{"id":1537,"date":"2020-05-24T12:29:21","date_gmt":"2020-05-24T03:29:21","guid":{"rendered":"https:\/\/oboki.net\/?p=1537"},"modified":"2021-01-25T22:38:35","modified_gmt":"2021-01-25T13:38:35","slug":"openldap-%ec%84%a4%ec%b9%98","status":"publish","type":"post","link":"https:\/\/oboki.net\/workspace\/system\/linux\/openldap-%ec%84%a4%ec%b9%98\/","title":{"rendered":"[Linux] OpenLDAP \uc124\uce58"},"content":{"rendered":"

\uc0ac\ub0b4\uc5d0 airflow\ub97c ldap\uacfc \uc5f0\ub3d9\ud574\uc11c \uc0ac\uc6a9\ud558\uace0 \uc788\ub294\ub370 \ubc84\uc804\uc5c5\uc744 \ud558\uba74\uc11c \uc2e0\uaddc \uae30\ub2a5\uc774\ub791 \uc798 \ud638\ud658\uc774 \ub420 \uc9c0 \ud655\uc778\ud558\uace0\uc790 \ubd80\ub7b4\ubd80\ub7b4 openldap \uc744 \uc124\uce58\ud574\ubd24\ub2e4. \ub2e8\uc21c\ud55c \uc778\uc99d DB? \uc11c\ubc84? \ub77c\uace0 \uc0dd\uac01\ud588\ub294\ub370 \uc0dd\uac01\ubcf4\ub2e4 \uc5b4\ub824\uc6b4 \uac1c\ub150\uc774\uc5c8\ub2e4. LDAP \ud504\ub85c\ud1a0\ucf5c\uc5d0 \ub300\ud55c \uc790\uc138\ud55c(?) \uc124\uba85\uc740 \uc544\ub798 \ub9c1\ud06c\uc5d0\uc11c \uc798 \uc54c\ub824\uc8fc\ub294 \uac83 \uac19\uc73c\ub2c8 \ucc38\uace0.<\/p>\n

\n

https:\/\/jabcholove.tistory.com\/89<\/a><\/p>\n<\/blockquote>\n

\n

https:\/\/medium.com\/happyprogrammer-in-jeju\/ldap-%ED%94%84%ED%86%A0%ED%86%A0%EC%BD%9C-%EB%A7%9B%EB%B3%B4%EA%B8%B0-15b53c6a6f26<\/a><\/p>\n<\/blockquote>\n

\n

https:\/\/ldap.or.kr\/ldap-%EC%9D%B4%EB%9E%80\/<\/a><\/p>\n<\/blockquote>\n

\uc870\uc9c1\ub3c4\uc640 \uac19\uc740 \uacc4\uce35 \uad6c\uc870\ub97c \uc544\ub798\uc640 \uac19\uc740 \ud2b8\ub9ac \uad6c\uc870\ub85c \uc815\uc758\ud574\ub193\uace0 \ud2b9\uc815 \ub178\ub4dc\ub098 \uc9d1\ud569\uc744 \ucc3e\uc544\ub0bc \uc218 \uc788\uac8c \ud574\uc8fc\ub294 \uc2dc\uc2a4\ud15c\uc73c\ub85c \uac04\ub2e8\ud788 \uc774\ud574\ud558\uace0<\/p>\n

\"\ucd9c\ucc98:<\/p>\n<\/p>\n\n\n\n\n\n\n\n\n\n\n\n
\uc18d\uc131<\/th>\n\uc758\ubbf8<\/th>\n<\/tr>\n<\/thead>\n
dn<\/td>\ndistinguished name<\/td>\n<\/tr>\n
o<\/td>\norganization<\/td>\n<\/tr>\n
cn<\/td>\ncommon name<\/td>\n<\/tr>\n
c<\/td>\ncountry<\/td>\n<\/tr>\n
rdn<\/td>\nrelative DN<\/td>\n<\/tr>\n
ou<\/td>\norganization unit<\/td>\n<\/tr>\n
sn<\/td>\nsurname<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

\uac01 \uc18d\uc131\uba85\uc740 \uc704\uc640 \uac19\ub2e4\ub294 \uac83\uae4c\uc9c0\ub9cc \uc54c\uace0 \ub118\uc5b4\uac00\uba74 \uc55e\uc73c\ub85c \uc9c4\ud589\ud560 \ub0b4\uc6a9\uc744 \uc774\ud574\ud558\ub294\ub370\ub294 \ud06c\uac8c \ubb34\ub9ac\uac00 \uc5c6\uc744 \uac83 \uac19\ub2e4.
\n\uac1c\ub150\uc744 \uc774\ud574\ud558\uace0 \uc81c\ub300\ub85c \uc124\uce58\ud55c \uac83\uc778\uc9c0\ub294 \uc798 \ubaa8\ub974\uaca0\uc9c0\ub9cc, \ub450 \uba85\uc758 \uc0ac\uc6a9\uc790\uc5d0 \ub300\ud55c \uc778\uc99d \uc11c\ube44\uc2a4\ub97c \uc81c\uacf5\ud558\ub294, \uac00\ubcbc\uc6b4 \ud14c\uc2a4\ud2b8 \uc6a9\ub3c4\ub85c \uc124\uce58\ud574\ubcfc \uc218 \uc788\uc5c8\ub2e4.<\/del><\/p>\n

\uc124\uce58 \ud658\uacbd<\/h2>\n

\ub2e4\uc74c\uacfc \uac19\uc740 \ud658\uacbd\uc5d0\uc11c \uc9c4\ud589\ud588\ub2e4.<\/p>\n

    \n
  • \n

    CentOS7<\/p>\n

      \n
    • http:\/\/mirror.kakao.com\/centos\/7.8.2003\/isos\/x86_64\/CentOS-7-x86_64-DVD-2003.iso<\/code><\/li>\n<\/ul>\n<\/li>\n
    • \n

      hostname<\/code><\/p>\n

        \n
      • centos.vm.oboki.net<\/code><\/li>\n<\/ul>\n<\/li>\n
      • \n

        cat \/etc\/passwd<\/code><\/p>\n<\/li>\n<\/ul>\n

        user1:x:1005:1005::\/home:\/sbin\/nologin\nuser2:x:1006:1006::\/home:\/sbin\/nologin<\/code><\/pre>\n
        \ud328\ud0a4\uc9c0 \uc124\uce58<\/h2>\n
        yum -y install openldap openldap-servers openldap-clients\ncp \/usr\/share\/openldap-servers\/DB_CONFIG.example \/var\/lib\/ldap\/DB_CONFIG \nchown ldap. \/var\/lib\/ldap\/DB_CONFIG \nsystemctl enable slapd \nsystemctl start slapd <\/code><\/pre>\n
        389<\/code> \ubc88 \ud3ec\ud2b8\ub85c \uc11c\ube44\uc2a4\uac00 \uc798 \ub3d9\uc791\ud558\uace0 \uc788\ub294\uc9c0 \ud655\uc778\ud574\ubcf4\uba74 \uc124\uce58 \ub05d.<\/p>\n
        \uc124\uce58\uac00 \uc644\ub8cc\ub418\uba74 slappasswd<\/code> \uba85\ub839\uc73c\ub85c root \ud328\uc2a4\uc6cc\ub4dc\ub97c \uc124\uc815\ud558\uace0 \ucd9c\ub825\ub418\ub294 \ud574\uc2dc\uac12\uc744 \uc798 \ubcf5\uc0ac\ud574\ub454\ub2e4.<\/p>\n
        New password: \nRe-enter new password: \n{SSHA}1QgGcR5AZZ\/+DtAxYMVAFOdWSFGmNBei # olcRootPW<\/code><\/pre>\n
        \ub2e4\uc74c\uacfc \uac19\uc774 vim db.ldif<\/code> \ud30c\uc77c\uc744 \ub530\ub77c \uc4f0\uace0 olcRootPW \ub780\uc5d0\ub294 \uc704\uc5d0\uc11c \ubcf5\uc0ac\ud574\ub454 \ud328\uc2a4\uc6cc\ub4dc\ub97c \ub123\uc740 \ub4a4<\/p>\n
        dn: olcDatabase={2}hdb,cn=config\nchangetype: modify\nreplace: olcRootPW\nolcRootPW: {SSHA}1QgGcR5AZZ\/+DtAxYMVAFOdWSFGmNBei\n\ndn: olcDatabase={2}hdb,cn=config\nchangetype: modify\nreplace: olcSuffix\nolcSuffix: dc=centos\n\ndn: olcDatabase={2}hdb,cn=config\nchangetype: modify\nreplace: olcRootDN\nolcRootDN: cn=admin,dc=centos<\/code><\/pre>\n
        ldapmodify -Y EXTERNAL -H ldapi:\/\/\/ -f db.ldif<\/code> \uba85\ub839\uc73c\ub85c \ubcc0\uacbd\uc0ac\ud56d\uc744 \uc801\uc6a9\ud55c\ub2e4.<\/p>\n
        \uc774\uc5b4\uc11c \uc544\ub798 \uc21c\uc11c\ub300\ub85c \ucb49 \uc9c4\ud589\ud558\uba74 \ub418\ub294\ub370 \uc790\uc138\ud558\uac8c \uc5b4\ub5a4 \uae30\ub2a5\uc744 \ud558\ub294\uc9c0\ub294 \uc544\uc9c1\ub3c4 \uc798 \ubaa8\ub974\uaca0\ub2e4. \ub9ce\uc740 \uc0d8\ud50c \uc790\ub8cc\ub4e4\uc744 \ubcf4\uace0 \ub530\ub77c\ud588\uc9c0\ub9cc \ub9c9\ud788\ub294 \ubd80\ubd84\ub4e4\uc774 \ub9ce\uc558\uace0 \uacb0\uad6d \uc131\uacf5\ud55c \uacfc\uc815\uc778\ub370 .. \ub098\uc911\uc5d0 \uc790\uc138\ud788 \uacf5\ubd80\ud574\ubd10\uc57c\uaca0\ub2e4.<\/p>\n
        ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f \/etc\/openldap\/schema\/core.ldif<\/code><\/p>\n
        ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f \/etc\/openldap\/schema\/cosine.ldif<\/code><\/p>\n
        vim base.ldif<\/code><\/p>\n
        dn: dc=centos\ndc: centos\nobjectClass: top\nobjectClass: domain\n\ndn: cn=admin,dc=centos\nobjectClass: organizationalRole\ncn: admin\ndescription: LDAP Manager\n\ndn: ou=People,dc=centos\nobjectClass: organizationalUnit\nou: People\n\ndn: ou=Group,dc=centos\nobjectClass: organizationalUnit\nou: Group<\/code><\/pre>\n
        ldapadd -x -W -D "cn=admin,dc=centos" -f base.ldif<\/code><\/p>\n
        ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f \/etc\/openldap\/schema\/nis.ldif<\/code><\/p>\n
        cat user1.ldif<\/code><\/p>\n
        dn: uid=user1,ou=People,dc=centos\nobjectClass: top\nobjectClass: account\nobjectClass: posixAccount\nobjectClass: shadowAccount\ncn: user1\nuid: user1\nuidNumber: 1005\ngidNumber: 1005\nhomeDirectory: \/home\nloginShell: \/sbin\/nologin\ngecos: user1 [Administrator]\nuserPassword: {crypt}x\nshadowLastChange: 17058\nshadowMin: 0\nshadowMax: 99999\nshadowWarning: 7<\/code><\/pre>\n
        ldapadd -x -W -D "cn=admin,dc=centos" -f user1.ldif<\/code><\/p>\n
        ldappasswd -s password -W -D "cn=admin,dc=centos" -x "uid=user1,ou=People,dc=centos"<\/code><\/p>\n
        cat user2.ldif<\/code><\/p>\n
        dn: uid=user2,ou=People,dc=centos\nobjectClass: top\nobjectClass: account\nobjectClass: posixAccount\nobjectClass: shadowAccount\ncn: user2\nuid: user2\nuidNumber: 1006\ngidNumber: 1006\nhomeDirectory: \/home\nloginShell: \/sbin\/nologin\ngecos: user2 [Administrator]\nuserPassword: {crypt}x\nshadowLastChange: 17058\nshadowMin: 0\nshadowMax: 99999\nshadowWarning: 7<\/code><\/pre>\n
        ldapadd -x -W -D "cn=admin,dc=centos" -f user2.ldif<\/code><\/p>\n
        ldappasswd -s password -W -D "cn=admin,dc=centos" -x "uid=user2,ou=People,dc=centos"<\/code><\/p>\n
        ldap util \ucc38\uace0<\/h3>\n
          \n
        • \ud2b9\uc815 dn \uc0ad\uc81c\n
            \n
          • ldapdelete -x "cn=testgroup,ou=Group,dc=centos" -D "cn=admin,dc=centos" -W<\/code><\/li>\n<\/ul>\n<\/li>\n
          • \ud2b9\uc815 dn \uac80\uc0c9\n
              \n
            • ldapsearch -x -H ldap:\/\/centos:389 -D "cn=admin,dc=centos" -W -b "dc=centos" -LLL<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
              \u203b -x<\/code> \uc635\uc158 \ub4a4\uc5d0 \ub300\uc0c1 dn \uc744 \uc801\uc5b4\uc8fc\uba74 \ub428<\/p>\n","protected":false},"excerpt":{"rendered":"
              \uc0ac\ub0b4\uc5d0 airflow\ub97c ldap\uacfc \uc5f0\ub3d9\ud574\uc11c \uc0ac\uc6a9\ud558\uace0 \uc788\ub294\ub370 \ubc84\uc804\uc5c5\uc744 \ud558\uba74\uc11c \uc2e0\uaddc \uae30\ub2a5\uc774\ub791 \uc798 \ud638\ud658\uc774 \ub420 \uc9c0 \ud655\uc778\ud558\uace0\uc790 \ubd80\ub7b4\ubd80\ub7b4 openldap \uc744 \uc124\uce58\ud574\ubd24\ub2e4. \ub2e8\uc21c\ud55c \uc778\uc99d DB? \uc11c\ubc84? \ub77c\uace0 \uc0dd\uac01\ud588\ub294\ub370 \uc0dd\uac01\ubcf4\ub2e4 \uc5b4\ub824\uc6b4 \uac1c\ub150\uc774\uc5c8\ub2e4. LDAP \ud504\ub85c\ud1a0\ucf5c\uc5d0 \ub300\ud55c \uc790\uc138\ud55c(?) \uc124\uba85\uc740 \uc544\ub798 \ub9c1\ud06c\uc5d0\uc11c \uc798 \uc54c\ub824\uc8fc\ub294 \uac83 \uac19\uc73c\ub2c8 \ucc38\uace0. https:\/\/jabcholove.tistory.com\/89 https:\/\/medium.com\/happyprogrammer-in-jeju\/ldap-%ED%94%84%ED%86%A0%ED%86%A0%EC%BD%9C-%EB%A7%9B%EB%B3%B4%EA%B8%B0-15b53c6a6f26 https:\/\/ldap.or.kr\/ldap-%EC%9D%B4%EB%9E%80\/ \uc870\uc9c1\ub3c4\uc640 \uac19\uc740 \uacc4\uce35 \uad6c\uc870\ub97c \uc544\ub798\uc640 \uac19\uc740 \ud2b8\ub9ac \uad6c\uc870\ub85c \uc815\uc758\ud574\ub193\uace0 \ud2b9\uc815 \ub178\ub4dc\ub098 \uc9d1\ud569\uc744 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1537","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/1537","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/comments?post=1537"}],"version-history":[{"count":1,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/1537\/revisions"}],"predecessor-version":[{"id":1538,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/1537\/revisions\/1538"}],"wp:attachment":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/media?parent=1537"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/categories?post=1537"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/tags?post=1537"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}