!<%/>e$KFbMF$,L@Gr$J$^$^Aw?.$9$Y$-$G$O$J$$$+$i$G$9!#(B $B$3$N%;%-%e%"$J7PO)$O(B Secure Socket Layer $B$K$h$C$FHw$($i$l$^$9!#(B</P ><P >$B%/%i%$%"%s%HB&$G$O%-%c%C%7%e5!9=$r@-G=>e$NLdBj$+$i(B $BI,MW$H$7$^$9$,!"$3$l$O(B Name Service Caching Daemon $B$K$h$C$F(B $BHw$($k$3$H$,$G$-$^$9!#(B</P ><P >$B$3$N%7%9%F%`$r9=C[$9$k$N$K;H$&%=%U%H%&%'%"$N(B ($B$[$\(B) $B$9$Y$F$,%*!<%W%s%=!<%9$G$9!#(B</P ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN124" >2.1. $B9=@.MWAG(B</A ></H2 ><P >$B$3$N@a$G$O!"G'>Z%7%9%F%`$r9=C[$9$k$?$a$K;H$o$l$k<o!9$N9=@.MWAG$r(B $B35@b$7$^$9!#3FMWAG$r4JC1$K@bL@$7$F$$$-$^$9!#(B</P ><DIV CLASS="SECT3" ><H3 CLASS="SECT3" ><A NAME="AEN127" >2.1.1. $BG'>Z(B $B!=(B PAM $B$H(B pam_ldap.so</A ></H3 ><P >Pluggable Authentication Module $B$O!"I8=`(B UNIX, RSA, DCE, LDAP $B$H$$$C$?<o!9$NG'>Z5;=Q$H(B login, passwd, rlogin, su, ftp, ssh $BEy!9$N%7%9%F%`%5!<%S%9$H$NE}9g$r2DG=$K$7!"$7$+$b$3$l$i$N%5!<%S%9(B $B$rJQ99$9$kI,MW$,$"$j$^$;$s!#(B</P ><P >$B:G=i$O(B Sun Solaris $B$K<BAu$5$l$?$N$G$9$,!":#$d(B PAM $B$O(B RedHat $B$d(B Debian $B$r4^$`B?$/$N(B Linux $B%G%#%9%H%j%S%e!<%7%g%s$G!"(B $BG'>Z$NOHAH$_$NI8=`E*$J$b$N$H$J$C$F$$$^$9!#(B $B$3$l$K$h$C$F6!5k$5$l$k(B API $B$rDL$7$F!"G'>Z$NMW5a$,%F%/%N%m%8FCM-$NF0:n(B ($B$3$l$O(B PAM $B%b%8%e!<%k$H8F$P$l$k%i%$%V%i%j$K$h$C$F<BAu$5$l$F$$$^$9(B) $B$K(B $B3d$jEv$F$i$l$^$9!#(B $B$3$N3d$jEv$F$O(B PAM $B@_Dj%U%!%$%k$G9T$J$o$l$^$9!#4pK\E*$K$3$N%U%!%$%k$NCf$G!"(B $B3F%5!<%S%9$KMQ$$$kG'>Z5!9=$,M?$($i$l$k$3$H$K$J$j$^$9!#(B</P ><P >$B:#2s$N>l9g$O!"(Bpam_ldap.so $B6&M-%i%$%V%i%j$G<BAu$5$l$k(B pam_ldap $B%b%8%e!<%k$K$h$C$F!"%f!<%6$H%0%k!<%W$NG'>Z$K(B LDAP $B%5!<%S%9$r(B $B;H$($k$h$&$K$7$^$9!#(B</P ><P >$BG'>Z@_Hw$rI,MW$H$9$k%5!<%S%9$O$=$l$>$l!"(B PAM $B@_Dj%U%!%$%k$rDL$7$F!"0[$J$kG'>ZJ}<0$r;H$&$h$&$K(B $B@_Dj$G$-$^$9!#$3$l$O$D$^$j!"(BPAM $B@_Dj%U%!%$%k$r;H$C$F!"(B $B%f!<%6$,%j%=!<%9$X$N%"%/%;%9$rF@$k$?$a$KK~$?$5$J$/$F$O$J$i$J$$(B $BMW5a;v9`$N0lMwI=$r=q$/$3$H$,$G$-$k$H$$$&0UL#$G$9!#(B</P ></DIV ><DIV CLASS="SECT3" ><H3 CLASS="SECT3" ><A NAME="AEN133" >2.1.2. Name Service Switch $B$H(B nss_ldap.so</A ></H3 ><P >$B$$$C$?$s%f!<%6$,G'>Z$5$l$F$+$i$b!"B?$/$N%"%W%j%1!<%7%g%s$O(B $B%f!<%6>pJs$X$N%"%/%;%9$rI,MW$H$7$^$9!#$3$N>pJs$OEAE}E*$K$O(B $B%F%-%9%H%U%!%$%k(B (<TT CLASS="FILENAME" >/etc/passwd</TT >, <TT CLASS="FILENAME" >/etc/shadow</TT >, <TT CLASS="FILENAME" >/etc/group</TT >) $B$KF~$l$i$l$F$$$^$9$,!"B>$N%M!<%`%5!<%S%9$K$h$C$F6!5k$9$k$3$H$b$G$-$^$9!#(B</P ><P >$B?7$7$$%M!<%`%5!<%S%9(B ($B$?$H$($P(B LDAP) $B$,F3F~$5$l$k$K$D$l!"(B $B$3$N$h$&$J>pJs<hF@$N<BAu$O!"(B (NIS $B$d(B DNS $B$N$h$&$K(B) C $B%i%$%V%i%jFb!"$^$?$O(B $B$=$N?7$7$$%M!<%`%5!<%S%9$r;H$$$?$$%"%W%j%1!<%7%g%sFb$N!"(B $B$I$A$i$G$b2DG=$H$J$C$F$7$^$$$^$7$?!#(B</P ><P >$B$$$:$l$K$7$F$b!"$3$&$$$C$?$3$H$O!"6&DL$NHFMQE*$J%M!<%`%5!<%S%9(B API $B$r;H$C$F!"3F%F%/%N%m%8$K4p$E$/F0:n$G%5!<%S%9$+$i>pJs$rF@$k(B $B%i%$%V%i%j72$K$=$l$rMW5a$9$k$3$H$K$9$l$PHr$1$i$l$^$9!#(B</P ><P >GNU C Library $B$O(B <EM >Name Service Switch</EM > $B$r<BAu$7$F(B $B>e5-$r2r7h$7$^$7$?!#(B $B$3$l$O(B Sun C library $B$K5/8;$r;}$A!"(B $B6&DL$N(B API $B$rDL$7$F<o!9$N%M!<%`%5!<%S%9$+$i>pJs$rF@$i$l$k$h$&$K(B $B$9$kJ}K!$G$9!#(B</P ><P >NSS $B$O6&DL$N(B API $B$H@_Dj%U%!%$%k(B (<TT CLASS="FILENAME" >/etc/nsswitch.conf</TT >) $B$r;HMQ$7$^$9!#(B $B$3$N@_Dj%U%!%$%kFb$G!"%5%]!<%H$9$k%G!<%?%Y!<%9Kh$K!"(B $B$=$N%5!<%S%9$rDs6!$9$k%i%$%V%i%j$r;XDj$7$^$9!#(B</P ><P >$B8=:_(B NSS $B$K$h$C$F%5%]!<%H$5$l$F$$$k(B <A NAME="AEN146" HREF="#FTN.AEN146" >[2]</A > $B%G!<%?%Y!<%9$O(B $B!=(B</P ><P ></P ><UL ><LI ><P >aliases $B!=(B $B%a!<%k%(%$%j%"%9!#(B</P ></LI ><LI ><P >ethers $B!=(B $B%$!<%5%M%C%H$NHV9f$N%G!<%?!#(B</P ></LI ><LI ><P >group $B!=(B $B%f!<%6$N%0%k!<%W!#(B</P ></LI ><LI ><P >hosts $B!=(B $B%[%9%H$NL>A0$HHV9f$N%G!<%?!#(B</P ></LI ><LI ><P >netgroup $B!=(B $B%M%C%H%o!<%/A4BN$N%[%9%H$H%f!<%6$N0lMw!#(B</P ></LI ><LI ><P >network $B!=(B $B%M%C%H%o!<%/$K4X$9$kL>A0$HHV9f$N%G!<%?!#(B</P ></LI ><LI ><P >protocols $B!=(B $B%M%C%H%o!<%/$N%W%m%H%3%k!#(B</P ></LI ><LI ><P >passwd $B!=(B $B%f!<%6$N%Q%9%o!<%I!#(B</P ></LI ><LI ><P >rpc $B!=(B Remote Procedure Call $B$K4X$9$kL>A0$HHV9f$N%G!<%?!#(B</P ></LI ><LI ><P >services $B!=(B $B%M%C%H%o!<%/%5!<%S%9!#(B</P ></LI ><LI ><P >shadow $B!=(B $B%f!<%6$N%7%c%I%&%Q%9%o!<%I!#(B</P ></LI ></UL ><P >nss_ldap $B6&M-%i%$%V%i%j$r;H$($P!"(BLDAP $B$rMQ$$$F>e5-$N3d$jEv$F$r(B $B<BAu$9$k$3$H$,$G$-$^$9!#$[$s$H$&$O>e5-$9$Y$F$N3d$jEv$F$,<BAu$G$-$k$N$G$9(B $B$1$l$I$b!"$3$3$G$O(B shadow, passwd, group $B%G!<%?%Y!<%9$N(B LDAP $B<BAu(B $B$K$N$_>GE@$r9g$o$;$k$3$H$K$7$^$9!#(B</P ></DIV ><DIV CLASS="SECT3" ><H3 CLASS="SECT3" ><A NAME="AEN172" >2.1.3. Lightweight Directory Access Protocol</A ></H3 ><P >$B:#2s$N%"%W%j%1!<%7%g%s$G$O!"%f!<%6%"%+%&%s%H$H(B $B%f!<%6%0%k!<%W$K4X$9$k>pJs$r%/%i%$%"%s%H$K6!5k$9$k$?$a$K(B LDAP $B$,;HMQ$5$l$^$9!#(B $B%f!<%6$H%0%k!<%W$rI=$o$9$N$KMQ$$$i$l$kI8=`E*$J(B objectclass $B$O(B top, posixAccount, shadowAccount, posixGroup $B$G$9!#(B</P ><P >$B%G!<%?%Y!<%9>e$N%f!<%64XO"$N%(%s%H%j$O>/$J$/$H$b(B <A NAME="AEN176" HREF="#FTN.AEN176" >[3]</A > top, posixAccount, shadowAccount $B$N(B objectclass $B$KB0$7$F$$$J$/$F$O$J$j$^$;$s!#%0%k!<%W%(%s%H%j$O(B top $B$H(B posixGroup $B$N(B objectclass $B$KB0$7$F$$$J$/$F$O$J$j$^$;$s!#(B</P ><P >$B:#2sMxMQ$9$k(B pam_ldap $B$H(B nss_ldap $B$N<BAu$,$3$N(B objectclass $B$r;2>H$9$k$+$i$G$9!#$3$N(B objectclass $B$O(B RFC 2307 $B$K5-=R$5$l$F$$$k$b$N$G$9!#(B</P ><DIV CLASS="NOTE" ><BLOCKQUOTE CLASS="NOTE" ><P ><B >Note: </B >$B<B:]$K$O!"(BLDAP $BHG(B NSS $B$O$3$3$GNc<($7$J$+$C$?(B objectclass $B$bG'<1$7$^$9!#(B</P ></BLOCKQUOTE ></DIV ></DIV ><DIV CLASS="SECT3" ><H3 CLASS="SECT3" ><A NAME="AEN181" >2.1.4. Name Service Caching Daemon</A ></H3 ><P >Name Service Caching Daemon (NSCD) $B$O%M!<%`%5!<%S%9$K$h$k(B $BL>A02r7h$N7k2L$r%-%c%C%7%e$9$k$?$a$K;H$o$l!"(B NSS $B$K$h$C$FDs6!$5$l$k%5!<%S%9$N@-G=$r8~>e$G$-$^$9!#(B</P ><P >$B%/%i%$%"%s%HB&$,5vMF$G$-$k@-G=$rF@$k$?$a$K!"(B passwd $B%(%s%H%j$N$?$a$KBg$-$J%-%c%C%7%e$r@_Dj$7$J$/$F$O$J$j$^$;$s!#(B</P ></DIV ><DIV CLASS="SECT3" ><H3 CLASS="SECT3" ><A NAME="AEN185" >2.1.5. Secure Socket Layer</A ></H3 ><P >$B>\:Y$K$D$$$F$O(B <A HREF="ssl.html" >Section 10</A > $B$r;2>H$7$F$/$@$5$$!#(B</P ><P >LDAP $B%5!<%P$H%/%i%$%"%s%H%i%$%V%i%j(B (pam_ldap.so $B$d(B nss_ldap.so) $B4V$NDL?.$K$O(B SSL $B$,I,MW$G$9!#=EMW$J%G!<%?!"(B $B$?$H$($P%Q%9%o!<%I%(%s%H%j$J$I$O!"%/%i%$%"%s%H$H%5!<%P$H$N4V$G(B $B0E9f2=$5$l$F$$$kI,MW$,$"$k$+$i$G$9!#(BSSL $B$O$^$?!"%/%i%$%"%s%H$,%5!<%P$r(B $BFCDj$9$k$3$H$r2DG=$K$7$^$9$+$i!"$3$l$K$h$C$F!"IT3N$+$J>pJs8;$+$i(B $BG'>Z>pJs$rF@$k$H$$$&$3$H$rHr$1$i$l$^$9!#(B</P ><P >$B%/%i%$%"%s%HG'>Z(B ($B%5!<%P$,%/%i%$%"%s%H$r<1JL$9$k5!G=(B) $B$O8=:_$N(B pam_ldap $B$*$h$S(B nss_ldap $B%b%8%e!<%k$N<BAu$G$O(B $B%5%]!<%H$5$l$F$$$^$;$s!#$-$C$HM-MQ$J$N$G$7$g$&$1$l$I$b!#(B</P ></DIV ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN191" >2.2. $BG'>Z%7%9%F%`$N9=C[(B</A ></H2 ><P >$B$3$N>O$G$O!"A0>O$K5-$5$l$F$$$k9=@.MWAG$rMQ$$$?G'>Z%7%9%F%`$r(B $B9=C[$9$k$?$a$KI,MW$J<j=g$r@bL@$7$^$9!#(B</P ><DIV CLASS="FIGURE" ><P ><B >Figure 1. PAM $B$NG[CV?^(B</B ></P ><DIV CLASS="MEDIAOBJECT" ><P ><IMG SRC="PAMlayout.gif" ALT="PAM $B$N;kE@$+$i8+$?!"G'>Z%7%9%F%`3FIt$N4V$N4X78(B " ></IMG ></P ></DIV ></DIV ><DIV CLASS="FIGURE" ><P ><B >Figure 2. NSS $B$NG[CV?^(B</B ></P ><DIV CLASS="MEDIAOBJECT" ><P ><IMG SRC="NSSlayout.gif" ALT="NSS $B$N4QE@$+$i$N!"G'>Z%7%9%F%`$N3FIt4V$N4X78(B " ></IMG ></P ></DIV ></DIV ><P >$B$3$NG[CV?^$O!"<+J,$G<BAu$9$k$K$O$H$F$bJ#;($K(B $B8+$($k$+$b$7$l$^$;$s!#$1$l$I$b$[$H$s$I$NMWAG$O$9$G$K(B Linux $B$N%7%9%F%`Fb$KF~$C$F$7$^$C$F$$$^$9!#(B</P ><DIV CLASS="SECT3" ><H3 CLASS="SECT3" ><A NAME="AEN209" >2.2.1. $B%5!<%PB&(B</A ></H3 ><P >$B%5!<%PB&$K$*$$$F$O!"(BLDAP $B%5!<%P$,%$%s%9%H!<%k$5$l!"$+$D(B $B@_Dj$5$l$F$$$J$/$F$O$J$j$^$;$s!#$3$3$G;H$&(B LDAP $B%5!<%P$O(B OpenLDAP $B$H$$$&(B $B%*!<%W%s%=!<%9$N(B LDAP $B%D!<%k%-%C%H$G!"(BLDAP $B%5!<%P(B (slapd) $B$H(B $B%i%$%V%i%j$H%f!<%F%#%j%F%#$r4^$s$G$$$^$9!#(B</P ><P >$B8=;~E@$N(B OpenLDAP $B$K$O(B LDAP $B$N<BAu$,$U$?$D$"$j$^$9!#(B V2 $B$N<BAu(B (OpenLDAP 1.2.x) $B$H(B V3 $B$N<BAu(B (OpenLDAP 2.0.x) $B$G$9!#(B</P ><P >V3 $B$N<BAu$OK\BN$G(B SSL $B5!G=$rDs6!$7$^$9$,!"(BV2 $B$ODs6!$7$^$;$s!#(B $B$H$O$$$(!"(BV2 $B$N%5!<%P$K$b(B SSL $B%i%C%Q$r;H$($k$N$G(B SSL $B5!G=$rDI2C$G$-$^$9(B (<A HREF="ssl.html" >Section 10</A > $B$r;2>H(B)$B!#(B</P ><DIV CLASS="SECT4" ><H4 CLASS="SECT4" ><A NAME="AEN215" >2.2.1.1. OpenLDAP $B$N%$%s%9%H!<%k$H@_Dj(B</A ></H4 ><P >LDAP $B$N%$%s%9%H!<%k$H@_Dj$N<j=g$O!"(B LDAP-HOWTO $B$r;29M$K$G$-$^$9!#(B</P ><P >slapd $B$,E,@Z$K@_Dj$5$l$?$i!"(B $B%G!<%?%Y!<%9$N=i4|@8@.$N$?$a$K%G!<%?$rF~$l$kI,MW$,$"$j$^$9!#(B $B$=$3$G!"(BLDIF (LDAP Data Interchange Format) $B%U%!%$%k$r(B $B:n$i$J$/$F$O$J$j$^$;$s!#$3$l$O%F%-%9%H%U%!%$%k$G!"(B $B0J2<$N%3%^%s%I$K$h$C$F(B LDAP $B%G!<%?%Y!<%9$K%$%s%]!<%H$5$l$^$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >#ldif2ldbm -i your_file.ldif </PRE ></FONT ></TD ></TR ></TABLE ></P ><DIV CLASS="NOTE" ><BLOCKQUOTE CLASS="NOTE" ><P ><B >Note: </B >ldif2ldbm $B$O(B OpenLDAP 1.2.x $B%Q%C%1!<%8$G(B $BDs6!$5$l$k$N$G!"(BOpenLDAP 2.0.x $B$r;H$&$N$G$"$l$P(B <TT CLASS="FILENAME" >ldapadd</TT > $B%3%^%s%I$r(B ($B%5!<%P5/F08e$K(B) $B;H$&$Y$-$G$9(B ($BLuCm!'(B2.0.x $B$G(B ldif2ldbm $B$KAjEv$9$k$N$O(B slapadd $B$@$H$$$&;XE&$r(B $B0pCOMM$+$i$$$?$@$-$^$7$?!#%5!<%PDd;_Cf$K(B <B CLASS="COMMAND" >slapadd -l your_file.ldif</B >$B$H$9$kJ}$,B.$/$F4JC1$i$7$$$G$9(B)$B!#(B</P ></BLOCKQUOTE ></DIV ><P >OpenLDAP 2.0.x (LDAPv3) $B$r;H$&$N$G$"$l$P!"I8=`E*$J(B NIS $B%9%-!<%^$,(B <TT CLASS="FILENAME" >/etc/openldap/schema/nis.schema</TT > $B$H$$$&%U%!%$%k$K(B $BF~$C$F$$$^$9$+$i!"$=$l$r<+J,$N(B <TT CLASS="FILENAME" >slapd.conf</TT > $B$G(B include $B%G%#%l%/%F%#%V$K$h$C$F%9%-!<%^$rM-8z$K$7$F$/$@$5$$!#(B</P ><P >$B0J2<$K(B LDIF $B%U%!%$%k$N:G$b4JC1$JNc$r5s$2$^$9!#(B $B3F%(%s%H%j$O6u9T$GJ,$1$i$l$F$$$^$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >dn:dc=yourorg, dc=com objectclass: top objectclass: organizationalUnit dn:ou=groups, dc=yourorg, dc=com objectclass: top objectclass: organizationalUnit ou: groups dn:ou=people, dc=yourorg, dc=com objectclass: top objectclass: organizationalUnit ou: people dn: cn=Giuseppe LoBiondo, ou=people, dc=yourorg, dc=com cn: Giuseppe Lo Biondo sn: Lo Biondo objectclass: top objectclass: person objectclass: posixAccount objectclass: shadowAccount uid:giuseppe userpassword:{crypt}$1$ss2ii(0$gbs*do&@=)eksd uidnumber:104 gidnumber:100 gecos:Giuseppe Lo Biondo loginShell:/bin/zsh homeDirectory: /home/giuseppe shadowLastChange:10877 shadowMin: 0 shadowMax: 999999 shadowWarning: 7 shadowInactive: -1 shadowExpire: -1 shadowFlag: 0 dn: cn=mygroup, ou=groups, dc=yourorg, dc=com objectclass: top objectclass: posixGroup cn: mygroup gidnumber: 100 memberuid: giuseppe memberuid: anotheruser</PRE ></FONT ></TD ></TR ></TABLE ></P ><DIV CLASS="NOTE" ><BLOCKQUOTE CLASS="NOTE" ><P ><B >Note: </B >$BD92a$.$k9T$O<!$N9T$r%?%V$+%9%Z!<%9(B ($B$$$:$l$+$r$R$H$D$@$1(B) $B$G;O$a$F(B $BB3$1$i$l$k$3$H$r3P$($F$*$$$F$/$@$5$$!#$3$l$OB>$N(B LDIF $B=q<0$N%U%!%$%k(B $B$K$bEv$F$O$^$j$^$9!#(B</P ></BLOCKQUOTE ></DIV ><P >$B$3$3$G$O2<ItAH?%$rFs$D;}$DAH?%$H$7$F!"(BDN $B$rDj5A$7$^$7$?!#(B <EM >dc=yourorg, dc=com</EM > $B$H$$$&AH?%$H$7$FDj5A$7$^$7$?$,!"$=$N2<$K!"$U$?$D$NAH?%%5%V%f%K%C%H(B $B!=(B people $B$H(B groups $B!=(B $B$,4^$^$l$F$$$^$9!#$=$7$F%f!<%6$O!"(Bpeople $BAH?%%f%K%C%H(B $B$H!"(Bgroups $BAH?%%f%K%C%H2<$N%0%k!<%W(B ($B$N$&$A!"%f!<%6$,=jB0$7$F$$$k$b$N!#(B $BLuCm!'(Bgiuseppe $B$N>l9g$O(B mygroup) $B$H$K=jB0$9$k$h$&5-=R$5$l$F$$$^$9!#(B</P ><DIV CLASS="NOTE" ><BLOCKQUOTE CLASS="NOTE" ><P ><B >Note: </B >$B4{B8$N%G!<%?%Y!<%9$r(B LDIF $B=q<0$KJQ49$9$k(B $BJXMx$J%D!<%k$,(B PADL $B$K$h$C$FDs6!$5$l$F$$$^$9!#$3$l$O(B<A HREF="ftp://ftp.padl.com/pub/MigrationTools.tar.gz" TARGET="_top" >ftp://ftp.padl.com/pub/MigrationTools.tar.gz</A > $B$H$$$&%"%I%l%9$K$"$j$^$9!#(B</P ></BLOCKQUOTE ></DIV ><P >LDIF $B%U%!%$%k$O!"%5!<%P$,F0:n$7$F$$$J$$$H$-$K(B $B%$%s%]!<%H$7$J$/$F$O$J$j$^$;$s!#(Bldif2ldbm $B%3%^%s%I$O(B LDAP $B%5!<%P$rDL$5$:$KD>@\%G!<%?%Y!<%9$r9=C[$9$k$+$i$G$9!#(B LDIF $B%U%!%$%k$r%G!<%?%Y!<%9$K%$%s%]!<%H$9$l$P!"(B $B%5!<%P$r5/F0$G$-$^$9!#(B</P ></DIV ></DIV ><DIV CLASS="SECT3" ><H3 CLASS="SECT3" ><A NAME="AEN239" >2.2.2. $B%/%i%$%"%s%HB&(B</A ></H3 ><P >$B%/%i%$%"%s%HB&$K$O(B pam_ldap.so $B$H(B nss_ldap.so $B$,I,?\$G!"$=$l$i$O(B Netscape LDAP Library (Mozilla) $B$r;H$C$F%3%s%Q%$%k$5$l$F$$$J$/$F$O$J$j$^$;$s!#(B $B$=$N%i%$%V%i%j$,6!5k$9$k(B LDAPS (LDAP over SSL) $B$N(B API $B$,MW5a$5$l$k$+$i$G$9!#$=$N%i%$%V%i%j$O%P%$%J%j%Q%C%1!<%8$G(B Netscape One License $B$N$b$H$KG[I[$5$l$F$*$j!"%*!<%W%s%=!<%9(B $B$G$O$"$j$^$;$s(B ($B$H$O$$$(%Q%V%j%C%/%I%a%$%s$G$O$"$j$^$9(B)$B!#(B</P ><P >$B$=$N%Q%C%1!<%8$r!"$?$H$($P(B <TT CLASS="FILENAME" >/usr/local/ldapsdk</TT > $B$H$$$&%G%#%l%/%H%jFb$KE83+$7$F$/$@$5$$!#(B</P ><P >$B$5$i$K!"%/%i%$%"%s%H%i%$%V%i%j$O>ZL@%G!<%?%Y!<%9$K%"%/%;%9$G$-(B $B$J$/$F$O$J$j$^$;$s!#$3$N%G!<%?%Y!<%9$K$O(B LDAP (stunnel) $B%5!<%P>ZL@=q$H!"(B $B$=$N%5!<%P>ZL@=q$K(B ($B!V?.MQ:Q$_(B <trusted>$B!W$H$7$F(B) $B=pL>$7$?(B CA $B$N(B CA $B>ZL@=q$H$,4^$^$l$F$$$J$1$l$P$J$j$^$;$s!#(B</P ><P >$B>ZL@%G!<%?%Y!<%9$O(B Netscape $B$N=q<0$N$b$N$G$J$1$l$P$J$j$^$;$s!#(B pam_ldap $B$H(B nss_ldap $B$r%3%s%Q%$%k$9$k$?$a$K;H$o$l$F$$$k(B Mozilla LDAP API $B$,(B Netscape $B$N=q<0$N>ZL@%G!<%?%Y!<%9$r;H$&$+$i$G$9!#(B</P ><P >$B$=$N$h$&$J>ZL@%G!<%?%Y!<%9$r07$&$K$O!"(BNetscape $B$,Ds6!$7$F$$$k(B PKCS#11 $B%Q%C%1!<%8Fb$K$"$k(B certutil $B$H$$$&%f!<%F%#%j%F%#$r;H$&$N$,JXMx$G$9(B <A NAME="AEN247" HREF="#FTN.AEN247" >[4]</A >$B!#(B</P ><P >LDAP $B%/%i%$%"%s%H$N<gMW$J@_Dj%U%!%$%k$O(B <TT CLASS="FILENAME" >/etc/ldap.conf</TT > $B$G$9!#(B</P ><P >$B$b$7(B nss_ldap $B$r;H$&$N$G$"$l$P!"87L)$K$O(B pam_ldap $B$N;HMQ$OI,MW$J$$$N$@(B $B$H$$$&$3$H$r3P$($F$*$$$F$/$@$5$$!#(B</P ><P >$B$=$N$+$o$j$K(B pam_unix_auth $B%b%8%e!<%k$r;H$($^$9!#(B $B$J$<$J$i(B nss_ldap $B$O$"$i$f$k(B getpw* $B$*$h$S(B getsh* $B%3!<%k$r(B LDAP $B;2>H$K3dEv$F!"(B pam_unix_auth $B$O%f!<%6G'>Z$K$3$N%3!<%k$rMxMQ$9$k$+$i$G$9!#(B ($BLuCm!'$3$3$K$D$$$F!"Cx<T$N(B Roel van Meer $BMM$+$i$NCm0U$r$$$?$@$-$^$7$?!#(B $BH`$O$=$NCf$G!"(BPAM $B$,G'>Z$K$N$_;H$o$l$k$3$H$H!"(B PAM $B$,(B NSS $B%i%$%V%i%j$G$O$J$/(BPAM $B%i%$%V%i%j$+$i>pJs$rF@$k$3$H$r;XE&$7!"(B $B!VG'>Z!W$K$O(B pam_ldap $B%b%8%e!<%k$,I,MW$@!"$H$*$C$7$c$C$F$$$^$7$?!#(B $B=$@5$5$l$k$O$:$J$N$G!"@53N$J>pJs$O86J8$N:G?7HG$K$"$?$C$F$/$@$5$$!#(B)</P ><DIV CLASS="SECT4" ><H4 CLASS="SECT4" ><A NAME="AEN253" >2.2.2.1. PAM LDAP $B$N%$%s%9%H!<%k$H@_Dj(B</A ></H4 ><P >pam_ldap $B$r%3%s%Q%$%k$7$F%$%s%9%H!<%k$9$k$K$O!"(B $B0J2<$N$h$&$K$7$F$/$@$5$$!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >$ ./configure --with-ldap-lib=netscape4 --with-ldap-dir=/usr/local/ldapsdk $ make # make install</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >configure $B$N(B --with-ldap-lib $B%*%W%7%g%s$O!"(B $B$I$N(B LDAP $B%i%$%V%i%j$r;H$*$&$H$7$F$$$k$+$r;XDj$7$^$9!#(B</P ><P >--with-ldap-dir $B%*%W%7%g%s$O!"$I$3$K(B Netscape ldapsdk $B%D!<%k%-%C%H$r%$%s%9%H!<%k$7$F$"$k$N$+$r;XDj$7$^$9!#(B</P ><P >$B$3$l$K$h$C$F(B <TT CLASS="FILENAME" >/lib/security/pam_ldap.so.1</TT > $B$H3F<o%7%s%\%j%C%/%j%s%/$,%$%s%9%H!<%k$5$l$^$9!#(B</P ><P >PAM $B$,?7$7$$G'>Z%7%9%F%`$K%"%/%;%9$G$-$k$h$&$K!"(B $BE,@Z$K@_Dj$5$l$J$/$F$O$$$1$^$;$s!#(BPAM $B@_Dj%U%!%$%k$O(B <TT CLASS="FILENAME" >/etc/pam.d</TT > $B$H$$$&%G%#%l%/%H%j$KG[CV$5$l!"(B $BG'>Z$,6!5k$5$l$k%5!<%S%9L>$K$7$?$,$C$FL>IU$1$i$l$F$$$^$9!#(B</P ><P >$B$?$H$($P0J2<$O(B login $B%5!<%S%9$N$?$a$N(B PAM $B@_Dj%U%!%$%k(B (<TT CLASS="FILENAME" >login</TT > $B$H$$$&L>A0$N%U%!%$%k(B) $B$G$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" > #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_unix_auth.so use_first_pass account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_unix_acct.so password required /lib/security/pam_cracklib.so password sufficient /lib/security/pam_ldap.so password required /lib/security/pam_unix_passwd.so use_first_pass md5 shadow session required /lib/security/pam_unix_session.so</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >PAM $B$G;H$&I8=`E*$J(B PAM $B@_Dj%U%!%$%k$O(B pam_ldap $B$N%=!<%9$N(B <TT CLASS="FILENAME" >pam_ldap-($B%P!<%8%g%s(B)/pam.d</TT > $B$H$$$&%G%#%l%/%H%j(B $B$NCf$K$"$j$^$9!#(B</P ><P >$B$3$NI8=`E*$J%U%!%$%k$O(B <TT CLASS="FILENAME" >/etc/pam.d</TT > $B%G%#%l%/%H%j$NCf$K(B $B%3%T!<$G$-$^$9!#$b$72?$+$*$+$7$J$3$H$r$7$F$7$^$&$H!"$*$=$i$/:F$S%m%0%$%s(B $B$G$-$J$/$J$C$F$7$^$&$N$G!"$3$NA`:n$r$9$k;~$OCm0U?<$/9T$C$F$/$@$5$$!#(B $B?7$7$$%U%!%$%k$r%$%s%9%H!<%k$9$kA0$K(B <TT CLASS="FILENAME" >/etc/pam.d</TT > $B$N%P%C%/%"%C%W$r$H$C$F$*$-!"(B $B$=$l$rI|5"$5$;$k8"8B$N$"$k%7%'%k$r3+$$$?$^$^$K$7$F$*$/$3$H$r$*4+$a$7$^$9!#(B</P ><DIV CLASS="NOTE" ><BLOCKQUOTE CLASS="NOTE" ><P ><B >Note: </B >$B$=$N%5%s%W%k$N(B <TT CLASS="FILENAME" >pam.d</TT > $B%G%#%l%/%H%j$K$O(B <TT CLASS="FILENAME" >sshd</TT > $B$H$$$&%U%!%$%k$,$"$j$^$;$s!#$=$N$?$a!"(B $B$=$l$r:n@.$7$J$1$l$P!"(Bpam $B$r;H$&(B ssh $B$r2p$7$F%m%0%$%s(B $B$G$-$^$;$s(B (OpenSSH $B$O(B PAM $B$r;HMQ$7$^$9(B)$B!#(B</P ></BLOCKQUOTE ></DIV ></DIV ><DIV CLASS="SECT4" ><H4 CLASS="SECT4" ><A NAME="AEN277" >2.2.2.2. NSS LDAP $B$N%$%s%9%H!<%k$H@_Dj(B</A ></H4 ><P >$B%=!<%9$rE83+$7$F$+$i!"(BMakefile $B$r3NG'$7$F$/$@$5$$!#$[$H$s$I$N@_DjFbMF$KBP$7$F$OJT=8$NI,MW$O$"$j$^$;$s!#(B $B$H$O$$$(!"(BSSL $B$r;H$$$?$$$N$G$"$l$P(B SSL $BBP1~$N(B LDAP $B%i%$%V%i%j(B $B!=(B $B$?$H$($P(B Netscape $B$N$b$N(B $B!=(B $B$r%j%s%/$7$J$/$F$O$J$j$^$;$s!#(B</P ><P >LDAP $B$N(B SDK $B$,(B <TT CLASS="FILENAME" >/usr/local/ldapsdk</TT > $BFb$K$"$k$H$9$l$P!"(BSSL $B$rM-8z$K$9$k$K$O!"(BMakefile $B$r=$@5$7$J$1$l$P$J$j$^$;$s!#(B $B$=$N=$@5FbMF$O!"(B<TT CLASS="FILENAME" >Makefile.linux.mozilla</TT > $BFb$G(B NSFLAGS $B$rC5$7$F!"%3%a%s%H$K$J$C$F$$$k(B -DSSL $B$rM-8z$K$9$k$3$H$G$9!#(B</P ><P >$B$5$i$K(B LIBS $B$NDj5A$r8+$F!"$=$N%U%!%$%kFb$G;XDj$5$l$F$$$k(B ldapssl $B%i%$%V%i%j$,!"<+J,$N%$%s%9%H!<%k$7$F$"$k$b$N$HF1$8$+$I$&$+(B $B$r3NG'$7$F$/$@$5$$(B (ldap_nss.so $B$O(B libldapssl40 $B$H(B libldapssl30 $B$NN>J}$K%j%s%/$7$F%3%s%Q%$%k$5$l$^$9(B)$B!#(B</P ><P >$B$=$N8e!"%i%$%V%i%j$r%$%s%9%H!<%k$G$-$^$9(B $B!=(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >$ make -f Makefile.linux.mozilla # make -f Makefile.linux.mozilla install #ldconfig </PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B$3$l$K$h$C$F(B <TT CLASS="FILENAME" >/lib/libnss_ldap.so</TT > $B$,%$%s%9%H!<%k$5$l$^$9!#$3$l$,(B nss_ldap $B%i%$%V%i%j$G$9!#(B $B$=$7$F(B <TT CLASS="FILENAME" >/etc/nsswitch.ldap</TT > $B$H(B <TT CLASS="FILENAME" >/etc/ldap.conf</TT > $B$H$,$^$@B8:_$7$F$J$$>l9g$K$O!"%5%s%W%k$N@_Dj%U%!%$%k$H$7$F%$%s%9%H!<%k$5$l$^$9!#(B</P ><P >$B%$%s%9%H!<%k$7$?$i!"$=$N(B NSS $B@_Dj%U%!%$%k(B <TT CLASS="FILENAME" >/etc/nsswitch.conf</TT > $B$rJT=8$7$J$/$F$O$J$j$^$;$s!#(B LDAP $B$O$"$i$f$k%5!<%S%9$KMQ$$$k$3$H$,$G$-$k$N$G$9$,!":#2s$O(B passwd, group, shadow $B$K$N$_;HMQ$7$^$9!#$3$N>l9g!"@_Dj%U%!%$%k$NKAF,$K(B $B0J2<$N$h$&$J$3$H$r=q$$$F$*$/$Y$-$G$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" > passwd: files ldap group: files ldap shadow: files ldap</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B$3$N@_Dj$@$H%(%s%H%j$O!"$^$:%7%9%F%`%U%!%$%kFb$GC5$5$l$F!"(B $BCM$,JV$C$F$3$J$+$C$?$J$i(B LDAP $B%5!<%P$KLd$$9g$o$;$i$l$^$9!#(B</P ><DIV CLASS="NOTE" ><BLOCKQUOTE CLASS="NOTE" ><P ><B >Note: </B >LDAP $B$r(B DNS $BLd$$9g$o$;$N%P%C%/%(%s%I(B $B$H$7$F;H$&$H$-$K$OCm0U$7$F$/$@$5$$!#(BDNS $B$,$=$N%5!<%P$N%[%9%HL>$r(B $B2r7h$G$-$J$$$H!"L58B%k!<%W$KF~$C$F$7$^$&$N$G$9!#(B $B$J$<$J$i(B libldap $B<+BN$,(B gethostbyname() $B$r%3!<%k$9$k$+$i$G$9!#(B (nsswitch.ldap $BFb$N5-=R$h$j(B)</P ></BLOCKQUOTE ></DIV ></DIV ><DIV CLASS="SECT4" ><H4 CLASS="SECT4" ><A NAME="AEN298" >2.2.2.3. NSCD $B$N@_Dj(B</A ></H4 ><P >NSCD $B$OB?$/$N(B Linux $B%G%#%9%H%j%S%e!<%7%g%s$K$O(B $B:G=i$+$iF~$C$F$$$^$9!#F~$C$F$$$J$/$F$b(B GNU C $B%i%$%V%i%j$N(B $B%Q%C%1!<%8Fb$K$"$j$^$9!#(B</P ><P >NSCD $B$N@_Dj%U%!%$%k$O(B <TT CLASS="FILENAME" >/etc/nscd.conf</TT > $B$G$9!#3F9T$OB0@-$HCM!"$^$?$OB0@-$H%-%c%C%7%eL>$HCM$N$$$:$l$+$r;XDj$7$^$9!#(B $B$=$l$>$l$N%U%#!<%k%I$O%9%Z!<%9$+%?%V$G6h@Z$i$l$^$9!#%-%c%C%7%eL>$O(B hosts, passwd, groups $B$N$$$:$l$+$K$9$k$3$H$,$G$-$^$9(B ($B:#2s$O(B hosts $B$r%-%c%C%7%e$7$^$;$s(B)$B!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >enable-cache passwd yes positive-time-to-live passwd 600 negative-time-to-live passwd 20 suggested-size passwd 211 keep-hot-count passwd 20 check-files passwd yes enable-cache group yes positive-time-to-live group 3600 negative-time-to-live group 60 suggested-size group 211 keep-hot-count group 20 check-files group yes </PRE ></FONT ></TD ></TR ></TABLE ></P ><P >LDAP $B$+$iF@$?(B passwd $B%(%s%H%j$r(B NSCD $B%W%m%0%i%`$,(B $B%-%c%C%7%e$7$F$7$^$&$H$$$&$3$H$r?4$KLC5-$7$F$*$$$F$/$@$5$$!#(B</P ><P >$B$3$l$O$D$^$j!"(BLDAP $B%5!<%P>e$N%f!<%6>pJs$K<j$r2C$($?$H$-$K$b(B NSCD $B%-%c%C%7%e$OM-8z$J$^$^$@$H$$$&$3$H$G$9!#$3$NLdBj$O!"(B check-files $B%G%#%l%/%F%#%V$K$h$C$FDL>o$N(B UNIX $B%U%!%$%k$rMxMQ$9$l$PHr$1$i$l$^$9!#(B $B$3$l$OBP1~$9$k%U%!%$%k$,JQ99$5$l$?$H$-$K$O%-%c%C%7%e$rL58z$K$7$^$9!#(B $B$3$N$h$&$J;EAH$_$O0lHLE*$J$O$:$J$N$K!"8=;~E@$G(B LDAP $B$K$OE,MQ$5$l$^$;$s!#(BLDAP $B%5!<%P$H%-%c%C%7%e$N4V$NIT@09g$r(B $BHr$1$kJ}K!$O!"(Bpasswd $B%(%s%H%j$r99?7$7$?$H$-$K(B $B<!$N%3%^%s%I$rBG$C$F<+J,$G%-%c%C%7%e$rL58z$K$9$k$3$H$G$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >#nscd --invalidate=TABLE </PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B>e5-(B TABLE $B$N$H$3$m$O(B passwd, groups, hosts $B$N$$$:$l$+$K$J$j$^$9!#(B</P ><P >$B;nMQ;~$K$O!":.Mp$rHr$1$k$?$a(B NSCD $B$r;H$o$J$$$h$&$K$7$F$/$@$5$$!#(B</P ><P >$B$5$i$K8@$($P!"(BNSS $B$H(B NSCD $B$N;HMQ$OBgNL$N(B $B%U%!%$%k%G%9%/%j%W%?$r3+$$$F$7$^$$$^$9!#(B $B$=$N$?$a!"%7%9%F%`>e$N;H$($k%U%!%$%k%G%9%/%j%W%?$,(B $B4JC1$KITB-$7$F$7$^$$$^$9(B ($B$3$l$O%7%9%F%`$r%O%s%0$5$;$+$M$^$;$s(B)$B!#(B</P ><P >Linux $B%^%7%s(B ($B%+!<%M%k(B 2.2.x) $B$G$O!"(B $B<!$N$h$&$K$7$F%U%!%$%k%G%9%/%j%W%?$N>e8B$rA}$d$9$3$H$,$G$-$^$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" >#echo 16384 > /proc/sys/fs/file-max</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B?d>)$5$l$k%U%!%$%k%G%9%/%j%W%?>e8BCM$O!"$H$K$+$/(B $B$=$N%7%9%F%`$N9=@.$K0MB8$7$^$9!#(B</P ></DIV ><DIV CLASS="SECT4" ><H4 CLASS="SECT4" ><A NAME="AEN316" >2.2.2.4. LDAP $B%/%i%$%"%s%H$N@_Dj%U%!%$%k(B</A ></H4 ><P >LDAP $B%/%i%$%"%s%H$N@_Dj%U%!%$%k$G$"$k(B <TT CLASS="FILENAME" >/etc/ldap.conf</TT > $B$O!"B>$N(B LDAP $B%/%i%$%"%s%H$+$i$HF1MM!"(Bpam_ldap $B$d(B nss_ldap $B$+$i$bFI$^$l$^$9!#(B $B0J2<$O!"$=$N%U%!%$%k$,:#2s$N4D6-$G$O$I$N$h$&$K$J$C$F$$$k$Y$-$+$N0lNc$G$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" ># # @(#)$Id: ldap.conf,v 2.18 2001/03/28 23:35:00 lukeh Exp $ # $B$3$l$O(B LDAP NSS $B%i%$%V%i%j$H(B LDAP PAM $B%b%8%e!<%k$N$?$a$N@_Dj%U%!%$%k$G$9!#(B # PADL Software # http://www.padl.com # # $B$b$7$3$N%U%!%$%k$K(B host $B$b(B base $B$b$J$1$l$P!"$=$N$H$-$O(B # _ldap._tcp.[defaultdomain]. $B$H$$$&(B DNS RR $B$,2r7h$5$l$^$9!#(B # [defaultdomain] $B$O<1JLL>$K3d$jEv$F$i$l!"(B # $BL\I8$N%[%9%H$O%5!<%P$H$7$F;H$o$l$k$3$H$K$J$j$^$9!#(B # # $B<+J,$N(B LDAP $B%5!<%P$G$9!#(BLDAP $B$r;H$o$:$K2r7h$G$-$J$/$F$O$J$j$^$;$s!#(B host 192.111.111.111 # # $B8!:w%Y!<%9$N<1JLL>$G$9!#(B base dc=yourorg, dc=com # # $B;HMQ$9$k(B LDAP $B$N%P!<%8%g%s$G$9!#(B($B%G%U%)%k%H$O(B 2 $B$G$9$,!"(B # OpenLDAP 2.0.x $B$d(B Netscape Directory Server $B$r;H$&$J$i(B 3 $B$K$7$F$/$@$5$$(B) # ldap_version 3 # # $B%5!<%P$K%P%$%s%I$9$k<1JLL>$G$9!#(B # $B;XDj$OG$0U$G$9(B $B!=(B $B;XDj$7$J$1$l$PF?L>%P%$%s%I$G$9!#(B # binddn cn=manager,dc=padl,dc=com # # $B%P%$%s%I$9$k;q3J>ZL@$G$9!#(B # $B;XDj$OG$0U$G$9(B $B!=(B $B;XDj$7$J$1$l$P;q3J>ZL@$,ITMW$G$9!#(B #bindpw secret # # $B%]!<%H$G$9!#(B # $B;XDj$OG$0U$G$9(B $B!=(B $B;XDj$7$J$1$l$P(B 389 $B$G$9!#(B636 $B$O(B LDAPS $BMQ$G$9!#(B port 636 # # $B8!:w%9%3!<%W$G$9!#(B #scope sub #scope one #scope base # # $B0J2<$N%*%W%7%g%s$O(B nss_ldap $BFCM-$N$b$N$G$9!#(B # # $B<+J,$N(B libc $B$,;H$&%O%C%7%e$N%"%k%4%j%:%`$G$9!#(B # $B;XDj$OG$0U$G$9(B $B!=(B $B;XDj$7$J$1$l$P(B des $B$G$9!#(B #crypt md5 #crypt sha #crypt des # # $B0J2<$N%*%W%7%g%s$O(B pam_ldap $BFCM-$N$b$N$G$9!#(B # # uid=%s $B$K(B AND $B$9$k%U%#%k%?$G$9!#(B pam_filter objectclass=posixAccount # # $B%f!<%6(B ID $B$NB0@-$G$9!#(B($B%G%U%)%k%H$O(B uid) pam_login_attribute uid # # $B%Q%9%o!<%I%]%j%7!<$r%k!<%H(B DSE $B$G8!:w$7$^$9!#(B # (Netscape Directory Server $B$KM-8z$G$9(B) # ($BLuCm!'%k!<%H(B DSE $B$K$D$$$F$O(B Root Directory Server Specific Entry # $B$N$3$H$@$H$$$&Js9p$r$$$?$@$-$^$7$?!#Lu<T$OCN$j$^$;$s$G$7$?!#(B) #pam_lookup_policy yes # # $B$3$N%0%k!<%W$N%a%s%P$G$"$k$3$H$r6/MW$7$^$9!#(B #pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com # # $B%0%k!<%W%a%s%P$NB0@-$G$9!#(B pam_member_attribute memberuid # $B%F%s%W%l!<%H%m%0%$%s$NB0@-$H!"%G%U%)%k%H$N%F%s%W%l!<%H%f!<%6$G$9!#(B # ($B$3$l0JA0$N%f!<%6$N%(%s%H%jFb$NB0@-$G>e=q$-$G$-$^$9(B) #pam_login_attribute userPrincipalName #pam_template_login_attribute uid #pam_template_login nobody # # $B%m!<%+%k$K%Q%9%o!<%I$r%O%C%7%e$7$^$9!#(B # University of Michigan $BHG(B LDAP $B%5!<%P$KI,MW$H$5$l$^$9!#(B # $B$^$?!"$b$7(B UNIX-Crypt $B$N%O%C%7%e5!9=$r;HMQ$7$F$*$j!"(B # $B$+$D(B NT Synchronization ($BF14|(B) $B%5!<%S%9$r;HMQ$7$F$$$J$$$J$i$P(B # Netscape Directory Server $B$GM-8z$G$9!#(B pam_crypt local # # SSL $B$N@_Dj(B ssl yes sslpath /usr/local/ssl/certs</PRE ></FONT ></TD ></TR ></TABLE ></P ><DIV CLASS="NOTE" ><BLOCKQUOTE CLASS="NOTE" ><P ><B >Note: </B >$B$3$N%U%!%$%k$rFI$`$3$H$N$"$k<o!9$N%"%W%j%1!<%7%g%s(B $B$H$NLdBj$rHr$1$k$?$a$K!"%Q%i%a!<%?$HCM$H$N4V$K(B $B%?%V$r;H$o$:!"%9%Z!<%9$R$H$D$@$1$r;H$&$h$&$*4+$a$7$^$9!#(B</P ></BLOCKQUOTE ></DIV ><P >pam_groupdn $B%G%#%l%/%F%#%V$O(B LDAP $B%5!<%P$,(B $B0lO"$N%/%i%$%"%s%H$NG'>Z>pJs$r4IM}$7$F$$$k>l9g$K!"(B $B%f!<%6$,G'2D$5$l$k$N$r0lIt$N%/%i%$%"%s%H$@$1$K8BDj$7$?$$(B $B$H$-$KJXMx$G$9!#$3$N%G%#%l%/%F%#%V$O(B NIS $B$N(B netgroups $B$HF1$85!G=$r(B $BDs6!$9$k$3$H$,$G$-$k$N$G$9!#(B</P ><P >SSL $B@_Dj$K4X$9$k%G%#%l%/%F%#%V$O%Q%C%1!<%8Fb$GJ8=q2=(B $B$5$l$F$$$^$;$s$,!"(BSSL $B$rM-8z$K$7!"(BLDAP $B%5!<%P>ZL@=q$*$h$S(B CA $B>ZL@=q$r4^$`%U%!%$%k$,(B $B$I$3$K3JG<$5$l$F$$$k$+;XDj$7$^$9!#(B</P ><P >cert7.db $B$H$$$&L>A0$N(B Netscape $B>ZL@=q%G!<%?%Y!<%9$,(B sslpath $BFb$G8!:w$5$l$^$9!#$3$N%U%!%$%k$K$O%5!<%P>ZL@=q$H(B ($B$=$N%5!<%P>ZL@=q$,<+8J=pL>$G$J$$$+$.$j(B) CA $B>ZL@=q$H$r4^$s$G$$$J$1$l$P$J$j$^$;$s!#$3$N%U%!%$%k$r@8@.$9$k$K$O(B $B$U$?$D$NJ}K!(B $B!=(B Netscape PKCS#11 $B$r;H$&$+(B Netscape $B$N%V%i%&%6$r;H$&$+(B $B!=(B $B$,$"$j$^$9!#(B</P ><P >Netscape $B$N%V%i%&%6$r;H$&>l9g$O!"%5!<%P>e$G(B slapd $B$H(B stunnel $B$r5/F0$7$?$"$H$G(B Netscape Navigator $B$r(B https://your.ldap.server:636/ $B$H$$$&(B URL $B$K@\B3$9$k$H!"<+J,$N%G!<%?%Y!<%9$K$=$N%5!<%P>ZL@=q$rF~NO$9$k$h$&(B $BB%$5$l$^$9!#(B($B<+8J=pL>$N>ZL@=q$r;H$o$J$$$N$G$"$l$P(B) $BF1MM$K(B (CA $B$+$i6!5k$5$l$k(B) CA $B>ZL@=q$b%G!<%?%Y!<%9$K%m!<%I(B $B$7$J$/$F$O$J$j$^$;$s!#$3$3$^$GMh$?$i!"(B<TT CLASS="FILENAME" >$HOME/.netscape/cert7.db</TT >$B$r(B <TT CLASS="FILENAME" >sslpath</TT > $B$K%3%T!<$G$-$^$9!#(B $B>e5-$N:n6H$N:]!"%G%U%)%k%H$N(B <TT CLASS="FILENAME" >cert7.db</TT > $B$r;}$D(B $B=i4|>uBV$N%"%+%&%s%H$G9T$J$&J}$,9%$^$7$$$G$9!#$J$<$J$i(B $B<+J,$N>ZL@=q%G!<%?%Y!<%9$K$OB>$N%5!<%P>ZL@=q$,$"$k$+$b$7$l$:!"$"$k$H(B LDAP $B%/%i%$%"%s%H$,$=$l$r!"?.MQ:Q$_$NG'>Z%5!<%P$J$N$@$H(B $B$_$J$7$F$7$^$&$+$i$G$9!#$$$C$?$s%5!<%P>ZL@=q$,%$%s%]!<%H$5$l$?(B $B%V%i%&%6$O(B SSL $B$r%G%P%C%0$9$k$?$a$K;H$($^$9!#(B $B$=$N%V%i%&%6$O(B pam $B$d(B nss $B$N%i%$%V%i%j$N$h$&$K$U$k$^$&$+$i$G$9!#(B</P ></DIV ></DIV ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN331" >2.3. $B5/F0(B</A ></H2 ><P >$B%5!<%PB&$G!"<!$N$h$&$J%3%^%s%I$K$h$C$F!"(B slapd (LDAP $B%G!<%b%s%W%m%;%9(B) $B$r5/F0$7$J$/$F$O$$$1$^$;$s!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" ># slapd </PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B$b$7(B stunnel $B$r;H$&$J$i!"(BLDAPS $B$N(B 636 $BHV$N%]!<%H>e$G(B $B5/F0$7$J$/$F$O$$$1$^$;$s!#<!$N$h$&$K$7$F$/$@$5$$!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" > # /usr/local/sbin/stunnel -r ldap -d 636 -p /usr/local/ssl/certs/stunnel.pem</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >TLS (OpenSSL) $BIU$-$G%3%s%Q%$%k$5$l$?(B OpenLDAP 2.0.x $B$r;H$&$N$G$"$l$P!"<!$N%3%^%s%I$G%5!<%P$r5/F0$G$-$^$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" > # slapd -h "ldap:/// ldaps:///"</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >$B%/%i%$%"%s%H>e$G!"(BNSCD $B$rB?$/$N%G%#%9%H%j%S%e!<%7%g%s$K(B $B$U$D$&4^$^$l$F$$$k5/F0%9%/%j%W%H$+$i5/F0$G$-$^$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" > # /etc/rc.d/init.d/nscd start</PRE ></FONT ></TD ></TR ></TABLE ></P ><P >PAM $B$H(B NSS $B$,E,@Z$K@_Dj$5$l$F$$$l$P!"$3$l$G==J,$N$O$:$G$9!#(B</P ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN346" >2.4. $B%"%+%&%s%H$NJ]<i4IM}(B</A ></H2 ><P >$B$3$3$^$GMh$?;~E@$G!"(BLDAP $B%/%i%$%"%s%H%D!<%k$r;H$C$F(B $B%"%+%&%s%H:n@.$HJ]<i4IM}$,$G$-$k$O$:$G$9!#(B</P ><P >$B;DG0$J$,$iHFMQE*$J%D!<%k$N$[$H$s$I$O(B Un*x $B%"%+%&%s%H$N4IM}MQ$K$O$G$-$F$$$^$;$s!#(B $B$=$l$K8+9g$&5!G=$,$"$k$h$&$K;W$($k$b$N$O!"(B LDAP Browser/Editor (<A HREF="http://www-unix.mcs.anl.gov/~gawor/ldap" TARGET="_top" >http://www-unix.mcs.anl.gov/~gawor/ldap</A >) $B$,$"$j!"$=$l$O(B $B?'!9$J=q<0$G%Q%9%o!<%I$N@_Dj$,$G$-!"%5!<%P$K@\B3$9$k$?$a$K(B SSL $B$r;HMQ(B $B$G$-$^$9!#(B</P ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN351" >2.5. $B4{CN$N@)8B;v9`(B</A ></H2 ><P >$BC1FH$N%^%9%?%5!<%P$K$h$k(B ($B%9%l!<%V%5!<%P$N$J$$(B) NIS $B$N>l9g$HF1MM$K!"%l%W%j%1!<%7%g%s$rMxMQ$7$J$$(B LDAP $B$OG'>Z5!9=$K$H$C$F(B $B!V(Ba single point of failure ($BC10l5!4o$N>c32$,%7%9%F%`A4BN$N(B $B>c32$H$J$C$F$7$^$&<eE@(B)$B!W$G$"$k$H8@$($^$9!#(B $B$G$9$+$i(B LDAP $B%l%W%j%1!<%7%g%s$r<BAu$9$k$3$H$O!"G'>Z$H$$$&L\E*$N$?$a$K$O0lAX(B $B=EMW$H8@$($^$9!#(BOpenLDAP (slapd) $B$K$h$k%5!<%P$O%l%W%j%1!<%7%g%s5!G=$r(B $BHw$($F$$$^$9!#(B</P ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN354" >2.6. $B%U%!%$%k$N%Q!<%_%C%7%g%s(B</A ></H2 ><P >$B0J2<$OG'>Z%7%9%F%`$G;H$o$l$k%U%!%$%k$K(B $BE,MQ$5$l$F$$$k$Y$-%Q!<%_%C%7%g%s$N0lIt$G$9!#(B</P ><P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="PROGRAMLISTING" > -rw-r--r-- root.root /etc/ldap.conf -rw------- root.root /usr/local/etc/openldap/slapd.conf -rwxr-xr-x root.root /lib/security/pam_ldap.so.1 -rw-r--r-- root.root /lib/libnss_ldap-2.1.2.so -rw-r--r-- root.root /usr/local/ssl/certs/cert7.db -rw------- root.root /usr/local/ssl/certs/stunnel.pem </PRE ></FONT ></TD ></TR ></TABLE ></P ></DIV ></DIV ><H3 CLASS="FOOTNOTES" >Notes</H3 ><TABLE BORDER="0" CLASS="FOOTNOTES" WIDTH="100%" ><TR ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="5%" ><A NAME="FTN.AEN115" HREF="pamnss.html#AEN115" >[1]</A ></TD ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="95%" ><P >LDAP $B%G!<%?%Y!<%9$N(B $BJ#@=$r%5!<%P4V$G9T$J$&;EAH$_(B</P ></TD ></TR ><TR ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="5%" ><A NAME="FTN.AEN146" HREF="pamnss.html#AEN146" >[2]</A ></TD ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="95%" ><P >NIS $B$G3d$jEv$F$F$$$k>l9g$O0[$J$j$^$9!#(B</P ></TD ></TR ><TR ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="5%" ><A NAME="FTN.AEN176" HREF="pamnss.html#AEN176" >[3]</A ></TD ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="95%" ><P >$B$R$H$D$N%(%s%H%j$,J#?t$N(B objectclass $B$KB0$9$k$3$H$,$G$-$^$9!#(B</P ></TD ></TR ><TR ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="5%" ><A NAME="FTN.AEN247" HREF="pamnss.html#AEN247" >[4]</A ></TD ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="95%" ><P >$B%&%i5;$H$7$F!"(BNetscape Communicator $B$N>ZL@%G!<%?%Y!<%9$r;H$&$3$H$b$G$-$^$9!#(B</P ></TD ></TR ></TABLE ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="overview.html" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="radius.html" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >$B35MW(B</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >LDAP $B$r;H$C$?(B Radius $BG'>Z(B</TD ></TR ></TABLE ></DIV ></BODY ></HTML >