・LDAPをDBの変更だけで管理できる。
・Aliasが簡単に作れる。(objectClass不要)
■必要なものをインストール
yum install openldap-servers-sql
yum install mysql-connector-odbc
■設定ファイルを修正
・/etc/odbcinst.ini
・/etc/odbc.ini
・/etc/openldap/slapd.conf
(下記参照)
■SQLを準備
・example.sql
(下記参照)
■DBを作成
mysql -uroot -e "create database example default charset utf8"
mysql -uroot example --default-character-set=utf8 < example.sql
■接続確認
isql example
■LDAP起動
/etc/init.d/slapd start
■検索確認
ldapsearch -x -D cn=manager,dc=example,dc=com -w secret -b dc=example,dc=com "(uid=*)"
ldapsearch -x -D uid=sample1,ou=people,dc=example,dc=com -w sample -b uid=sample1,ou=people,dc=example,dc=com
ldapsearch -x -D uid=sample-x,ou=alias,dc=example,dc=com -w sample -b uid=sample-x,ou=alias,dc=example,dc=com
以上
(以下設定・SQL)
■/etc/odbcinst.ini
[MySQL]
Description = ODBC for MySQL
Driver = /usr/lib/libmyodbc5.so
Setup = /usr/lib/libodbcmyS.so
FileUsage = 1
■/etc/odbc.ini
[example]
Driver = MySQL
Server = localhost
Port =
Database = example
User = root
Password =
Charset = utf8
■/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
modulepath /usr/lib/openldap
moduleload back_sql.la
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database sql
suffix "dc=example,dc=com"
rootdn "cn=manager,dc=example,dc=com"
rootpw secret
dbname example
dbuser root
dbpasswd ""
subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)"
has_ldapinfo_dn_ru no
■example.sql
-- 内部処理用テーブル
drop table if exists ldap_oc_mappings;
create table ldap_oc_mappings
(
id int key auto_increment,
name varchar(64),
keytbl varchar(64),
keycol varchar(64),
create_proc varchar(255),
delete_proc varchar(255),
expect_return tinyint
);
drop table if exists ldap_attr_mappings;
create table ldap_attr_mappings
(
id int key auto_increment,
oc_map_id int references ldap_oc_mappings(id),
name varchar(255),
sel_expr varchar(255),
sel_expr_u varchar(255),
from_tbls varchar(255),
join_where varchar(255),
add_proc varchar(255),
delete_proc varchar(255),
param_order tinyint,
expect_return tinyint
);
drop table if exists ldap_entries;
create table ldap_entries
(
id int key auto_increment,
dn varchar(255),
oc_map_id int references ldap_oc_mappings(id),
parent int,
keyval int,
unique(dn)
);
drop table if exists ldap_entry_objclasses;
create table ldap_entry_objclasses
(
entry_id int references ldap_entries(id),
oc_name varchar(64)
);
-- データ用テーブル
drop table if exists domains;
create table domains (
id int key,
name varchar(255)
);
drop table if exists units;
create table units (
id int key,
name varchar(255)
);
drop table if exists persons;
create table persons (
id int key,
uid varchar(255),
name varchar(255),
password varchar(64),
unique(uid)
);
-- データ登録
-- objectClass定義
insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
values (1,'organization','domains','id',NULL,NULL,0);
insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
values (2,'organizationalUnit','units','id',NULL,NULL,0);
insert into ldap_oc_mappings (id,name,keytbl,keycol,create_proc,delete_proc,expect_return)
values (3,'inetOrgPerson','persons','id',NULL,NULL,0);
-- 属性定義
insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
values (1,1,'dc','name','domains',NULL,NULL,NULL,3,0);
insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
values (2,1,'o','name','domains',NULL,NULL,NULL,3,0);
insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
values (3,2,'ou','name','units',NULL,NULL,NULL,3,0);
insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
values (4,3,'uid','uid','persons',NULL,NULL,NULL,3,0);
insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
values (5,3,'cn','name','persons',NULL,NULL,NULL,3,0);
insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
values (6,3,'sn','name','persons',NULL,NULL,NULL,3,0);
insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_return)
values (7,3,'userPassword','password','persons',NULL,NULL,NULL,3,0);
-- ベースDN
insert into domains (id,name)
values (1,'example');
insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
values (1,'dc=example,dc=com',1,0,1);
insert into ldap_entry_objclasses (entry_id,oc_name)
values (1,'dcObject');
-- ピープルOU
insert into units (id,name)
values (1,'people');
insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
values (2,'ou=people,dc=example,dc=com',2,1,1);
-- AliasOU
insert into units (id,name)
values (2,'alias');
insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
values (3,'ou=alias,dc=example,dc=com',2,1,2);
-- サンプルピープル
insert into persons (id,uid,name,password)
values (1,'sample1','サンプル1','sample');
insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
values (4,'uid=sample1,ou=people,dc=example,dc=com',3,2,1);
insert into persons (id,uid,name,password)
values (2,'sample2','サンプル2','sample');
insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
values (5,'uid=sample2,ou=people,dc=example,dc=com',3,2,2);
insert into persons (id,uid,name,password)
values (3,'sample3','サンプル3','sample');
insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
values (6,'uid=sample3,ou=people,dc=example,dc=com',3,2,3);
-- サンプルAlias
insert into ldap_entries (id,dn,oc_map_id,parent,keyval)
values (7,'uid=sample-x,ou=alias,dc=example,dc=com',3,3,1);