{"id":7764,"date":"2023-12-26T07:54:50","date_gmt":"2023-12-25T22:54:50","guid":{"rendered":"https:\/\/www.taruki.com\/wp\/?p=7764"},"modified":"2024-01-10T08:06:46","modified_gmt":"2024-01-09T23:06:46","slug":"389ds%e5%b0%8e%e5%85%a5%e8%a8%ad%e5%ae%9a%ef%bd%9e%e3%81%9d%e3%81%ae1%ef%bd%9e","status":"publish","type":"post","link":"https:\/\/www.taruki.com\/wp\/?p=7764","title":{"rendered":"389ds\u5c0e\u5165\u8a2d\u5b9a\uff5e\u305d\u306e1\uff5e"},"content":{"rendered":"<h1>\u57fa\u672c\u60c5\u5831<\/h1>\n<h2>\u30ce\u30fc\u30c9\u69cb\u6210<\/h2>\n<ul>\n<li>Primary Node: ldap01<\/li>\n<li>Secondary Node: ldap02<\/li>\n<\/ul>\n<p>\u666e\u6bb5\u4f7f\u3044\u306fDebian\u304bUbuntu\u3060\u3051\u3069\u3001RHEL9\u3067\u3082\u5fdc\u7528\u304c\u52b9\u304f\u3088\u3046\u306b\u4eca\u56de\u306fAlmaLinux9\u3092\u4f7f\u7528\u3002<\/p>\n<p>\u3069\u3061\u3089\u3082DNS\u306bA\u3068AAAA\u30ec\u30b3\u30fc\u30c9\u3092\u767b\u9332\u3057\u3066\u3001IPv4\/v6\u4e21\u65b9\u3067\u540d\u524d\u89e3\u6c7a\u3067\u304d\u308b\u3088\u3046\u306b\u30ed\u30fc\u30ab\u30eb\u306eunbound\u306b\u767b\u9332<\/p>\n<p>\u53cc\u65b9\u5411\u3067\u30ec\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u53d6\u308c\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u3066\u3042\u308b\u306e\u3067\u3001\u6b63\u78ba\u306b\u306f\u3069\u3061\u3089\u304cPrimary\u3068\u304b\u306f\u306a\u3044<\/p>\n<h2>ldap\u57fa\u672c\u69cb\u6210<\/h2>\n<ul>\n<li>BaseDN: dc=taruki,dc=com<\/li>\n<\/ul>\n<p>SSL\u8a3c\u660e\u66f8: ACMEv2\u3067Let&#8217;sEncrypt\u3082\u8003\u3048\u305f\u3051\u3069\u3001\u9762\u5012\u3060\u3063\u305f\u306e\u3067\u30aa\u30ec\u30aa\u30ec\u3067\u6709\u52b9\u671f\u965050\u5e74<\/p>\n<h1>\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h1>\n<h2>epel\u304b\u3089\u5c0e\u5165<\/h2>\n<p><code><br \/>\ndnf -y install epel-release<br \/>\ndnf copr enable @389ds\/389-directory-server<br \/>\ndnf install -y  389-ds-base 389-ds-base-libs sssd sssd-tools sssd-ldap authselect oddjob-mkhomedir cockpit-389-ds<br \/>\n<\/code><br \/>\nmemberof\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u6709\u52b9\u5316<br \/>\n<code><br \/>\ndsconf localhost plugin memberof enable<br \/>\n<\/code><\/p>\n<h2>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u304b\u3089\u57fa\u672c\u8a2d\u5b9a<\/h2>\n<p><code><br \/>\ndscreate create-template template.txt<br \/>\n<\/code><br \/>\n\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u7de8\u96c6<br \/>\n<code><br \/>\n25c25<br \/>\n&lt; ;full_machine_name = ldap01 --- &gt; full_machine_name = ldap01<br \/>\n41c41<br \/>\n&lt; ;instance_name = localhost --- &gt; instance_name = localhost<br \/>\n51c51<br \/>\n&lt; ;port = 389 --- &gt; port = 389<br \/>\n56c56<br \/>\n&lt; ;root_password = Directory_Manager_Password --- &gt; root_password = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx<br \/>\n61c61<br \/>\n&lt; ;secure_port = 636 --- &gt; secure_port = <\/code>636<br \/>\n66c66<br \/>\n&lt; ;self_sign_cert = True &#8212; &gt; self_sign_cert = True<br \/>\n71c71<br \/>\n&lt; ;self_sign_cert_valid_months = 24 &#8212; &gt; self_sign_cert_valid_months = 600<br \/>\n87c87<br \/>\n&lt; ;create_suffix_entry = False &#8212; &gt; create_suffix_entry = True<br \/>\n92c92<br \/>\n&lt; ;enable_replication = False &#8212; &gt; enable_replication = True<br \/>\n97c97<br \/>\n&lt; ;replica_binddn = cn=replication manager,cn=config &#8212; &gt; replica_binddn = cn=replication manager,cn=config<br \/>\n107c107<br \/>\n&lt; ;replica_bindpw = &#8212; &gt; replica_bindpw = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy<br \/>\n112c112<br \/>\n&lt; ;replica_id = 1 &#8212; &gt; replica_id = 1<br \/>\n117c117<br \/>\n&lt; ;replica_role = supplier &#8212; &gt; replica_role = supplier<br \/>\n132c132<br \/>\n&lt; ;suffix = &#8212; &gt; suffix = dc=taruki,dc=com<\/p>\n<h2>\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u9069\u7528<\/h2>\n<p><code>dscreate from-file template.txt<\/code><\/p>\n<h2>systemd\u8a2d\u5b9a<\/h2>\n<p><code>systemctl enable --now dirsrv@localhost.service<\/code><\/p>\n<h2>firewalld\u8a2d\u5b9a<\/h2>\n<p><code><br \/>\nfirewall-cmd --add-service=ldap<br \/>\nfirewall-cmd --add-service=ldaps<br \/>\nfirewall-cmd --add-service=http<br \/>\nfirewall-cmd --add-service=ldap --permanent<br \/>\nfirewall-cmd --add-service=ldaps --permanent<br \/>\nfirewall-cmd --add-service=http --permanent<br \/>\n<\/code><br \/>\n\u4e0a\u8a18\u3092ldap01\u3068ldap02\u306b\u305d\u308c\u305e\u308c\u8a2d\u5b9a<\/p>\n<h2>\u30ec\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u8a2d\u5b9a<\/h2>\n<p>\u30ec\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5408\u610f\u306e\u8a2d\u5b9a(ldap01\u2192ldap02\u306e\u4f8b\u3001ldap02\u2192ldap01\u3082\u540c\u69d8\u306b\u8a2d\u5b9a\u3059\u308b)<br \/>\n<code><br \/>\nsudo dsconf localhost repl-agmt \\<br \/>\ncreate --suffix=\"dc=taruki,dc=com\" --host=\"ldap02.i.taruki.com\" --port=389 \\<br \/>\n--conn-protocol=LDAP --bind-dn=\"cn=replication manager,cn=config\" \\<br \/>\n--bind-passwd=\"yyyyyyyyyyyyyyyyyyyyyyy\" --bind-method=SIMPLE --init \\<br \/>\nagreement-supplier1-to-supplier2<br \/>\n<\/code><\/p>\n<h3>\u30ec\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u76e3\u8996<\/h3>\n<p><code>dsctl localhost healthcheck --check replication<\/code><br \/>\n\u9577\u304f\u306a\u308a\u305d\u3046\u306a\u306e\u3067\u3001\u3044\u3063\u305f\u3093\u3053\u3053\u307e\u3067<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u57fa\u672c\u60c5\u5831 \u30ce\u30fc\u30c9\u69cb\u6210 Primary Node: ldap01 Secondary Node: ldap02 \u666e\u6bb5\u4f7f\u3044\u306fDebian\u304bUbuntu\u3060\u3051\u3069\u3001RHEL9\u3067\u3082\u5fdc\u7528\u304c\u52b9\u304f\u3088\u3046\u306b\u4eca\u56de\u306fAlmaLinux9\u3092\u4f7f\u7528\u3002  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[24],"tags":[],"class_list":["post-7764","post","type-post","status-publish","format-standard","hentry","category-pc"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.taruki.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/7764","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.taruki.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.taruki.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.taruki.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.taruki.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7764"}],"version-history":[{"count":0,"href":"https:\/\/www.taruki.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/7764\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.taruki.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7764"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.taruki.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7764"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.taruki.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7764"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}