***参照先 以下のページを参考にさせて頂きました。 http://www.sun.com/bigadmin/features/articles/nis_ldap_part1.jsp *サーバ側設定 ***idsconfigスクリプトの編集 バージョンチェックによってexitしてしまうところをコメントアウトします。 chk_ids_version() { [ $DEBUG -eq 1 ] && ${ECHO} "In chk_ids_version()" # check iDS version number. eval "${LDAPSEARCH} ${SERVER_ARGS} -b cn=monitor -s base \"objectclass=*\" version | ${GREP} \"^version=\" | cut -f2 -d'/' | cut -f1 -d' ' > ${TMPDIR}/checkDSver 2>&1" if [ $? -ne 0 ]; then ${ECHO} "ERROR: Can not determine the version number of iDS!" exit 1 fi IDS_VER=`cat ${TMPDIR}/checkDSver` IDS_MAJVER=`${ECHO} ${IDS_VER} | cut -f1 -d.` IDS_MINVER=`${ECHO} ${IDS_VER} | cut -f2 -d.` if [ "${IDS_MAJVER}" != "5" ]; then ${ECHO} "ERROR: $PROG only works with iDS version 5.x, not ${IDS_VER}." # exit 1←ここをコメントアウト fi if [ $DEBUG -eq 1 ]; then ${ECHO} " IDS_MAJVER = $IDS_MAJVER" ${ECHO} " IDS_MINVER = $IDS_MINVER" fi ***idsconfigスクリプトを実行 #/usr/lib/ldap/idsconfig It is strongly recommended that you BACKUP the directory server before running idsconfig. Hit Ctrl-C at any time before the final confirmation to exit. Do you wish to continue with server setup (y/n/h)? [n] y Enter the iPlanet Directory Server's (iDS) hostname to setup: server1 Enter the port number for iDS (h=help): [389] ERROR: idsconfig only works with iDS version 5.x, not 6.0. Enter the directory manager DN: [cn=Directory Manager] Enter passwd for cn=Directory Manager : Enter the domainname to be served (h=help): [send.test] Enter LDAP Base DN (h=help): [dc=send,dc=test] Checking LDAP Base DN ... Validating LDAP Base DN and Suffix ... Enter the profile name (h=help): [default] Default server list (h=help): [192.168.1.38] Preferred server list (h=help): なし Choose desired search scope (one, sub, h=help): [one] sub The following are the supported credential levels: 1 anonymous 2 proxy 3 proxy anonymous Choose Credential level [h=help]: [1] 2 The following are the supported Authentication Methods: 1 none 2 simple 3 sasl/DIGEST-MD5 4 tls:simple 5 tls:sasl/DIGEST-MD5 Choose Authentication Method (h=help): [1] 2 Current authenticationMethod: simple Do you want to add another Authentication Method? n Do you want the clients to follow referrals (y/n/h)? [n] Do you want to modify the server timelimit value (y/n/h)? [n] Do you want to modify the server sizelimit value (y/n/h)? [n] Do you want to store passwords in "crypt" format (y/n/h)? [n] Do you want to setup a Service Authentication Methods (y/n/h)? [n] Client search time limit in seconds (h=help): [30] Profile Time To Live in seconds (h=help): [43200] Bind time limit in seconds (h=help): [10] Do you wish to setup Service Search Descriptors (y/n/h)? [n] ・・・・・・・・ ***LDAPエントリーの追加 DSCCにログインし「ディレクトリサーバ」タブを選択。 「エントリの管理」タブにて以下を追加します。 (1)group ou=group,dc=send,dc=testに以下を新規作成する。 objectclassはposixGroupを選択。 必須属性 gidNumber:5001 フルネーム(cn):soluser 許可された属性 description:Solarisusers memberUid:sunuser300 (2)ユーザ ou=People,dc=send,dc=testに以下を新規作成する。 objectclassはユーザー(inetOrgPerson)を選択。 フルネーム(cn):taka 性(sn):taka ユーザID(uid):taka パスワード(userPassword):***** 続いてtakaのエントリーを編集する。 uid=takaが選択された状態で「エントリの編集」を押す。 変更画面が表示されるが「テキストビュー」タブを選択する。 「編集可能な属性」欄に以下を追加する。 objectclass: posixAccount objectclass: shadowAccount gidNumber: 5001 homeDirectory: /export/home/taka uidNumber: 10003 ***anonymous接続の許可 #vi acis.ldif dn: dc=send,dc=test changetype: modify replace: aci aci: (target="ldap:///dc=send,dc=test") (targetattr="*") (version 3.0; acl "allow all Admin group"; allow (all) groupdn = "ldap:///cn=Directory Administrators,ou=Groups,dc=send,dc=test";) aci: (target="ldap:///dc=send,dc=test") (targetattr != "userPassword") (version 3.0; acl "Anonymous read-search access"; allow (read,search,testpare) (userdn = "ldap:///anyone");)aci: (target="ldap:///dc=send,dc=test") (targetattr != "userPassword") (version 3.0; acl "allow self read search testpare"; allow(read,search,testpare) userdn = "ldap:///self";) aci: (targetattr = "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid")(version 3.0; acl LDAP_Naming_Services_deny_write_access; deny (write) userdn = "ldap:///self";) aci: (targetattr = "loginShell") (version 3.0;acl "LDAP_Naming_Services_allow_certain_changes"; allow (write) userdn = "ldap:///self";) aci: (target="ldap:///dc=send,dc=test") (targetattr != "userPassword") (version 3.0; acl "LDAP_Naming_Services_proxy_read"; allow(read,search,testpare) userdn = "ldap:///cn=proxyagent,ou=people,dc=send,dc=test";) 適用する。 # ldapmodify -D "cn=Directory Manager" -w ****(パスワード) -f acis.ldif