  LDAP Linux HOWTO
  Luiz Ernesto Pinheiro Malere, malere@yahoo.com
  v1.03, 28 September 2000
  aFn  <inachi@earth.interq.or.jp>
  v1.03j, 21 December 2000

  ́̕ALinux }Vɂ LDAP (Lightweight Directory Access
  Protocol)T[õCXg[AݒAsAǗɊւڂĂ
  ܂B܂ALDAP f[^x[X̍쐬@Af[^x[X̏̍XV
  폜A[~OANZX@ANetscape ̃AhX̗p
  @ɂĂ̏ڍׂڂĂ܂B̑̕啔́A~VKw
  LDAP y[W OpenLDAP Administrator's Guide ɂ܂B
  ______________________________________________________________________

  ڎ

  1. ͂߂
     1.1 LDAP Ƃ́H
     1.2 fBNgT[rXƂ́H
     1.3 LDAP ͂ǂ̂悤ɓ삷̂H
     1.4 LDAP ̃obNGhAIuWFNgA
     1.5 ̐̕Vo[W
     1.6 ӌƒ
     1.7 [X
     1.8 ӎ
     1.9 쌠ƖƐ

  2. LDAP T[õCXg[
     2.1 OɕKvȂ
     2.2 pbP[W̃_E[h
     2.3 T[o̓WJ
     2.4 \tgEFA̐ݒ
     2.5 T[o̍쐬

  3. LDAP T[o̐ݒ
     3.1 ݒt@C̃tH[}bg
     3.2 O[ofBNeBu
     3.3 ʃobNGhfBNeBu
     3.4 ʃf[^x[XfBNeBu
     3.5 LDBM obNGhŗLfBNeBu
     3.6 ̃obNGhf[^x[X
     3.7 ANZX̗
     3.8 ݒt@C̗

  4. LDAP T[o̎s
     4.1 R}hCIvV
     4.2 LDAP T[őN
     4.3 LDAP T[ȍI

  5. f[^x[X쐬/Ǘc[
     5.1 ICŃf[^x[X쐬@
     5.2 ItCŃf[^x[X쐬@
     5.3 LDIF tH[}bgɂĂ
     5.4 ldapsearch, ldapdelete, ldapmodify [eBeB

  6. ǉƕ⑫
     6.1 [~OANZX
        6.1.1 t@C̕ύX
        6.1.2 IuWFNgNXt@C̕ύX
        6.1.3 LDIF t@C̍쐬
        6.1.4 Netscape Navigator ̐ݒ
        6.1.5 LDAP T[o̍ċN
     6.2 Netscape ̃AhX
     6.3 LDAP Migration Tools
     6.4 LDAP pF
     6.5 OtBJ LDAP c[
     6.6 Logs

  7. 
     7.1 URLs
     7.2 
     7.3 RFC

  ______________________________________________________________________

  1.  ͂߂

  ̎̕ȖړÍALinux }V LDAP fBNgT[oZbg
  Abvėp邱ƂłBǎ҂́ALDAP T[oCXg[AݒA
  sAǗ@ɂĊwт܂B̌ALDAP NCAgƃ[
  eBeBpăfBNg̏i[A擾AXV@ɂ
  Ăwт܂BLDAP fBNgT[õf[ slapd Ƃ΂AlX
   UNIX vbgtH[œ삵܂B

  LDAP T[oԂ̕ǂʂ̃f[܂B̃f[
  slurpd Ƃ΂Ă܂A肱ɂċCɂKv͂
  B̕ł́AȂ̃[JhCɃfBNgT[rX
   slapd s܂B͂Ȃ̂ slurpd ͎g܂B

  ̕Ő̂́AS҂ɂƂĂ傤ǂ悢x̊ȒPȃT[o
  \złA]ނȂŕʂ̐ݒɃAbvO[h邱ƂȒP
  B̕ɍڂẮALDAP vgR𗘗p悢
  ƂȂ܂B炭̕ǂ񂾌ɂ́AT[o̔\͂gA
  ɂ C, C++, Java JLbgȂǂgăNCAgȂ
  肷邱Ƃł傤B

  1.1.  LDAP Ƃ́H

  LDAP Ƃ́AfBNgT[rXɃANZX邽߂̃NCAgT[o
  vgRłB͓ X.500 ̃tgGhƂĎgĂ܂
  AX^hA[̃fBNgT[o⑼̎ނ̃fBNgT[
  ołg悤ɂȂ܂B

  1.2.  fBNgT[rXƂ́H

  fBNg̓f[^x[XɎĂ܂ALqIőx[X̏
  ܂ނ悤ɂȂĂ܂BʂɃfBNg̏́A݂
  o̕Ƒs܂BāAʓIȃf[^x[Xő
  ̕GȍXVs߂ɗp镡GȃgUNV⃍[obN
  @\fBNgł͒ʏ܂BfBNg̍XV́Aʂ
  all-or-nothing ̒Pȏɉ߂܂B

  fBNǵAʂ̏Ɖ邢͌ɑł悤ɍœK
  Ă܂BғƐMAX|X^C炷߂ɁA
  fBNgɂ͏L\͂܂BfBNg񂪕
  ĂꍇAꎞIȕs邩܂񂪁AIɓ
  Ƃ悤ɂĂΖ肠܂B

  fBNgT[rX̒񋟕@ɂ͐FXȎނ܂B̂߁AfB
  Ngɕۑ̎ނlɂȂAł͏̎QƁA⍇A
  XVAF؂ȂANZXǂ̂悤ɏ邩ȂǂɊւĐFX
  ȗv܂BǏIŁAꂽΏ(Ƃ΁AP̃}V
  finger T[rXȂ)݂̂ւ̃T[rX񋟂悤ȃfBNgT[r
  XAIŁA͂邩ɍLΏۂɃT[rX񋟂悤ȃT[
  rX܂B

  1.3.  LDAP ͂ǂ̂悤ɓ삷̂H

  LDAP fBNgT[rX́ANCAgT[ofɂĂ
  Bȏ̃fBNgT[oALDAP fBNgc[邢
  LDAP obNGhf[^x[X\f[^ۗLĂ܂B LDAP
  NCAg LDAP T[oɐڑÃT[oɑ΂Ď₵܂B
  ɑ΂ăT[o͉񓚂ԂANCAgɏTo
  ꏊւ̃|C^(ʏ͕ʂLDAPT[o)Ԃ܂BNCAǵA
  ǂ LDAP T[oɐڑĂfBNg͓悤Ɍ܂B
  LDAP T[oɒ񎦂O͕ʂ LDAP T[ołGgQƂ
  B́ALDAP ̂悤ȑIfBNgT[rX̏dvȓłB

  1.4.  LDAP ̃obNGhAIuWFNgA

  slapd ɂ͎ނ̈قȂO̃obNGhf[^x[XtĂāA
  IԂ̓[U̎RłBLDBM ̓fBXNx[X̍ȃf[^x[
  XłBSHELL  UNIX R}h邢̓XNvgɑ΂f[^x[XC
  ^tF[XłBPASSWD ͊ȒPȃpX[ht@Cf[^x[XłB

  ̕ł LDBM f[^x[XÎƂ܂B

  LDBM f[^x[X́Af[^x[X̊eGgɂSoCg̃RpNg
  ňӂȎʎq蓖Ă邱ƂɂĐ藧Ă܂B̎ʎq͍
  ̃GgQƂ邽߂Ɏg܂Bf[^x[Xɂ́Aid2entry
  Ƃ̎t@C܂܂܂B́AGg̈ӂȎ
  q(EID)Gĝ̃eLXg\Ƀ}bv܂B̑̍t@C
  lɊǗ܂B

  LDAP x[X̃fBNgT[oԂŃfBNgC|[g
  GNX|[gAfBNgɓKpPZbg̕ύXLq
  ́A LDIF (LDAP Data Interchange Format)ƂtH[}bgg
  ܂B LDIF ́AGg̃IuWFNgẘKwŏi[܂B
  ꂩ痘p LDAP \tgEFApbP[Wɂ́A LDIF t@C LDBM
  tH[}bgɕϊ郆[eBeBtĂ܂B

  ʂ LDIF t@Ĉ͎悤ȓeɂȂĂ܂B

       dn: o=TUDelft, c=NL
       o: TUDelft
       objectclass: organization

       dn: cn=Luiz Malere, o=TUDelft, c=NL
       cn: Luiz Malere
       sn: Malere
       mail: malere@yahoo.com
       objectclass: person

  ɎƂAeGg͎ʖ(distinguished name: DN)ňӂɎ
  ʂ܂BDN ́AGg̖OƃGgfBNgKw̍ŏ
  ɂ̂ڂÕpXƂȂ܂B

  LDAP ł́AIuWFNgNX̓Gg`邽߂Ɏg鑮̏W
  ܂`܂BLDAP ̕Wł́Â悤ȃIuWFNgNX̊{
  ^񋟂Ă܂B

  o  fBNg̃O[v -- ɂ́AX̃IuWFNg̏Ȃ
     Xg邢̓IuWFNg̃O[v܂܂܂B

  o   -- LqȂǁB

  o  fBNg̑gDB

  o  fBNg̐lXB

  Gg͓ȏ̃IuWFNgNXɏł܂BƂ΁Al̂
  ߂̃GǵAIuWFNgNX person Œ`܂AIuWFNg
  NX inetOrgPerson, groupOfNames, organization ̑ɂĂ`
  ł܂BT[õIuWFNgNX\(̃XL[})́ÃGg
  ɗvꂽƋĂ鑮̃XgŜ肵܂B

  [] ł́u(belong)vƂt܂ɎgĂ
  BinetOrgPerson  person hĂ̂ŁA inetOrgPerson ̃G
  g͗̃IuWFNgNX̃Ggƌ܂B܂A\^̃I
  uWFNgNXƕ⏕^̃IuWFNgNXgݍ킹Gg
  ꍇ̃IuWFNgNXɁuvĂƌł
  BAgroupOfNames  organization ͐l`̂ł͂ȂA
  l\Gg DN ŎQƂł邾łB
  fBNg̃f[^́Aƒl̃yAƂĕ\܂B̂
  镔LqIȑƊ֘AtĂ܂B

  Ƃ΁A commonName (cn)́Al̖Oi[邽߂Ɏg܂B
  O Jonas Salk łĺAfBNgł͎̂悤ɕ\܂B

       cn: Jonas Salk

  fBNgɊi[eĺAIuWFNgNX person ̑̏W
  ɂĒ`܂B̃Gg`邽߂Ɏg鑼̑
  ͎̂悤Ȃ̂܂B

       givenname: Jonas
       surname: Salk
       mail: jonass@airius.com

  Kv(required attribute)Ƃ́AIuWFNgNXgGgɗ^
  Ȃ΂ȂȂ̂ƂłBׂẴGg objectClass 
  KvƂ܂B͂̃GgIuWFNgNX̃Xg
  w肷̂łB

  (allowed attribute)Ƃ́AIuWFNgNXgGgɗ^
  邱Ƃ̂ł鑮̂ƂłBƂ΁AIuWFNgNX person 
  āA cn  sn ͕KvłA description,
  telephoneNumber, seeAlso, userpassword ͋łĕKvł
  ܂B

  éAΉV^bNX`Ă܂B̃V^bNX`
  ́AɂĒ񋟂̃^CvLq܂B

     bin
        oCi

     ces
        p召ʂ镶(r̍ۂɉp召̈Ⴂ𖳎
        )

     cis
        p召ʂȂ(r̍ۂɉp召̈Ⴂ͖
        )

     tel
        dbԍ̕(cis ɎĂ邪Ar̍ۂɃuNƃ_bV
        `-' 𖳎)

     dn ʖ

  IuWFNgNXƑ̒`VXêǂɂ邩mɂ́A
  ``LDAP T[o̐ݒ''̍ŏ̒iQƂĂB

  1.5.  ̐̕Vo[W

  ́̕Aǎ҂󂯎tB[hobNx[XɂďCƍXV
  sĂ܂B HOWTO ̐Vo[Ŵ͎ƂŌ܂B

  http://www.mobilesoft.com.br/HOWTO/LDAP-HOWTO.html

  1.6.  ӌƒ

  ̕ɂɂĉ炩̋^₪΁Aemail ŎɘAĂ
  B(malere@yahoo.com)

  RgĂꍇɒm点ĂB

  1.7.  [X

  ̐߂ɂ́Ã̕[XꗗtɍڂĂ܂Be[X
  ẮAOo[W̕ύX_AVKǉځAC_LĂ
  B

  v1.0: 20 June 1999, o[W

  v1.01: 15 February 2000, ̐߂ǉ

  o  LDAP Migration Tools

  o  LDAP pF

  o  OtBJ LDAP c[

  o  RFC

  v1.02: 13 September 2000, 뎚̏Cю̐߂̒ǉ

  o  [X

  v1.03: 28 September 2000, OpenLDAP 2.0 ̐̒ǉB Ldap v3
  (RFC2251 <ftp://ftp.isi.edu/in-notes/rfc2251.txt>) 荞ł
  B

  [] ZԂ OpenLDAP 2.0 ̏荞łꂽ̂͂悢̂ł
  Â OpenLDAP 1.2,x ̏ 2.0.x ̏񂪍Ă܂B
  ҂̋CÂƂ͖󒍂ŎĂ܂B

  1.8.  ӎ

   HOWTO ́AI_ TUDelft wŎ׋Ă쐬
  ̐ʂłB̕悤ɋ߂ĂꂽlXA Rene van Leuken
   Wim Tiwon ɊӂB{ɂ肪ƂBނƓ Linux t@
  łB

  ꂩA̕ɍvĂꂽhCc LDAP-HOWTO ̖|҂ł
  Thomas Bendler ƁALDP vWFNg̈̑Ȃ{eBAł Joshua
  Go ɂӂB

  1.9.  쌠ƖƐ

   LDAP Linux HOWTO ̒쌠́A1999 Nȍ~ Luiz Ernesto Pinheiro
  Malere ɂ܂B͎̕Rɔzzł܂B̕ύXĂ
  Ȃ܂B炩̒Ăꍇɂ email ŎɘAĂ (
  ̒ĂLȂAύX܂)B

  |gKȂǂɖ|󂵂ꍇ email ŎɘAĂB

  ̓̕eɂĂ͈؂̐ӔC𕉂܂B̕ɂ菇
  ]ʂɂāA͈؂̐ӔC܂B
  ̌ɂċ^_Ȃ΁ALinux HOWTO Ǘ҂ɘAĂ
  (linux-howto@metalab.unc.edu)B

  2.  LDAP T[õCXg[

  LDAP T[oCXg[ɂ́AOɕKvȃpbP[W̃CXg[
   (ɃCXg[ĂȂꍇ)ALDAP T[o\tgEFÃ_E
  [hA\tgEFA̓WJAMakefile ̐ݒAT[o̍쐬̌܂̃X
  ebvKvłB

  2.1.  OɕKvȂ

  [] ̐߂͊{I OpenLDAP 2.0.x ɊւĐĂ܂B

  LDAPv3 ɊS邽߂ɁAOpenLDAP ̃NCAgƃT[o͎ɂ
  \tgEFACXg[Ă邱ƂKvƂ܂B

  OpenSSL TLS Cu

  OS ɂĂ͂̃CuՃVXëꕔ邢̓IvṼ\
  tgEFAR|[lgƂĒ񋟂Ă邩܂񂪁AOpenSSL
  ͂ĂʂɃCXg[KvƂȂ܂B OpenSSL 
  http://www.openssl.org <http://www.openssl.org> ł܂B

  Kerberos F؃T[rX

  OpenLDAP ̃NCAgƃT[óAKerberos x[X̔F؃T[rXT
  |[g܂B OpenLDAP ł́AHeimdal  MIT Kerberos V pbP[W
  ̂ꂩp SASL/GSSAPI F؋@\T|[g܂B Kerberos
  x[X SASL/GSSAPI F؂ĝł΁A Heimdal  MIT Kerberos V
  CXg[ĂĂB Heimdal Kerberos 
  http://www.pdc.kth.se/heimdal <http://www.pdc.kth.se/heimdal> 
  ł܂B

  MIT Kerberos  http://web.mit.edu/kerberos/www
  <http://web.mit.edu/kerberos/www> ł܂B Kerberos 񋟂
  悤ȋłȔF؃T[rX̗p߂܂B

  Cyrus's Simple Authentication and Security Layer Cu

  OS ɂĂ͂̃CuՃVXëꕔ邢̓IvṼ\
  tgEFAR|[lgƂĒ񋟂Ă邩܂񂪁A Cyrus
  SASL ͂ĂʂɃCXg[KvƂȂ܂B Cyrus SASL 
  http://asg.web.cmu.edu/sasl/sasl-library.html
  <http://asg.web.cmu.edu/sasl/sasl-library.html> ł
  BCyrus SASL ́AOpenSSL  Kerberos/GSSAPI ̃CuCXg[
  Ă΁Ag悤ɂȂ܂B

  f[^x[X\tgEFA

  OpenLDAP  slapd ̎vȃf[^x[XobNGh LDBM ́AGgX
  g[WɎgf[^x[XpbP[WKvƂ܂B LDBM ̃f[^x[
  Xɂ Sleepycat Software  BerkeleyDB ()邢 Free Software
  Foundation  GNU Database Manager (GDBM) 𗘗pł܂B configure
  XNvgsƂɁÃpbP[ŴǂpłȂ
  ΁A̎vȃf[^x[XobNGhT|[g slapd \zł
  ܂B

  ̃pbP[ẂAǂ炩ՃVXëꕔ邢̓IvV
  ̃\tgEFAR|[lgƂĒ񋟂Ă邩܂񂵁A
  Ń\tgEFA肵ăCXg[Kv邩܂B

  BerkeleyDB  Sleepycat Software  _E[hy[W
  http://www.sleepycat.com/download.html
  <http://www.sleepycat.com/download.html> ł܂B
  Ă鎞_ł̍ŐV[Xło[W 3.1 ߂łB

  GDBM  FSF ̃_E[hTCg ftp://ftp.gnu.org/pub/gnu/gdbm
  <ftp://ftp.gnu.org/pub/gnu/gdbm> ł܂BĂ鎞
  _Ńo[W 1.8 ŐV[XłB

  Xbh

  OpenLDAP ̓Xbh̗_悤ɐ݌vĂ܂B OpenLDAP
   POSIX pthreads, Mach CThreads ȂǂƂ܂܂ȃXbhn
  T|[gĂ܂Bconfigure XNvgKȃXbhTuVXe
  ołȂꍇA configure ͕sĂ܂BꂪNꍇ
  ɂ́AOpenLDAP FAQ http://www.openldap.org/faq
  <http://www.openldap.org/faq>  Software - Installation - Platform
  Hints ̃ZNV𒲂ׂĂ݂ĂB

  TCP Wrappers

  TCP wrappers (IP x̃ANZXtB^)OɃCXg[
  Ă΁Aslapd ͂T|[g܂BJ̏T[oɂ
  Ă TCP wrappers ₻̑ IP x̃ANZXtB^(IP x
  t@CEH[ɒ񋟂̂Ȃ)̗p߂܂B

  2.2.  pbP[W̃_E[h

  t[ɔzzĂ LDAP T[oɂ́A~VKw LDAP T[o
  OpenLDAP T[o̓܂B܂Ȁ̉ł̂݃t[ł
  ̂ Netscape fBNgT[o܂(Ƃ΁A@ւ̓t
  [ŗpł܂)BOpenLDAP T[óA~VKw̃T[o̍ŐVo[
  WɂĂāA[OXg OpenLDAP Ŗ𗧂ǉ̕
  ܂B̕ł́AOpenLDAP 𗘗p邱Ƃɂ܂B

  OpenLDAP ̍ŐV tar+gzip o[ẂÂƂ납ł܂B

       http://www.openldap.org

  ~VKw̃T[o̍ŐVo[W~ȂÂƂ납
  ܂B

       ftp://terminator.rs.itd.umich.edu/ldap

  ̕ۂɂ͓̃o[W OpenLDAP pbP[Wg܂
  B͍ŐV̈ 1.2.11 ŁA͐VKɃ[Xꂽ 2.0.4
  łBgĂ OS  J[l 2.2.13  Slackware Linux łB

  OpenLDAP ̃TCgɂ́AOpenLDAP T[o̍ŐV̊Jłƈłu
  ܂B̕XV_ŁAŐV̈ł openldap-
  stable-20000704.tgz łBŐV̊Jł openldap-2.0.4.tgz łB

  [] łJł͎ۂɂ̓[XłłB|󎞓_ł̍ŐṼ
  [Xł openldap-2.0.7.tgz ŁAJł͂܂Bł
  OpenLDAP 1.2.11 x[X̂̂łB

  2.3.  T[o̓WJ

  āA[J}V gzip Ōł߂ꂽpbP[WĂāA
  WJ邱Ƃɂ܂傤B

  ܂ÃpbP[W /usr/local Ȃǂ̖]݂̃fBNgɃRs[
  B

  Ď̃R}hs܂B

       tar xvzf openldap-stable.tgz

  ̃R}hłƂł܂B

       gunzip openldap-stable.tgz | tar xvf -

  2.4.  \tgEFA̐ݒ

  ̃IvVpӂĂāAJX^}CY邱Ƃɂ
  ACXg[TCgɍœKȃ\tgEFA쐬ł܂B

  ̃\tgEFA̐ݒɂ́A̃XebvKv܂B

  o  \tgEFAWJfBNgz̃TufBNg include 
     t@C ldapconfig.h.edit ҏWB

  o  configure XNvgs(Ȃ^tKCȂ΁Aconfigure X
     Nvgs Make-common t@CҏW邱Ƃł
     ܂ :^)B

  [] ݂ OpenLDAP ɂ Make-common t@C݂͑܂B

  t@C include/ldapconfig.h.edit ł́Aslapd  slurpd f[̏
  ݂Ȃǂ̃IvVݒł܂B̃t@Ĉ悭߂
  āAftHg̐ݒ͍łʓIȊǗ҂̑I𔽉fĂ̂ŁA}
  łȂ炱̃XebvȗĂB

       vi include/ldapconfig.h.edit

  OpenLDAP T[o̔zz\[Xɂ́ACXg[fBNgRp
  CƃJ̃tOȂǂ̃IvVw肷邽߂̐ݒXNvgt
  Ă܂B\tgEFAWJfBNgŎ̂悤Ƀ^Cv
  B

       ./configure --help

  ́A\tgEFA쐬O configure XNvgŃJX^}CY
  ł邷ׂẴIvV󎚂܂BCXg[fBNg
  肷ɂ́A--prefix=pref, --exec-prefix=eprefix, --bindir=dir ̃Iv
  VLpłBʂɃIvVȂ configure s΁AK
  ȐݒoAftHg̈ʓIȏꏊɃCXg[悤ɏ
  ܂BƂƂŁÂ悤ɂĂ݂܂傤B

       ./configure

  o͂𒲂ׂāAׂĂ܂mFĂB

  2.5.  T[o̍쐬

  \tgEFAݒ肵IA\tgEFA̍쐬͂߂邱Ƃł
  B܂ÃR}hgĈˑ֌W쐬܂B

       make depend

  ̌ÃR}hgăT[o쐬܂B

       make

  ׂĂ܂ȂAݒ肵Ƃɍ쐬Ăł傤B
  Ȃ΁AÕXebvɖ߂Đݒ肵e𒲂ׂĂB\tgEF
  AWJĂłfBNg̉̃pX doc/install/hints ɂv
  bgtH[ŗL̃qgmFĂ݂ĂB

  AoCi man y[WCXg[܂傤Bsɂ(C
  Xg[ꏊɂ܂)X[p[UɂȂKvł
  B

       su
       make install

  ŊłBȂ̓T[õoCiƂ̑̃[eB
  eB̃oCiɓ܂B``LDAP T[o̐ݒ''ɐiŁA LDAP
  T[o̐ݒ@ĂB

  OpenLDAP 2.0 T[õoCi slapd ƂOłB OpenLDAP 2.0 
  8  30 ɐɃ[X܂B RFC 2251 ɒ`ꂽ
  LDAP vgR v3 荞ł܂B

  OpenLDAP 2.0 ̎ȓɂ܂B

  o  LDAPv2  LDAPv3 (RFC2251-2256,2829-2831) ̃T|[g

  o  ̃NCAgƂ̌݊̈ێ

  o  IPv4  IPv6 ̃T|[g

  o  ͂ȔF؋@\(SASL) (RFC2829)

  o  Start TLS (RFC2830)

  o  ^O(RFC2596)

  o  DNSx[X̃T[rXP[V(RFC2247+"locate" C^[lbgh
     tg)

  o  X^hA[T[ő

  o  OQ/ManageDsaIT ("nameref" C^[lbghtg)

  o  ANZXTuVXe̋

  o  Xbhv[O

  o  vGveBuXbh̃T|[g

  o  XĩT|[g

  o  LDIFv1 (RFC2849)

  o  vbgtH[/TuVXěỏP

  LFLinux Documentation Project (LDP)ł LDAP Implementation HOWTO
  Ƃpӂ\łB̕ OpenLDAP 2.0 ̐V@\𒲂ׂ
  lɂƂĂ΂炵񌹂ƂȂł傤B̕ 2000 N 12 
  Ƀ[X\łB

  OpenLDAP pbP[W̍ŐVłł́A쐬oCieXg邱Ƃ
  ł܂BpbP[Wɂ̓eXgXNvgtĂāÂ悤ɂ
  sł܂B

       make test

  [] ̃eXg@ OpenLDAP 2.0.x ̏ꍇłB OpenLDAP 1.2.x 
   tests TufBNgɈڂĂ make ܂B

  XNvgŉƂNȂ Ctrl-C ͂ăXNvg̎s
  𒆒fł܂B̏ꍇAXNvg̎sSɏIOɃXNv
  g̎s~܂BƂA OpenLDAP ̐ݒł
  (successfull)̃bZ[WmFłĂ܂

  [] ҂̊(Vine Linux 2.1 + OpenLDAP 2.0.7)ŎƂł́A
  ȂׂẴeXgpX܂B

  3.  LDAP T[o̐ݒ

  [] ̏͂̐͊{I OpenLDAP 2.0.x ɊÂĂ܂B

  \tgEFÃCXg[AȂ̃TCgŗp邽߂
  ݒ܂傤Bslapd C^Cݒׂ̂ẮAslapd.conf t@C
  Ƃčs܂B̃t@C configure XNvgŎw肵
  prefix fBNg(ftHg /usr/local/etc/openldap)ɃCXg[
  Ă܂B

  ̐߂ł slapd.conf ł悭gݒfBNeBuɂďڂ
  ܂BSfBNeBũXgɂĂ slapd.conf(5) }jA
  y[WQƂĂBݒt@C̃fBNeBúAO[oA
  obNGhŗLAf[^ŗL̃JeSɕĂ܂BefBNeBu
  ɂẮA̐ƂƂ()̃ftHglƐݒ
  ܂B

  3.1.  ݒt@C̃tH[}bg

  t@C slapd.conf ́AO[oAobNGhŗLAf[^x[XŗL
  ̂R^Cv̐ݒ񂩂琬܂B܂ŏɎw肷̂̓O[o
  łǍɓ̃obNGhʂɊ֘A񂪑Aɂ
  ɓ̃f[^x[X̂Ɋ֘A񂪑܂B

  O[ofBNeBu͌̃obNGhf[^x[Xݒ̃fBN
  eBuŏ㏑łAobNGhݒfBNeBu̓f[^x[Xݒ
  fBNeBuŏ㏑ł܂B

  uNs  '#' Ŏn܂Rgs͖܂Bs󔒂Ŏn
  ܂ĂꍇAO̍špłƂ݂Ȃ܂B slapd.conf ̈
  ʓIȃtH[}bĝ͎悤ɂȂ܂B

       # O[oݒfBNeBu
       <O[oݒfBNeBu>

       # obNGh`
       backend <typeA>
       <obNGhŗLfBNeBu>

       # PԖڂ̃f[^x[X` & ݒfBNeBu
       database <typeA>
       <f[^x[XŗLfBNeBu>

       # QԖڂ̃f[^x[X` & ݒfBNeBu
       database <typeB>
       <f[^x[XŗLfBNeBu>

       # ̃f[^x[X` & ݒfBNeBu
       ...

  ݒfBNeBu̒ɂ͈Ƃ̂܂B̂ꍇɂ
  󔒂ŋ؂ĕׂ܂Bɋ󔒂܂߂ꍇɂ́Adp
  ň݂͂܂BɓdpobNXbV `\' ܂߂ꍇ
  ɂ́Ȃ̕OɃobNXbV `\' u܂B

  OpenLDAP ̔zz̒ɂ͐ݒt@C̃TvtĂ܂B
   /usr/local/etc/openldap fBNgɃCXg[܂BX
  L[}`(^ƃIuWFNgNX)܂񂾃t@C
  /usr/local/etc/openldap/schema fBNgɒ񋟂Ă܂B

  3.2.  O[ofBNeBu

  ̐߂ŐfBNeBúAobNGh܂̓f[^x[X̒`
  œɏ㏑ȂAׂẴobNGhƃf[^x[XɓKp
  Bۂ̃eLXgŒufBNeBü̓uPbg <> Ŏ
  ܂B

     access to <what> [ by <who> <accesslevel> <control> ]+
        ̃fBNeBúAGg⑮̂PZbg(<what> Ɏw)
        ΂ANZX(<accesslevel> Ɏw)Plȏ̗v(<who>
        w)ɗ^܂Bڂ́uANZXv̗QƂĂ
        B

     attributetype <RFC2252 Attribute Type Description>
        ̃fBNeBu͑^`܂B

     defaultaccess { none | compare | search | read | write }
        ̃fBNeBúAaccess fBNeBuw肳ĂȂ
        ɁAv҂ɗ^ftHg̃ANZXw肵܂Bǂ̃AN
        ZXx艺ʂ̃ANZXxÂɗ^܂ (Ƃ
        read ANZX́Asearch, compare ANZXÂɗ^܂
        write ANZX͗^܂)B

        ftHg̐ݒ͎̂ƂłB

            defaultaccess read

     idletimeout <integer>
        AChԂ̃NCAgڑIɐؒf܂ł̕bw
        ܂Bidletimeout ̒l 0 ł(ftHg) ̋@\͖
        ɂȂ܂B

     include <filename>
        ̃fBNeBúAslapd ݂̃t@C̎̍sɐiޑOɁA
        ^t@Cǉ̐ݒǂݍނƂw肵܂B
        ރt@ĆAʏ slapd ݒt@C̃tH[}bgɏ]
        Bt@C̎捞݂͈ʂɃXL[}w̋Lqꂽt@C
        荞ނ̂Ɏg܂B

        LF̃fBNeBu̎戵ɂ͒ӂĂ - q
        Ȃ include fBNeBuɐ͂ȂAinclude [v
        Ȃꍇło܂B

     loglevel <integer>
        ̃fBNeBúAfobOƑ̓vl syslog ɏo
        郌xw肵܂(݂̂ƂAsyslogd(8)  LOG_LOCAL4
        t@VeBɋL^܂)B̃IvVLɂȂ悤ɂ
        ɂ OpenLDAP  --enable-debug t(ftHg) configure
        Ȃ΂Ȃ܂(vɊւ̃x͗OŁA
        ɗp\ł)Bǂ̃fobNɉ̐ΉĂ̂𒲂
        ɂ -d ? w肵 slapd N邩Aȉ̕\Qlɂ
        B<integer> Ɏw\Ȓlɂ͎̂̂܂B

        [] OpenLDAP 2.0.x ł slapd  -d ? w肪Ȃ܂B

            -1      ׂẴfobOxLɂ
            0       fobOȂ
            1       ֐ďõg[X
            2       pPbg̃fobO
            4       ڍׂȃfobOg[X
            8       ڑǗ
            16      pPbgM̈
            32      tB^
            64      ݒt@C
            128     ANZX䃊Xg
            256     ڑ//ʂ̓vO
            512     GgM̓vO
            1024    shell obNGhƂ̒ʐM̈
            2048    Gg͂̃fobO

     ƂΎ̂悤Ɏw肵܂B
         loglevel 255 邢 loglevel -1

     ̂悤ɐݒ肷ƁAʂ̃fobO񂪋L^܂B

     ftHg̐ݒ͎̂ƂłB

         loglevel 256

     objectclass <RFC2252 Object Class Description>
        ̃fBNeBu̓IuWFNgNX`܂B

     referral <URI>
        ̃fBNeBúAv邽߂̃[Jf[^x[X
        ȂꍇɁANCAgɖ߂Љw肵܂B

        ƂΎ̂悤Ɏw肵܂B

            referral ldap://root.openldap.org

     ́AOpenLDAP vWFNg̃O[o[g LDAP T[oɔ񃍁[
     JȖ⍇Љ邱Ƃw肵܂B LDAP NCAgȂ
     ߂T[oɍėvł傤Â悤ȃNCAĝ
     Ƃǂ́AzXg̕ƃIvV̎ʖ̕ƂP
     LDAP URL ̏@mĂ邾łB

     sizelimit <integer>
        ̃fBNeBúA삩ԂGg̍ő吔w肵
        B

        ftHg̐ݒ͎̂ƂłB

            sizelimit 500

     timelimit <integer>
        ̃fBNeBúAslapd v̉Ɏgőb(
        )w肵܂B̎ԓɗvBȂ΁AԐ
        ߂ƂʂԂ܂B

        ftHg̐ݒ͎̂ƂłB

            timelimit 3600

  3.3.  ʃobNGhfBNeBu

  ̐߂̃fBNeBúÃfBNeBu`ĂobNG
  hɂ̂ݓKp܂B̃fBNeBu͑Sʂ̃obNGhŃT
  |[g܂BobNGhfBNeBúAʂׂ̂Ẵf[^
  x[X̂ɓKp܂AfBNeBuɂĂ̓f[^x[XfBN
  eBuŏ㏑܂B

     backend <type>
        ̃fBNeBúAobNGh`̎n܂܂B
        <type> ɂ́Aldbm, shell, passwd ȂǃT|[gĂobNG
        hʂ̂ǂꂩw肵܂B

  3.4.  ʃf[^x[XfBNeBu

  ̐߂̃fBNeBúÃfBNeBu`Ăf[^x[
  Xɂ̂ݓKp܂B̃fBNeBu͑Sʂ̃f[^x[XŃT
  |[g܂B

     database <type>
        ̃fBNeBu͐Vf[^x[X̒`̎n܂
        B<type> ɂ́Aldbm, shell, passwd ȂǁAT|[gĂ
        f[^x[X̎ʂ̂ꂩw肵܂B

        ƂΎ̂悤Ɏw肵܂B

            database ldbm

     ̐ݒ́AV LDBM obNGhf[^x[X̒`̎n܂
     ܂B

     readonly { on | off }
        ̃fBNeBúAf[^x[Xuǎpv[hɂ
        B̃[hŃf[^x[XXV悤Ƃ "unwilling to
        perform" G[Ԃ܂B

        ftHg̐ݒ͎̂ƂłB

            readonly off

     replica
        <-- [orig] replica host=<hostname>[:<port>] [bindmethod={ simple
        | kerberos | sasl }] ["binddn=<DN>"] [mech=<mech>]
        [authcid=<identity>] [authzid=<identity>]
        [credentials=<password>] [srvtab=<filename>] -->

          replica host=<hostname>[:<port>]
                  [bindmethod={ simple | kerberos | sasl }]
                  ["binddn=<DN>"]
                  [mech=<mech>]
                  [authcid=<identity>]
                  [authzid=<identity>]
                  [credentials=<password>]
                  [srvtab=<filename>]

     ̃fBNeBúÃf[^x[X̕TCgw肵܂Bp
     [^ host= ́AX[u slapd ̎̂zXgƃ|[g(Iv
     V)w肵܂B<hostname> ̓hC邢 IP AhX
     gĎw肵܂B<port> ^ĂȂ΁AW LDAP |[g
     ԍ(389)g܂B

     p[^ binddn= ́AX[u slapd ̍XVŃoCh邽߂ DN
     ^܂B́AX[u slapd ̃f[^x[Xɑ΂ăANZX
     read/write  DN ɂȂ΂Ȃ܂Bʏ̓X[u slapd
     ̐ݒt@Cɂ rootdn Ɏw肵Ă̂^܂B܂
     DN ́AX[u slapd ݒt@C updatedn fBNeBuɎw
     ̂ƈvĂȂ΂Ȃ܂B DN ɂ̓Xy[XĂ
     邱Ƃ̂ŁA"binddn=<DN>" ͓dpň͂ĂƂ
     ł傤B

     bindmethod ́AX[u slapd ւ̐ڑɎgF؂pX[hx[X
     ̂̂AKerberos ASASL ɂ simple  kerberos  sasl
     ɂȂ܂B

     ȈՔF؂͏\ȈѐƋ@̕ی(TLS  IPSEC Ȃ)ȂΎg
     ׂł͂܂BȈՔF؂ binddn  credentials p[^
     wKvƂ܂B

     Kerberos F؂́ASASL F؂̂ŎxɂȂĂ܂B (
     KERBEROS_V4  GSSAPI)BKerberos F؂ binddn  srvtab p[^
     ̎wKvƂ܂B

     ʂɂ SASL F؂gƂ߂܂BSASL F؂ mech p[^
     g@\̎w肪KvłBw肷@\ɈˑāAF؃ACf
     eBeBؖ authcid  credentials gĎwł܂BF
     ؃ACfeBeB̎wɂ authzid p[^g܂
     B

     replogfile <filename>
        ̃fBNeBúAslapd  ύXL^镡Ot@C
        Ow肵܂BO͒ʏ slapd oAslurpd ǂ
        ܂Bʏ킱̃fBNeBúAf[^x[X𕡐邽߂
        slurpd gĂꍇɂ̂ݗp܂B slurpd s
        ĂȂĂAgUNVO̐Ɏg܂B̏ꍇA
        Ot@C͖ɑ̂ŒIɐ؂l߂Kv
        ܂B

     rootdn <dn>
        ̃fBNeBúÃf[^x[Xɑ΂ANZX䂠
        ͊Ǘx̐ɏ]Ȃ DN w肵܂B DN ̓fBN
        g̃GgłKv͂܂B DN ɂ SASL ACf
        eBeBg܂B

        Ggx[X̗F

            rootdn "cn=Manager,dc=example,dc=com"

     SASL x[X̗F

         rootdn "uid=root@EXAMPLE.COM"

     rootpw <password>
        ̃fBNeBúÃIvVŗ^ DN ̃Gg
        邩ÃGgpX[hĂ邩ɂ炸A
        KppX[hw肵܂B̃fBNeBu SASL F؂
        ŎxɂȂĂ܂B

        ƂΎ̂悤Ɏw肵܂B

            rootpw secret

     suffix <dn suffix>
        ̃fBNeBúÃobNGhf[^x[Xɓn⍇
        DN ڔw肵܂B suffix s^Ă悢łAe
        f[^x[X`ɏȂƂ͕KvłB

        ƂΎ̂悤Ɏw肵܂B

            suffix "dc=example,dc=com"

     ̎wł́ADN ̖ "dc=example, dc=com" ̕t⍇
     obNGhɓn܂B

     LF⍇nobNGhIƂAslapd ͊ef[^
     x[X suffix sݒt@CɌ鏇ԂɌĂ܂B
     āAf[^x[X̐ڔʂ̃f[^x[X̐ړɂȂ
     ꍇɂ́Aݒt@Ĉ̂قɌ悤ɂȂ΂
     ܂B

     updatedn <dn>
        ̃fBNeBu̓X[u slapd ɂ̂ݓKpł܂B
        fBNeBu͕̕ύX DN w肵܂Bɂ́A
        ̕ύXƂ slurpd(8) oCh DNA邢 SASL A
        CfeBeBƊ֘A DN w肵܂B

        Ggx[X̗F

            updatedn "cn=Update Daemon,dc=example,dc=com"

     SASL x[X̗F

         updatedn "uid=slurpd@EXAMPLE.COM"

     updateref <URL>
        ̃fBNeBu̓X[u slapd ɂ̂ݓKpł܂B
        ̍XVv𑗂NCAgɖ߂ URL w肵܂B
        fBNeBu͂włAe URL ߂܂B

        ƂΎ̂悤Ɏw肵܂B

            updateref  ldap://master.example.net

  3.5.  LDBM obNGhŗLfBNeBu

  ̃JeS̃fBNeBúALDBM obNGhf[^x[Xɂ̂ݓK
  p܂BȂ킿A"database ldbm" ƂšŁA "database"
  sOɂȂ΂Ȃ܂B

     cachesize <integer>
        ̃fBNeBúALDBM obNGhf[^x[X̎̂ɂ
        ĊǗ郁LbṼGgw肵܂B

        ftHg̐ݒ͎̂ƂłB

            cachesize 1000

     dbcachesize <integer>
        ̃fBNeBúAI[vĂt@CꂼƊ
        AÂĂ郁LbṼTCYoCgŎw肵
        B̃f[^x[XŃT|[gȂ΁ÃfBN
        eBu͖قĖ܂B̐𑝂₷Ƃ葽̃g
        ܂AIȐ\̌オ܂B XVƍ̍쐬
        \̌オłB

        ftHg̐ݒ͎̂ƂłB

            dbcachesize 100000

     dbnolocking
        ̃fBNeBuw肳ƃf[^x[X̃bNɂȂ
        ܂B̃fBNeBúAf[^̃ZLeB]ɂĂł
        \グꍇɎg܂B

     dbnosync
        ̃fBNeBúAύXɑ΂郁̕ύXfBXN̓
        eƂɂ͓ƂȂ悤ɂ܂B̃fBNeBúA
        f[^̃ZLeB]ɂĂł\グꍇɎg
        B

     directory <directory>
        ̃fBNeBúAf[^x[XƊ֘A܂ LDBM
        t@CSufBNgw肵܂B

        ftHg̐ݒ͎̂ƂłB

            directory /usr/local/var/openldap-ldbm

     index {<attrlist> | default} [pres,eq,approx,sub,none]
        ̃fBNeBúA^ɂĊǗw肵
        B <attrlist> ^ꂽꍇAftHg̍Ǘ
        ܂BƂΎ̂悤Ɏw肵܂B

            index default pres,eq
            index objectClass,uid
            index cn,sn eq,sub,approx

     Psڂ́ÃftHgZbg𑶍݂ƓǗ悤ɐݒ
     ܂BQsڂ́AobjectClass  uid ^ɂăftHg̍
     (pres, eq)Ǘ悤ɐݒ肵܂BRsڂ́Acn  sn ^
     ēAAߎ̍Ǘ悤ɐݒ肵܂B

     mode <integer>
        ̃fBNeBúAVɍ쐬f[^x[Xt@C
        t@Cی샂[hw肵܂B

        ftHg̐ݒ͎̂ƂłB

            mode 0600

  3.6.  ̃obNGhf[^x[X

  slapd ́AftHg LDBM ̑ɂ̃obNGhf[^x[X
  ʂT|[gĂ܂B

  o  ldbm: Berkeley ܂ GNU DBM ݊̃obNGh

  o  passwd: /etc/passwd ւ̓ǎp̃ANZX

  o  shell: VF(OvO)obNGh

  o  sql: SQL vO\ȃobNGh

  ڂ {{slapd.conf}}(5) manpage QƂĂB

  3.7.  ANZX̗

  ``O[ofBNeBu''̐ɂANZX@\͎ɋ͂
  B̐߂ł́AANZX̗p܂B܂́AȒP
  ႩB

       access to * by * read

   access fBNeBúAlɓǎ(read)ANZX^
  ܂Bꂾw肵ꍇɂ́A defaultaccess sƓƂɂ
  ܂B

       defaultaccess read

  ̗́ADN ŃGgÎɐK\𗘗pĂƂ
  Ă܂B̓̃ANZX錾̏Ԃ͏dvłB

       access to dn=".*, o=U of M, c=US"
           by * search
       access to dn=".*, c=US"
           by * read

  ̗ł́Aǎ(read)ANZX c=US Tuc[z̃Ggɗ^
  ܂A"o=U of M, c=US" Tuc[zɌĂ͌(search) A
  NZX^܂B̃ANZXw̏tɂƁA
  Ă "U of M" Gg "c=US" Ggł̂ŁA "U of M" ̕
  w肪SKpȂȂĂ܂܂B

  ̗̏dvĂ܂Ax̓ANZXw̑ "by"
  ߂̏ɂĂĂ܂B܂̗ł́Ȃւ̃ANZX
  ^鑮ZN^ƁA܂܂ <who> ZN^̗p@ɂĂ
  Ă܂B

       access to dn=".*, o=U of M, c=US" attr=homePhone
           by self write
           by dn=".*, o=U of M, c=US" search
           by domain=.*\.umich\.edu read
           by * compare
       access to dn=".*, o=U of M, c=US"
           by self write
           by dn=".*, o=U of M, c=US" search
           by * none

  ̗́A"o=U of M, c=US" Tuc[̃GgɓKp܂B
  homePhone ׂĂ̑ɑ΂AYGĝɂ͏
  (write)^A "U of M" z̃Ggɂ͌(search)^
  Ȃ̃Ggɂ̓ANZX^܂B homePhone ɑ΂
  ẮAYGĝɂ͏݌(write)^A "U of M" Gg
  ɂ͌(search)^Aumich.edu hĈǂ炩ڑN
  CAgɂ͓ǎ茠^Ȃ̃Ggɂ͔r(compare)^
  ܂B

   DN ɑ̒ǉƏƂLpȂƂ܂BƂ
  ΁AO[v쐬AlX member ւ̒ǉƏg
  DN ɌĂł悤ɂꍇÂ悤ȃANZX錾Ŏł
  ܂B

       access to attr=member,entry
           by dnattr=member selfwrite

  ZN^ dnattr <who> ́AANZX member ɃXgĂG
  gɓKp邱Ƃw肵܂BANZXZN^ selfwrite ́A
  ̂悤 member Bg DN 𑮐ǉ/폜ł邱
  w肵܂B܂Aentry ǉĂƂKvłBȂȂA
  Gĝǂ̑ɃANZXɂAGgւ̃ANZXKv
  Ȃ邩łB

  [] "entry" ̓GgɎ݂ȂȑŁAւ̃ANZX
  wŃGgւ̃ANZXw肷邽߂ɎĝłB

  <what> ߂̒ attr=member \vf́A "dn=* attr=member" ̏ȗ`
  ł邱ƂɒڂĂ(Ȃ킿AׂẴGg member 
  Ɉv܂)B

  LFLDAP ̃ANZXɂĂƒm肽 OpenLDAP
  Administrator's Guide (http://www.openldap.org) 𒲂ׂĂB

  3.8.  ݒt@C̗

  ȉ͐ݒt@C̗łB̏Xɂ͐Ă܂B͓
  ̃f[^x[X`ĂāAꂼ X.500 c[̕ʁX̕
  ܂BƂf[^x[Xɂ LDBM gĂ܂B̓sA
  ɂ͍sԍĂ܂Aۂ̃t@Cɂ͍sԍ܂B
  ̓O[oݒZNV܂B

         1.    # example config file - global configuration section
         2.    include /usr/local/etc/schema/core.schema
         3.    referral ldap://root.openldap.org
         4.    access to * by * read

  s 1 ̓RgłBs 2  core XL[}`܂񂾕ʂ̐ݒt@C
  荞݂܂Bs 3  referral fBNeBúAɒ`f[^
  x[X̂ǂꂩɃ[JłȂ⍇ɂāAzXg root.openldap.org
  œ삵ĂW|[g(389) LDAP T[oQƂ邱ƂӖ
  B

  s 4 ̓O[oȃANZXłB́Af[^x[X̃ANZX
  Ɉv̂ȂꍇA邢́AANZX̑ΏۂƂȂIuWFNg
   (Root DSE ̂悤)ǂ̃f[^x[X̐䉺ɂȂꍇɂ̂ݎg
  ܂B

  ݒt@C̗̎́̕Ac[ "dc=example,dc=com" zɂ
  ̂ɂĂ̖⍇ LDBM obNGh`܂B̃f[
  ^x[X͓̃X[u slapd ɕ܂BX[ü
  truelies ŁA judgmentday łB̑ɂč
  ǗAuserPassword ͔F؂ĂȂ̂̃ANZX
  삳܂B

         5.    # ldbm definition for the example.com
         6.    database ldbm
         7.    suffix "dc=example, dc=com"
         8.    directory /usr/local/var/openldap
         9.    rootdn "cn=Manager, dc=example, dc=com"
        10.    rootpw secret
        11.    # replication directives
        12.    replogfile /usr/local/var/openldap/slapd.replog
        13.    replica host=slave1.example.com:389
        14.            binddn="cn=Replicator, dc=example, dc=com"
        15.            bindmethod=simple credentials=secret
        16.    replica host=slave2.example.com
        17.            binddn="cn=Replicator, dc=example, dc=com"
        18.            bindmethod=simple credentials=secret
        19.    # indexed attribute definitions
        20.    index uid pres,eq
        21.    index cn,sn,uid pres,eq,approx,sub
        22.    index objectClass eq
        23.    # ldbm access control definitions
        24.    access to attr=userPassword
        25.            by self write
        26.            by anonymous auth
        27.            by dn="cn=Admin,dc=example,dc=com" write
        28.            by * none
        29.    access to *
        30.            by self write
        31.            by dn="cn=Admin,dc=example,dc=com" write
        32.            by * read

  s 5 ̓RgłBf[^x[X`̎n܂́As 6  database L[
  [hŎ܂Bs 7 ́Ãf[^x[Xɓn⍇̂߂ DN 
  w肵܂Bs 8 ́Af[^x[Xt@CufBNgw
  肵܂B

  s 9  10 ́Ãf[^x[X́uX[p[UvGgƂ̃pX
  [hw肵܂B̃Gg̓ANZX䂠邢̓TCY/Ԑ
  ɏ]܂B

  s 11  18 ͕̐ݒłBs 11 ͕Ot@Cw肵܂(
  f[^x[X̕ύXL^܂ - ̃t@Cɂ slapd 
  ݁Aslurpd ǂݏo܂)Bs 12  14 ͕zXgAXV
  sƂ̃oCĥ߂ DNAoCh@(ȈՔF)Abinddn ̂
  ̏ؖ(pX[h)w肵܂Bs 15  18 ́AQ̕TCg
  w肵܂B

  s 20  22 ́A܂܂ȑ̂߂ɊǗw肵܂B

  s 24  32 ́Af[^x[X̃Gĝ߂̃ANZXw肵
  ܂BׂẴGg {{EX:userPassword}} ́ÃGgg
   "admin" GgXV\łB͔̑F؂̖ړIɂ͎g
  ܂ǂݎ܂Bׂ̑Ă̑́ÃGgg
  "admin" GgXV\ŁAF؂ꂽ[Uǂݎ܂B

  ݒt@C̗̎́̕Aʂ LDBM f[^x[X`܂B
  LDBM f[^x[X dc=example,dc=net Tuc[Ɋւ⍇
  ܂Bs 38 ȂƁAs 4 ̃O[oANZXKɂǂݎAN
  ZX邱ƂɒӂĂB

   33.    # ldbm definition for example.net
   34.    database ldbm
   35.    suffix "dc=example, dc=net"
   36.    directory /usr/local/var/ldbm-example-net
   37.    rootdn "cn=Manager, dc=example, dc=com"
   38.    access to * by users read

  4.  LDAP T[o̎s

  [] ̏͂̐͊{I OpenLDAP 2.0.x ɊÂĂ܂B

  slapd ̓X^hA[T[oƂē삷悤ɐ݌vĂ܂B
  ɂT[óALbVOAՃf[^x[Xɂs
  ǗAVXe\[ẌێƂ_܂Binetd(8) 
  sIvV͂ȂȂ܂B

  4.1.  R}hCIvV

  slapd ́A}jAy[WɏڐĂ悤ɑ̃R}hCI
  vVT|[gĂ܂B̐߂ł͂悭g鏭̃IvV
  ďڐ܂B

     -f <filename>
        ̃IvV́Aslapd ̐ݒt@C𖾎܂BftHg
         /usr/local/etc/openldap/slapd.conf łB

     -h <URLs>
        ̃IvV͑ւ̃Xiݒw肵܂BftHg
        ldap:/// łB̓ftHg LDAP |[g 389 łׂẴC
        ^tF[X TCP LDAP Ӗ܂B̃IvVɂ́A
        ̃|Xg/|[g̃yA͑̃vgRXL[(ldaps://
         ldapi:// Ȃ)wł܂BƂ -h "ldaps://
        ldap://127.0.0.1:667" ́A̃Xi쐬܂B̓ftH
        g LDAP/SSL |[g 636 łׂẴC^tF[X SSL 
         LDAP łB̓|[g 667  localhost (loopback)̃C
        ^tF[X TCP LDAP łBzXǵAIPv4 ̐lƃhb
        gg`łzXgłłwł܂B

     -n <service-name>
        ̃IvV́AO̎ȂǂŎgT[rXw肵܂B
        ftHg̃T[rX slapd łB

     -l <syslog-local-user>
        ̃IvV syslog(8) @\̃[J[Uw肵܂Bl
         LOCAL0, LOCAL1, LOCAL2,  LOCAL7 ܂Ŏwł܂BftH
        g LOCAL4 łB̃IvV̓VXeɂăT|[g
        ĂȂƂ܂B

     -u user -g group
        ̃IvV́Aꂼ slapd s邽߂̃[UƃO
        [vw肵܂Buser ɂ̓[U uid w肵܂Bgroup
        ɂ̓O[v gid w肵܂B

     -r directory
        ̃IvV͎sfBNgw肵܂B slapd ̓Xi
        I[vAݒt@C̓Ǎ݂obNGh̏
        OɁÃfBNg chroot(2) ܂B

     -d <level> | ?
        ̃IvV slapd ̃fobOx <level> ɐݒ肵܂B
        x `?' ̏ꍇA܂܂ȃfobOx\A
        IvVw𖳎 slapd ͏I܂B݃T|[g
        fobOxɂ͎̂̂܂B

        -1      ׂẴfobOxLɂ
        0       fobOȂ
        1       ֐ďõg[X
        2       pPbg̃fobO
        4       ڍׂȃfobOg[X
        8       ڑǗ
        16      pPbgM̈
        32      tB^
        64      ݒt@C
        128     ANZX䃊Xg
        256     ڑ//ʂ̓vO
        512     GgM̓vO
        1024    shell obNGhƂ̒ʐM̈
        2048    Gg͂̃fobO

     ̃fobOxLɂ邱Ƃł܂Bv郌x
     ɂăfobOIvVw肵Ă悢łAfobOx
     ZĎw肵Ă܂܂B܂A֐ďõg[X
     ݒt@C̏̊ώ@s΁Ax̓̃x
     vɐݒ肷΂悢̂ł(̏ꍇ -d 65)B܂Â悤ȉZ
      slapd ɂ邱Ƃł܂(Ƃ -d 1 -d 64)Bڂ
     <ldap.h> t@CQƂĂB

     LFvOo͂̃xȊÕfobOo͂ł
     悤ɂɂ́Aslapd  -DLDAP_DEBUG t slapd RpC
     Ȃ΂Ȃ܂B

     [] OpenLDAP 2.0.x ł -d ? w肪Ȃ܂B

  4.2.  LDAP T[őN

  ʂ slapd ͎̂悤Ɏs܂B

      /usr/local/etc/libexec/slapd [<option>]*

   /usr/local/etc/libexec ́Aconfigure XNvgŌ肳ꂽꏊ
  ŁA<option> ͑Oq(邢 slapd(8) ɐ̂)IvV
  BfobOxw肵Ȃ(x 0 w肵ꍇ܂
  )Aslapd ͎I fork A[玩؂藣ăobNO
  Ehœ삵܂B

  4.3.  LDAP T[ȍI

  S slapd Iɂ́Â悤ɃR}h^܂B

  kill -TERM `cat $(ETCDIR)/slapd.pid`

  [] OpenLDAP 2.0.x ł `-TERM' ł͂Ȃ `-INT' w肷邱Ƃ
  ȂĂȂB

  slapd IOɂ͂܂܂ȃobt@tbVKv邽
  ߁A苭IɏIig LDBM f[^x[XsɂȂ鋰
  ꂪ܂Bslapd ́Aslapd.conf t@Cɐݒ肵fBNg
  slapd.pid Ƃt@C(Ƃ /usr/local/var/slapd.pid)  pid 
  ݂܂B

  include/ldapconfig.h.edit  SLAPD_PIDFILE ύX邱ƂɂāA
   pid t@C̈ʒuύXł܂B

  [] ݂ OpenLDAP ł slapd.conf ̃O[oIvV pid
  t@C̈ʒuݒ肷悤ɕύXĂ܂BƂ `pidfile
  /usr/local/var/slapd.pid' Ǝw肵܂B

  ܂Aslapd ́Aslapd.conf t@Cɐݒ肵fBNg slapd.args
  Ƃt@C(Ƃ /usr/local/var/slapd.args) slapd ̈
  ݂܂B include/ldapconfig.h.edit  SLAPD_ARGSFILE ύX
  ƂɂāÄt@C̈ʒuύXł܂B

  [] ݂ OpenLDAP ł slapd.conf ̃O[oIvVň
  t@C̈ʒuݒ肷悤ɕύXĂ܂BƂ `argsfile
  /usr/local/var/slapd.args' Ǝw肵܂B

  5.  f[^x[X쐬/Ǘc[

  ̐߂ł́Aslapd f[^x[X 0 쐬@ƁA肪
  Ƃ̃guV[eBOɂĐ܂Bf[^x[X쐬
  ̂ɂ͓̕@܂B̈ LDAP păICŃf[^
  x[X쐬Ƃ̂łB̕@ł́AP slapd NA
  K LDAP NCAgpăGgǉ܂B̕@́Ar
  Iȃf[^x[X(pɉĐSx)̍쐬ɓKĂ܂B

  f[^x[X쐬̕@́Aslapd pɒ񋟂ȃ[
  eBeBpăItCōsƂ̂łB̕@́ALDAP 
  gĂĂ͑ςȂقǂ̒ԂĂ܂悤ȉȏ
  ̃GgꍇA̓f[^x[X̍쐬Ƀf[^x[Xւ̃A
  NZX悤ɂ邱Ƃۏ؂ꍇɍœKȕ@łB

  5.1.  ICŃf[^x[X쐬@

  OpenLDAP \tgEFApbP[Wɂ ldapadd Ƃc[tĂ
  āA͓삵Ă LDAP T[oɑ΂ăGgǉ邽߂ɗp
  ܂BICŃf[^x[X쐬ȂAGg̒ǉ
  ldapadd c[g܂BŏɃGgǉɁAɃGg
  ǉ̂ɂ ldapadd g܂Bslapd nO slapd.conf
  t@Cɂ鎟̐ݒIvVݒ肵ĂĂB

      suffix <dn>

  ``LDAP T[o̐ݒ''Ő悤ɁÃIvVɂ́Ãf[^
  x[XɊi[GgQł邩Lq܂B͍쐬悤
  ƂĂTuc[̃[g DN ɐݒ肵܂BƂΎ̂悤ɐݒ
  ܂B

      suffix "o=TUDelft, c=NL"

  t@C쐬fBNgݒ肵ĂB

      directory <directory>

  ƂΎ̂悤ɐݒ肵܂B

      directory /usr/local/tudelft

  Ggǉ錠[U slapd ɐڑł悤ɐݒ肷
  Kv܂B̓f[^x[X`̓̃IvVpčs
  ܂B

      rootdn <dn>

      rootpw <passwd>   /* ̃pX[h crypt ĝYȂ !!! */

  [] ۂɂ /* ` */ ŃRg邱Ƃ͂ł܂B

  ̃IvV́Af[^x[X́uX[p[UvGg(Ȃ킿
  łłGg)ƂĔF؂̂Ɏg DN ƃpX[hw肵
  BŎw肷 DN ƃpX[h́Aۂɂ̖ÕGg
  AĎw̃pX[hĂ邩ɂ炸ɗLłB
  ́A܂GgԂł̔F؂ƃGg̒ǉǂ邩Ƃ
  u{Ɨv܂B

  ŌɁAf[^x[X`ɖ]ލ`܂߂܂B

      index {<attrlist> | default } [pres,eq,approx,sub,none]

  Ƃ΁Acn, sn, uid, objectclass ɍɂ́Â悤
  index ݒsg܂B

      index cn,sn,uid

      index objectclass pres,eq

      index default none

  ܂Őݒ肵 slapd NāAȂ LDAP NCAgŐڑ
  āAGg̒ǉJnĂBƂ΁ATUDelft GgƂ
  ɑ Postmaster Gg ldapadd c[pĒǉɂ́A
  ̓eLq /tmp/newentry Ƃt@C쐬܂B

      o=TUDelft, c=NL
      objectClass=organization
      o=TUDelft
      description=Technical University of Delft Netherlands

      cn=Postmaster, o=TUDelft, c=NL
      objectClass=organizationalRole
      cn=Postmaster
      description= TUDelft postmaster - postmaster@tudelft.nl

  ۂɃGg쐬ɂ͎̂悤ȃR}hg܂B

      ldapadd -f /tmp/newentry -D "cn=Manager, o=TUDelft, c=NL" -w secret

  ̃R}hpł́Arootdn  "cn=Manager, o=TUDelft, c=NL"A
  rootpw  "secret" ɐݒ肳Ă̂Ƃ܂BR}hCɃpX
  [h^CvȂ΁Aldapadd R}h̃IvV -w
  "password" ̑ -W IvVgĂBƁA
  悤ɃpX[h̓͂v悤ɂȂ܂B

      ldapadd -f /tmp/newentry -D "cn=Manager, o=TUDelft, c=NL" -W
      Enter LDAP Password:

  5.2.  ItCŃf[^x[X쐬@

  [] ̐߂̐͊{I OpenLDAP 2.0.x ɊÂĂ܂B

  f[^x[X쐬Q̕@́Aqc[păIt
  CōsƂłBȏ̃Ggi[KvAOq
  LDAP 𗘗p@ĝł͎Ԃ肷悤ȏꍇɂ́AI
  tCŐ̂œKłB̃c[́Aslapd p̐ݒt@C
  ƁAǉGg̃eLXg\ꂽ LDIF t@CƂǂ
  ݁ALDBM t@C𒼐ڍ쐬܂B܂́Aݒt@C̃f[^
  x[X`ɐݒ肵ĂׂdvȐݒIvV܂B

  suffix <dn>

  Oq悤ɁÃIvV́Ãf[^x[XɊi[Gg
  Qł邩Ă܂B͍쐬悤ƂĂTuc[
  [g DN ɐݒ肷ׂłBƂΎ̂悤ɐݒ肵܂B

      suffix "o=TUDelft, c=NL"

  t@C쐬fBNgݒ肵ĂB

      directory <directory>

  ƂΎ̂悤ɐݒ肵܂B

      directory /usr/local/tudelft

  ɁAI[vĂet@Cɂėp郁Lb
  ṼTCY𑝂₵ĂƂ悢ł傤B̍쐬ɍō̐\o
  ߂ɂ́AŜ̍ɔ[܂悤ɂ܂B̂悤ɂɂ
  f[^傫A邢̓ȂꍇłALbVTC
  Ył邾傫܂傤B̓y[WOVXeƂĂ
  B̃TCỸ͎IvVŐݒ肵܂B

      dbcachesize <integer>

  ƂΎ̂悤ɐݒ肵܂B

      dbcachesize 50000000

   50MB ƂȂ傫ȃTCỸLbV쐬܂(~VK
  wł́Af[^x[X 125K GgAő̍t@C 45MB
  ł)B̃LbVTCYƕsx(q)Ă݂āAVXe
  Kɓ삷悤ɂĂBt@C쐬Aslapd s
  OɃLbVTCYȒlɖ߂Ă̂YȂłB

  ŌɁA쐬w肷Kv܂B́Aȏ index
  IvVɂčs܂B

      index {<attrlist> | default} [pres,eq,approx,sub,none]

  ƂΎ̂悤ɐݒ肵܂B

  index cn,sn,uid pres,eq,approx
  <p>
  index default none

  ́A cn, sn, and uid ɂđ݁AAߎ̍쐬
  ȂɂĂ͍쐬܂B̃IvVɂďڂ
   ``LDAP T[o̐ݒ''̐ݒt@CQƂĂB

  ܂Őݒ肵Aslapadd(8) vOsĎf[^x[XƊ
  A쐬܂B

      slapadd -l <inputfile> -f <slapdconfigfile>
              [-d <debuglevel>] [-n <integer>|-b <suffix>]

  ̈Ӗ͎̂ƂłB

     -l <inputfile>
        ǉGgeLXg`ŋLq LDIF ̓t@Cw
        ܂ (LDIF ɂĂ͎߂Q)B

     -f <slapdconfigfile>
        쐬ꏊA쐬Ȃǂm点 slapd ݒt@C
        w肵܂B

     -d <debuglevel>
        <debuglevel> Ŏw肵fobO[hɂ܂Bw肷fobO
        x slapd ƓłBuLDAP T[o̎sv̏͂́u``R}
        hCIvV''vQƂĂBǂ̃f[^x[XXV
        邩w肷IvVBݒt@Cɒ`Ă
        ̃f[^x[X 1AQԖڂ̃f[^x[X 2 Ƃ悤Ɏw
        ܂BftHgł́Aݒt@Cɒ`Ăŏ ldbm
        f[^x[Xg܂BIvV -b ƕĎw肵Ă͂Ȃ
        B

     -b <suffix>
        ǂ̃f[^x[XXV邩w肷IvVB^T
        tBbNX́Af[^x[Xԍ肷邽߂ɁAf[^x[X
        suffix fBNeBuƏƍ܂BIvV -n ƕĎw
        Ă͂Ȃ܂B

  ɂ͍̍č쐬KvɂȂ邱Ƃ܂(slapd.conf(5) ύX
  Ȃ)B̂悤ȂƂ́Aslapindex(8) vOgĂł
  Bslapindex ͎̏ŋN܂B

      slapindex -f <slapdconfigfile> [-d <debuglevel>]
                [-n <databasenumber>|-b <suffix>]

  IvV -f, -d, -n, -b ̈Ӗ slapadd(1) vOƓłB
  slapindex ́Ã݂f[^x[X̓eɂׂĂ̍č쐬
  B

  f[^x[X LDIF t@CɃ_v̂Ɏg slapcat ƂvO
  pӂĂ܂B́Af[^x[X̉ǐ̂obNAbv
  Ƃ肽ƂAf[^x[XItCŕҏWƂȂǂɗLp
  B̃vȌ͎ŋN܂B

      slapcat -l <filename> -f <slapdconfigfile>
              [-d <debuglevel>] [-n <databasenumber>|-b <suffix>]

  IvV -n ܂ -b ́A{{EX:-f}} Ŏw肷 slapd.conf(5) ɐݒ
  Ăf[^x[XIԂ̂Ɏg܂B LDIF o͂́AWo
  ͂ -l IvVŎw肷t@Cɏo܂B

  5.3.  LDIF tH[}bgɂĂ

  [] ̐߂̐͊{I OpenLDAP 2.0.x ɊÂĂ܂B

  LDAP f[^tH[}bg(LDIF - LDAP Data Interchange Format)́A
  LDAP GgȒPȃeLXgtH[}bgŕ\邽߂ɗp
  BGg̊{IȌ`͎̂悤Ȃ̂łB

      # Rg
      dn: <ʖ>
      <Lqq>: <l>
      <Lqq>: <l>
      ...

   '#' Ŏn܂s̓RgłBLqq́A cn, objectClass,
  1.2.3 (^ OID)̂悤ȒPȂ鑮^łA cn;lang_en_US,
  userCertificate;binary ̂悤ɃIvVt܂B

  sP̃Xy[X܂̓^uŊJnƑO̍sɌpł܂B
  Ύ̂悤ɂł܂B

       dn: cn=Barbara J Jensen, dc=example, dc=
        com
       cn: Barbara J
           Jensen

  ͎̂̂ƓłB

       dn: cn=Barbara J Jensen, dc=example, dc=com
       cn: Barbara J Jensen

  lꍇ͍s𕪂Ďw肵܂BƂΎ̂悤ɂȂ
  B

       cn: Barbara J Jensen
       cn: Babs Jensen

  <l> Ɉ󎚂łȂ܂܂ĂAXy[XAR(':')A
  ȂL('{{EX:<}}')Ŏn܂ꍇɂ́A<Lqq> ɑăR
  uAbase64 \LŃGR[hl܂BƂ΁Al "
  begins with a space" łƂ͎̂悤ɂȂ܂B

       cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=

  lێ URL w肷邱Ƃł܂BɎ́AjpegPhoto
  ̒lt@C /path/to/file.jpeg 瓾邱Ƃw肵܂B

       cn:< file:///path/to/file.jpeg

   LDIF ̃̕Gg͋sŕ܂BɎ̂́AO̃G
  g܂ LDIF t@C̗łB

       # Barbara's Entry
       dn: cn=Barbara J Jensen,dc=example,dc=com
       cn: Barbara J Jensen
       cn: Babs Jensen
       objectClass: person
       sn: Jensen

       # Bjorn's Entry
       dn: cn=Bjorn J Jensen,dc=example,dc=com
       cn: Bjorn J Jensen
       cn: Bjorn Jensen
       objectClass: person
       sn: Jensen
       # Base64 encoded JPEG photo
       jpegPhoto:: /9j/4AAQSkZJRgABAAAAAQABAAD/2wBDABALD
        A4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQ
        ERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVG

       # Jennifer's Entry
       dn: cn=Jennifer J Jensen,dc=example,dc=com
       cn: Jennifer J Jensen
       cn: Jennifer Jensen
       objectClass: person
       sn: Jensen
       # JPEG photo from file
       jpegPhoto:< file:///path/to/file.jpeg

  ŁABjorn ̃Gg jpegPhoto  base 64 GR[h
  ŁAJennifer ̃Gg jpegPhoto  URL ɂĎꂽꏊ
  擾邱ƂɒڂĂB

  LDIF t@CɂāAľɑXy[X؎̂Ă邱Ƃ͂
  B܂Al̒̃Xy[Xk߂邱Ƃ܂Bf[^ɃX
  y[XuȂꍇ́ALDIF ɂXy[XuĂ͂Ȃ܂B

  5.4.  ldapsearch, ldapdelete, ldapmodify [eBeB

  [] ̐߂̐͊{I OpenLDAP 1.2.x ɊÂĂ܂B
  OpenLDAP 2.0.x ł̓IvVǉ/ύXĂ܂B

  ldapsearch - ldapsearch ́Aldap_search(3) CuR[ɑΉ
  R}hCC^tF[XłB̃[eBeB́ALDAP f[^
  x[XobNGh̃Gg邽߂Ɏg܂B

  ldapsearch N鏑͎̂Ƃł(eIvV̈Ӗ
  ldapsearch  man y[WĂ)B

       ldapsearch  [-n] [-u] [-v] [-k] [-K] [-t] [-A] [-B] [-L] [-R] [-d debuglevel]
           [-F sep] [-f file] [-D binddn] [-W] [-w bindpasswd] [-h ldaphost]
           [-p ldapport] [-b searchbase] [-s base|one|sub]
           [-a never|always|search|find] [-l timelimit] [-z sizelimit]
           filter [attrs...]

  ldapsearch  LDAP T[oɑ΂ăRlNV𒣂AoChA
  tB^ filter pČ܂B filter ́ARFC 1558 ɒ`
  Ă LDAP tB^̕\ɏ]˂΂Ȃ܂Bldapsearch 
  Pȏ̃GgƁAattrs Ɏw肵oA
  GgƒlWo͂Ɉ󎚂܂Battrs ̎w肪Ȃ΁AS
  Ԃ܂B

   ldapsearch ̗p܂B

       ldapsearch -b 'o=TUDelft,c=NL' 'objectclass=*'

       ldapsearch -b 'o=TUDelft,c=NL' 'cn=Rene van Leuken'

       ldasearch -u -b 'o=TUDelft,c=NL' 'cn=Luiz Malere' sn mail

  IvV -b ͌x[X(擪̌|Cg)w肵A-u IvV
  ̓[Uth`o͂Ɋ܂߂邱Ƃw肵܂B

  ldapdelete - ldapdelete ́Aldap_delete(3) CuR[ɑΉ
  R}hCC^tF[XłB̃[eBeB́ALDAP f[^
  x[XobNGh̃Gg폜邽߂Ɏg܂B

  ldapdelete N鏑͎̂Ƃł(eIvV̈Ӗ
  ldapdelete  man y[WĂ)B

       ldapdelete  [-n] [-v] [-k] [-K] [-c] [-d debuglevel] [-f file] [-D binddn]
           [-W] [-w passwd] [-h ldaphost] [-p ldapport] [dn]...

  ldapdelete  LDAP T[oɑ΂ăRlNV𒣂AoChA
  Pȏ̃Gg폜܂BPȏ dn ^Ă΁A
  ̎ʖGg폜܂BX dn ́ARFC 1779 ɒ`
  Ă镶\ DN łȂ΂Ȃ܂B dn ^Ă
  Ȃ΁AW(邢 -f tOŎw肵t@C file) DN
  ̃Xgǂݍ݂܂B

   ldapdelete ̗p܂B

       ldapdelete 'cn=Luiz Malere,o=TUDelft,c=NL'

       ldapdelete -v 'cn=Rene van Leuken,o=TUDelft,c=NL' -D 'cn=Luiz Malere,o=TUDelft,c=NL' -W

  IvV -v ͏璷[hɂ邱Ƃw肵A-D IvV̓oCh
   dn (F؂̑ΏۂƂȂ dn)w肵A-W IvV̓pX[h̓
  v邱Ƃw肵܂B

  ldapmodify - ldapmodify ́Aldap_modify(3)  ldap_add(3) ̃Cu
  R[ɑΉR}hCC^tF[XłB̃[eBeB
  ́A LDAP f[^x[XobNGh̃GgXV邽߂Ɏg
  B

  ldapmodify N鏑͎̂Ƃł(eIvV̈Ӗ
  ldapmodify  man y[WĂ)B

       ldapmodify  [-a] [-b] [-c] [-r] [-n] [-v] [-k] [-d debuglevel] [-D binddn]
           [-W] [-w passwd] [-h ldaphost] [-p ldapport] [-f file]

       ldapadd  [-b] [-c] [-r] [-n] [-v] [-k] [-K] [-d debuglevel] [-D binddn]
           [-w passwd] [-h ldaphost] [-p ldapport] [-f file]

  ldapadd ́Aldapmodify c[ւ̃n[hNɂȂĂ܂Bldapadd
  ƂċNƁAtO -a (VGg̒ǉ)ÖقɎw肳ꂽ
  ̂Ƃ݂Ȃ܂Bldapmodify  LDAP T[oւɑ΂ăRlNV
  AoChAGgXV/ǉ܂BGg͕W
  邢 -f IvVŎw肵t@C file ǂݍ܂܂B

   ldapmodify ̗p܂B

  t@C /tmp/entrymods A̓ê͎悤ɂȂĂƂ
  B

       dn: cn=Modify Me, o=University of Michigan, c=US
       changetype: modify
       replace: mail
       mail: modme@terminator.rs.itd.umich.edu
       -
       add: title
       title: Grand Poobah
       -
       add: jpegPhoto
       jpegPhoto: /tmp/modme.jpeg
       -
       delete: description
       -

  ̃R}hs܂B

       ldapmodify -b -r -f /tmp/entrymods

  ɂAGg "Modify Me"  mail ̓el
  "modme@terminator.rs.itd.umich.edu" ŒuA "Grand Poobah"  title
  ǉāAt@C "/tmp/modme.jpeg" ̓e jpegPhoto ƂĒǉ
  āAdescription Sɏ܂B

  ̌Â ldapmodify ̓tH[}bgpĂAƓXVs
  B

       cn=Modify Me, o=University of Michigan, c=US
       mail=modme@terminator.rs.itd.umich.edu
       +title=Grand Poobah
       +jpegPhoto=/tmp/modme.jpeg
       -description

  ̏ꍇl ldapmodify N܂B

       ldapmodify -b -r -f /tmp/entrymods

  t@C /tmp/newentry A̓ê͎悤ɂȂĂƂ
  B

       dn: cn=Barbara Jensen, o=University of Michigan, c=US
       objectClass: person
       cn: Barbara Jensen
       cn: Babs Jensen
       sn: Jensen
       title: the world's most famous manager
       mail: bjensen@terminator.rs.itd.umich.edu
       uid: bjensen

  ̃R}hs܂B

       ldapadd -f /tmp/entrymods

  t@C /tmp/newentry A̓ê͎悤ɂȂĂƂ
  B

       dn: cn=Barbara Jensen, o=University of Michigan, c=US
       changetype: delete

  ̃R}hs܂B

       ldapmodify -f /tmp/entrymods

  ́ABabs Jensen ̃Gg܂B

  IvV -f (W͂̑ɍXVǂݍ) t@Cw
  A-b IvV̓oCiw肵 (̓t@C '/' Ŏn܂l
  oCiłƉ߂)A-r ͍XV(ftHgŊ̒lXV)w
  肵܂B

  6.  ǉƕ⑫

  ̐߂ɂ́AfBNgւ̖⍇Ɏg Netscape ̃AhX
  (Address Book)ɂĂ̏񂪂܂B܂Ao[W 4.5 ȏ
  Netscape Navigator  LDAP T[ogă[~OANZX
  @ɂďڂ܂BOpenLDAP ̃[OXgł́A[~
  OANZXɂđ̋c_܂B͂̋@\܂
  łȂ߂łB啔̐lX Netscape Navigator _E[h
  Abv[ĥ LDAP T[oĝD݂܂BāA
  ǂŃ[~OANZXv悤ɓ삵ȂƂƂ킩Ă
  CɂȂłB̐lXɂ̏󋵂oĂ̂łB
  ł̋@\ЉړÍALDAP vgR̉\ɂẴACf
  AlXɂ葽^邽߂łBŌɂ́A slapd vZXSɒ
  f@ slapd ̃OɂĂ̏񂪂܂B

  6.1.  [~OANZX

  [] ̐߂̐͊{I OpenLDAP 1.2.x ɊÂĂ܂B
  OpenLDAP 2.0.x ł͑IuWFNgNX̊g@ȂǂύXɂȂ
  Ă܂B

  [~OANZX̖ړÍAlbĝǂɂĂ Netscape Navigator
   LDAP T[opāAubN}[NAݒA[tB^Ȃǂo
  悤ɂ邱ƂłB͔ɕ֗ȋ@\łBȂǂ Web
  ɃANZX悤ƂAŎguEUɂ͂Ȃg̐ݒ肪̂
  BȂsɏoŁAȂ̃[JubN}[Nɓo^
  鑊̃TCgɃANZXꍇSz܂BubN}[N
  t@C LDAP T[oɃAbv[hAłȂǂɂ悤
  ubN}[Nݒt@CׂĎo܂B

  [] cOȂ Netscape 6 ł̓[~OANZX@\Ȃ܂
  B

  [~OANZXɂ͎̃Xebvɏ]Kv܂B

  1. Lqt@CύX

  2. IuWFNgNXLqt@CύX

  3. vt@Ci[邽߂ LDIF t@C쐬

  4. [~OANZXT[oƂ LDAP T[og悤 Netscape
     Navigator ݒ肷

  5. Vݒ LDAP T[oċN

  6.1.1.  t@C̕ύX

  slapd.at.conf ( slapd.conf Ɏ荞܂t@CŁAʏ
  /usr/local/etc/openldap ɂ܂)ɗ^Ă鑮̈ꗗɎ̐V
  ǉKv܂B

  attribute       nsLIPtrURL              ces
  attribute       nsLIPrefs               ces
  attribute       nsLIProfileName         cis
  attribute       nsLIData                bin
  attribute       nsLIElementType         cis
  attribute       nsLIServerType          cis
  attribute       nsLIVersion             cis
  attribute       nsServerPort            cis

  [] OpenLDAP 2.0.x ̏ꍇA/usr/local/etc/openldap/schema/ ɓK
  t@CpӂĎ̒`ǉA slapd.conf Ɏ荞ނ悤
  ܂B

  attributetype ( 2.16.840.1.113730.3.1.70
          NAME 'serverRoot'
          EQUALITY caseIgnoreMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

  attributetype ( 2.16.840.1.113730.3.1.76
          NAME 'serverHostName'
          EQUALITY caseExactIA5Match
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

  attributetype ( 2.16.840.1.113730.3.1.280
          NAME 'nsServerPort'
          EQUALITY caseExactIA5Match
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

  attributetype ( 2.16.840.1.113730.3.1.399
          NAME 'nsLIPtrURL'
          EQUALITY caseExactIA5Match
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

  attributetype ( 2.16.840.1.113730.3.1.400
          NAME 'nsLIPrefs'
          EQUALITY caseExactIA5Match
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

  attributetype ( 2.16.840.1.113730.3.1.401
          NAME 'nsLIProfileName'
          EQUALITY caseIgnoreMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

  attributetype ( 2.16.840.1.113730.3.1.402
          NAME 'nsLIData'
          EQUALITY bitStringMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )

  attributetype ( 2.16.840.1.113730.3.1.403
          NAME 'nsLIElementType'
          EQUALITY caseIgnoreMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

  attributetype ( 2.16.840.1.113730.3.1.404
          NAME 'nsLIServerType'
          EQUALITY caseIgnoreMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

  attributetype ( 2.16.840.1.113730.3.1.405
          NAME 'nsLIVersion'
          EQUALITY integerMatch
          SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

  6.1.2.  IuWFNgNXt@C̕ύX

  slapd.oc.conf ( slapd.conf Ɏ荞܂t@CŁA
  /usr/local/etc/openldap ɂ܂)Ɏ̐VNXǉKv
  ܂B

  objectclass nsLIPtr
      requires
          objectclass
      allows
          nsliptrurl,
          owner

  objectclass nsLIProfile
      requires
          objectclass,
          nsliprofilename
      allows
          nsliprefs,
          uid,
          owner

  objectclass nsLIProfileElement
      requires
          objectclass,
          nslielementtype
      allows
          owner,
          nslidata,
          nsliversion

  objectclass nsLIServer
      requires
          objectclass,
          serverhostname
      allows
          description,
          cn,
          nsserverport,
          nsliservertype,
          serverroot

  [] OpenLDAP 2.0.x ̏ꍇA/usr/local/etc/openldap/schema/ ɓK
  t@CpӂĎ̒`ǉA slapd.conf Ɏ荞ނ悤
  ܂B

  objectclass ( 2.16.840.1.113730.3.2.74
          NAME 'nsLIPtr'
          SUP top
          MUST objectClass
          MAY ( nsLIPtrURL $ owner ) )

  objectclass ( 2.16.840.1.113730.3.2.75
          NAME 'nsLIProfile'
          SUP top
          MUST ( objectClass $ nsLIProfileName )
          MAY ( nsLIPrefs $ uid $ owner ) )

  objectclass ( 2.16.840.1.113730.3.2.76
          NAME 'nsLIProfileElement'
          SUP top
          MUST ( objectClass $ nsLIElementType )
          MAY ( owner $ nsLIData $ nsLIVersion ) )

  objectclass ( 2.16.840.1.113730.3.2.77
          NAME 'nsLIServer'
          SUP top
          MUST ( objectClass $ serverHostName )
          MAY ( cn $ description $ nsLIServerType $
                nsServerPort $ serverRoot ) )

  6.1.3.  LDIF t@C̍쐬

  [] ̃XebvɓO slapd.conf ̐ݒĂ܂傤B
   OpenLDAP 1.2.x ̏ꍇ `lastmod on' ɂĉ^p modifyTimestamp
  IɊǗ悤ɂȂ΂Ȃ܂BɁÃANZX
  ݒ肵 slapd ċNĂB

    OpenLDAP 1.2.x ̏ꍇF
      access to dn=".*,ou=Roaming,o=myOrg,c=NL" by dnattr=owner write
      access to attr=userpassword by * none by self write

    OpenLDAP 2.0.x ̏ꍇF
      access to dn=".*,ou=Roaming,o=myOrg,c=NL"
          by dnattr=owner write
      access to attr=userpassword
          by self write
          by anonymous auth
          by dn="cn=Manager,o=myOrg,c=NL" write
          by * none
      access to *
          by self write
          by anonymous auth

   LDIF t@C쐬Kv܂BNetscape ̃[~OA
  NZX@\gĂ݂e[UpɁAvt@CGgǉ
  BȉɁAvt@CGg LDIF t@C̊ȒPȗ
  B

  dn: o=myOrg,c=NL
  objectClass: top
  objectClass: organization
  o: myOrg

  dn: ou=People,o=myOrg,c=NL
  objectClass: top
  objectClass: organizationalUnit
  ou: People

  dn: cn=seallers,ou=People,o=myOrg,c=NL
  userPassword: myPassword
  objectClass: top
  objectClass: person
  cn: seallers
  sn: seallers

  dn: ou=Roaming,o=myOrg,c=NL
  objectClass: top
  objectClass: organizationalUnit
  ou: Roaming

  dn: nsLIProfileName=seallers,ou=Roaming,o=myOrg,c=NL
  objectClass: top
  objectClass: nsLIProfile
  nsLIProfileName: seallers
  owner: cn=seallers,ou=People,o=myOrg,c=NL

  [] ALDIF t@C쐬邾ł͂ȂāAۂ
  ldapadd ȂǂgăfBNgɊi[ĂB

  6.1.4.  Netscape Navigator ̐ݒ

  ̃Xebv́ALDAP T[oɑ΂ă[~OANZX\ƂȂ悤
   Netscape Navigator ݒ肷邱ƂłB

  o  j[uҏWvuݒvu[~O [UvI܂B

  ܂Ãvt@CŃ[~OANZX\ɂȂ΂Ȃ܂
  BỸ`FbN{bNXNbN܂B

  o  [Ũ{bNXɓK؂ȒlAƂ seallers ͂܂B

  uݒvEBhE̍ɂu[~O [UvIvV̖
  v_EāA[~OANZX̃TuIvV\܂B

  o  uT[ovNbNāuLDAP fBNg T[ovIvV
     LɂA{bNXɎ̂悤ȏ͂܂B

       Address: ldap://myHost/nsLIProfileName=$USERID,ou=Roaming,o=myOrg,c=NL

       User DN: cn=$USERID,ou=People,o=myOrg,c=NL

  dvFNetscape ́AuEUsOɁAȂIvt@C
  ̖O $USERID Iɒu܂BāAȂv
  t@C seallers IĂ $USERID  seallers ɒuA
  vt@C gonzales IĂ $USERID  gonzales ɒu
  ܂Bvt@CɂĂ悭mȂ΁A Netscape Communicator
  pbP[WɂĂ Profile Manager AvP[VNĂ
  B́A}Vŕ[USɃuEU悤݌v
  ꂽAvP[VłAX̃[ŨuEUݒ
  Lł܂B

  [] ҂mFƂł́A$USERID  [~O [U̐ݒ
  ͂[UŒu悤łB

  6.1.5.  LDAP T[o̍ċN

  ŏIXebv́AT[o̍ċNłBLDAP T[oSɏI@
  ɂĂ ``LDAP T[oI@''AĂыN@ɂ
  ``LDAP T[o̎s''QƂĂB

  [] ҂mFƂł́AōċNKv̂ LDAP
  T[oł͂Ȃ Netscape łB

  6.2.  Netscape ̃AhX

  LDAP T[osĂ΁A낢ȃNCAg(Ƃ
  ldapsearch R}hC[eBeB) LDAP T[oɃANZXł
  Bɋ[NCAg Netscape ̃AhX܂B
   Netscape ̃o[W 4.x 痘pł悤ɂȂĂ܂ALDAP
  T[oƈSɂƂ肷邽߂ɂ 4.5 ȏ̂̂gKv
  B

  [] cOȂ Netscape 6 ł LDAP T[oւ̃ANZX@\
  ܂B

  AhXg悤ɂɂ͎̂悤ɂĂB

  Netscape Navigator ̋N -> Communicator j[̑I -> AhX
  (Address Book)

  Netscape ̃AhXɂ́AftHg LDAP fBNgɂ
  o^Ă܂BȂ LDAP fBNgo^Kv
  I

  t@C(File)j[̑I -> VfBNg(New Directory)

  Ȃ̃T[ȍ͂܂BƂΎ̂悤ɐݒ肵܂B

  o  Description : TUDelft

  o  LDAP Server : dutedin.et.tudelft.nl

  o  Server Root : o=TUDelft, c=NL

  ftHg LDAP |[g 389 łAT[oł̃IvVύX
  Ă̂łȂ|[gύXȂłB

  ŁA{bNX Show Names Containing gĂȂ̃T[oɊȒP
  ⍇ł܂ASearch {^ŕGȖ⍇ł悤ɂȂĂ
  ܂B

  6.3.  LDAP Migration Tools

  LDAP Migration Tools ́Aݒt@C(configuration files) LDIF
  tH[}bgɕϊ Perl XNvgWłB̃XNvgW PADL
  Software Ltd ɂĒ񋟂ĂāApOɃCZXɖڂ
  ƂĂƂ߂܂AƂɂt[łB[U̔F؂ LDAP
  T[o𗘗p悤ƂĂȂÃc[͔ɗLpłB
  Migration Tools ́ANIS pX[h̃A[JCu LDIF ɕϊA
  ̃t@Cƌ݊̂ LDAP T[oŎg悤ɂ܂B܂A
  [UAO[vAhosts, aliases, netgroups, networks, protocols, RPC
  Ċ̃l[T[rX(NISAtbgt@CANetInfo)̃T[rX
  LDIF tH[}bgɈڍŝɂA Perl XNvgWKpĂ
  BLDAP Migration Tools ̃_E[hƂȂ肷
  ́ÃAhXɍsĂB

       http://www.padl.com/tools.html

  ̃pbP[Wɂ README t@CtĂāAXNvgt@C̖
  O͋@\\Ă܂B܂ README t@CɖڂƂāǍ
  XNvg̓KpJnĂB

  6.4.  LDAP pF

  PAM (Pluggable Authentication Modules)Ƃ@\pāALDAP ̓[
  UF؂ł܂BUNIX oꂵ烆[U̔F؂́A[UpX
  [h͂A̓͂ꂽpX[h /etc/passwd Ɋi[Ă
  ÍꂽȃpX[hɊY邩VXe邱Ƃɂ
  sĂ܂B

  ͏̂ƂłǍÃ[U̔F؂ʓIɂȂ܂
  B̒ɂ /etc/passwd 蕡Gɂ̂AX}[gJ[hƂ
  n[hEFAfoCX܂B̂悤ȔF؂̖́AVF
  J邽тɁA̐VFؕ@T|[g邽߂ɔF؂K
  vȃvO(login, ftpd Ȃ)ׂ̂ĂȂ΂ȂȂ
  łB PAM ́AFؕƗăvOJi񋟂
  B̂悤ȃvÓAsɔF؂s߂ɐڑuF؃
  W[vKvƂ܂B

  LDAP ̂߂̔F؃W[͎̃AhX tar ball ̌`œ
  ܂B

       http://www.padl.com/pam_ldap.html

  ł́A Linux fBXgr[V PAM pӂĂ
  Ƃ܂B PAM pӂĂȂ
  http://www.kernel.org/pub/linux/libs/pam QƂĂBۂ̂
  A܂܂ Linux fBXgr[Vł PAM ̕Wݒ͂
  Ă܂BʁAPAM ̐ݒt@C /etc/pam.d/ fBNg
  ɑ݂܂B̃fBNgɂ́A}VŎseT[rXƂɈ
  ̃t@C܂BƂ΁ALinux ̃u[gAbv̌Ń[Ũ
  OC LDAP T[ogȂA(̒i̍ŏɐĂ
  悤)Ȃ Linux  PAM g悤ɂALDAP PAM W[C
  Xg[A/etc/pam.d/ fBNgɂ login Ƃ PAM ݒt@
  CҏWĎ̂悤ȓeɂ܂B

  #%PAM-1.0
  auth       required     /lib/security/pam_securetty.so
  auth       required     /lib/security/pam_nologin.so
  auth       sufficient   /lib/security/pam_ldap.so
  auth       required     /lib/security/pam_unix_auth.so try_first_pass
  account    sufficient   /lib/security/pam_ldap.so
  account    required     /lib/security/pam_unix_acct.so
  password   required     /lib/security/pam_cracklib.so
  password   required     /lib/security/pam_ldap.so
  password   required     /lib/security/pam_pwdb.so use_first_pass
  session    required     /lib/security/pam_unix_session.so

  [] pam_ldap ͔F؂sȂ̂ŁAuid, gid, z[fBNg
  ǂ̓Ǐo LDAP łł悤 NSS (Name Service Switch)̃W[
  nss_ldap CXg[ĂKvł傤Bnss_ldap  PADL
  Software  Web TCgł܂B܂AfBNg̃Gg
  ̍쐬ɂ́AOq LDAP Migration Tools gƂ悢ł傤B

  6.5.  OtBJ LDAP c[

  o  Kldap

       Kldap  KDE ̂߂ɏꂽOtBJ LDAP NCAg
       BKldap ͂悢C^tF[XAfBNgɊi[ꂽc
       [ׂĎQƂł܂B Web TCgŁÃAvP[ṼX
       N[Vbg̃`FbNƃ_E[hł܂B

       http://www.mountpoint.ch/oliver/kldap

  o  GQ

       GQ ƂȌȃC^tF[XOtBJ LDAP NCAg
       ܂B GNOME ̂߂ɏꂽ̂łBGQ  KDE ł삵
       ܂A Kldap  GNOME œ܂B Web TCgŁA_E[h
       ₳Ȃ擾ł܂B

       http://biot.com/gq/

  6.6.  Logs

  slapd ̓O𐶐̂ syslog(8) @\p܂Bsyslog(8) @\
  ftHg[U LOCAL4 łALOCAL0, LOCAL1  LOCAL7 ܂ł̂
  ꂩɂ邱Ƃł܂B

  O𐶐ł悤ɂɂ́AĂ /etc fBNgɂ
  syslog.conf t@CҏWȂ΂Ȃ܂B

  ̂悤ȍsǉ܂B

       local4.*     /usr/adm/ldalog

  ̐ݒł syslog @\ɃftHg[U LOCAL4 g܂B̍s
  \mȂ΁Asyslog, syslog.conf, syslogd  man y[WĂ
  BftHg[UύXA郍Õxw肷
  ́Aslapd NƂɎ̃IvVw肵܂B

  -s syslog-level

       ̃IvV́Asyslog(8) @\ɂǂ̃x̃fobOo͂邩
        slapd ɓ`܂B̃x̓bZ[W̏dxqׂĂāA(
       قႢق)L[[ĥꂩłFemerg, alert,
       crit, err, warning, notice, info, debug. ƂΎ̂悤Ɏw肵
       B

       slapd -f myslapd.conf -s debug

  [] ͉̐̊Ⴂ̂悤łBۂɂ͂ǂ̃fobOo
  ͂邩𐔒lŎw肵܂Bw肷鐔lɂĂ slapd.conf 
  loglevel IvVQƂĂB

  -l syslog-local-user

       syslog(8) @\̃[J[Uw肵܂Blɂ LOCAL0, LOCAL1 Ȃ
       LOCAL7 ܂Ŏwł܂BftHg LOCAL4 łBÃIv
       V syslog(8) @\Ń[J[UT|[gVXeł̂݋
       ܂B

  āAꂽOĂ݂ĂB̃ÓA⍇AXVAoC
  hȂǂŋN̂ɑ傫ȏƂȂ܂B

  7.  

  ̐߂ł́ALDAP ɂĂɒm肽l̂߂ɁALp URLAN[
  ȏЁARFCdlЉ܂B

  7.1.  URLs

  Ɏ̂ LDAP ɂĔɗLpȏ܂ URL łB
  HOWTO ͂ URL ̂ŁA̕ǂ񂾌łڍׂȏ
  񂪕KvȂA URL Ō邩܂B

  o  ~VKw LDAP y[WF

       http://www.umich.edu/~dirsvcs/ldap/index.html

  o  ~VKw LDAP y[WF

       http://www.umich.edu/~dirsvcs/ldap/doc/

  o  OpenLDAP Administrator's Guide:

       http://www.openldap.org/doc/admin

  o  Netscape ̃[~OANZXƂŎ@F

       http://help.netscape.com/products/client/communicator/manual_roam-
       ing2.html

  o  Netscape Communicator 4.5  LDAP ݒ̃JX^}CYF

       http://developer.netscape.com/docs/manuals/communicator/ldap45.htm

  o  Introducing to Directory Service (X.500):

       http://www.nic.surfnet.nl/surfnet/projects/x500/introducing/

  o  Linux Directory Service:

       http://www.rage.net/ldap/

  7.2.  

   LDAP ɂčł悭mꂽLpȏЂłB

  o  Implementing LDAP by Mark Wilcox

  o  LDAP: Programming Directory-Enabled Applications with Lightweight
     Directory Access Protocol by Howes and Smith [hAO 
     uLDAP C^[lbg fBNg AvP[V vO~
     OvAsA\]

  o  Understanding and Deploying LDAP Directory Servers by Howes, Smith,
     and Good

  7.3.  RFC

  LDAP ̊JT|[g RFC łB

  o  RFC 1558: A String Representation of LDAP Search Filters

  o  RFC 1777: Lightweight Directory Access Protocol

  o  RFC 1778: The String Representation of Standard Attribute Syntaxes

  o  RFC 1779: A String Representation of Distinguished Names

  o  RFC 1781: Using the OSI Directory to Achieve User Friendly Naming

  o  RFC 1798: Connectionless LDAP

  o  RFC 1823: The LDAP Application Programming Interface

  o  RFC 1959: An LDAP URL Format

  o  RFC 1960: A String Representation of LDAP Search Filters

  o  RFC 2251: Lightweight Directory Access Protocol (v3)

  o  RFC 2307: LDAP as a Network Information Service

