Hosts With LDAP
ÀÏÁ¾ÀÇ HOWTO ¹®¼ÀÔ´Ï´Ù.
ÀÌ ¹®¼´Â ¿©·¯ ´ëÀÇ ¼¹ö¿¡¼ LDAP¸¦ ÅëÇØ hosts Á¤º¸¸¦ Çϳª·Î °ü¸®ÇÏ´Â ¹æ¹ýÀÌ´Ù.
LDAP´Â ¹ü¿ëÀûÀÎ µð·ºÅ丮 ¼ºñ½º·Î »ç¿ëÀÚ ÀÎÁõ »Ó ¾Æ´Ï¶ó hosts µî NIS·Î °øÀ¯ÇÏ´Â
Á¤º¸µéÀ» ´ëºÎºÐÀÇ Á¤º¸µéÀ» °øÀ¯ÇÒ ¼ö ÀÖ´Â ±¸ÇöµéÀÌ ÀÖ´Ù. ÀÌ ¹®¼¿¡¼´Â ƯÈ÷ hosts
Á¤º¸¸¦ LDAP¿¡¼ ¾ò¾î¿Àµµ·Ï ¼³Á¤ÇÏ´Â ¹æ¹ý¿¡ ´ëÇØ ´Ù·ç°Ú´Ù.
Âü¿©ÇÑ ºÐ(µé): kyagrd
Âü¿©ÇÑ ºÐµéÀº ÀÛ¾÷ÀÏÁö¸¦ ÀÛ¼ºÇØ ÁÖ¼¼¿ä
1. ¼Ò°³ ¶LDAPÀ» ÀÌ¿ëÇÑ »ç¿ëÀÚ ¹× ±×·ì ÀÎÁõ¿¡ ´ëÇÑ ¹®¼´Â ¸¹Àº ¹Ý¸é hosts Á¤º¸¸¦ LDAP À» ÀÌ¿ëÇÑ
°ü¸®¿¡ ´ëÇÑ ¹®¼°¡ ¾ÆÁ÷ ¸¹Áö ¾Ê¾Æ ÀÌ ¹®¼¸¦ ÀÛ¼ºÇÏ°Ô µÇ¾ú´Ù. LDAP¸¦ ÀÌ¿ëÇØ hosts ¸¦
°øÀ¯ÇØ¾ß ÇÒ Çʿ伺¿¡ ´ëÇØ ¸ÕÀú ¾Ë¾Æº¸ÀÚ.
ÇöÀç ÀÎÅͳݿ¡¼ À̸§¿¡ ÇØ´çÇÏ´Â ÀåºñÀÇ IPÁÖ¼Ò¸¦ ¾Ë°íÀÚ ÇÒ ¶§´Â DNS ¸¦
¾²´Â °ÍÀÌ ÀϹÝÀûÀ̳ª, ¾ÆÁ÷µµ ³»ºÎÀûÀ¸·Î¸¸ ¾²ÀÌ´Â À̸§µé(À̸¦Å×¸é »ç¼³¸Á Àåºñ
À̸§)Àº DNS ¿¡ µî·ÏÇÏÁö ¾Ê°í hosts ÆÄÀÏ¿¡¸¸ ¼³Á¤ÇÏ¿© ¾²´Â °æ¿ì°¡ ¸¹´Ù.
ÀüÅëÀûÀ¸·Î hosts ¸¦ ºñ·ÔÇÑ ³×Æ®¿÷ ¼³Á¤ ±×¸®°í ½Ã½ºÅÛÀÇ »ç¿ëÀÚ ¹× ±×·ì Á¤º¸¸¦
°øÀ¯Çϱâ À§ÇÑ µð·ºÅ͸® ¼ºñ½º·Î´Â NIS¸¦ »ç¿ëÇÏ°í ÀÖ´Ù. ¾ÆÁ÷µµ º¸´Ù ½Ã½ºÅÛÀûÀÎ
°Í¿¡¸¸ Ä¡ÁßÇÏ´Â °æ¿ì¿¡´Â (À̸¦Å׸é ÁÖ¿ä ¼¹öÀÇ ÆÄÀϽýºÅÛÀ» NFS·Î ¿«±â) NIS¸¦
»ç¿ëÇÏ´Â °ÍÀÌ ´õ È¿°úÀûÀÏ ¼öµµ ÀÖ´Ù.
±×·¯³ª ½Ã½ºÅÛ »ç¿ëÀÚÀÇ ¼º°Ý°ú´Â °Å¸®°¡ ¸Õ ´ÜÁö ƯÁ¤ ¼ºñ½º¸¦ ÀÌ¿ëÇÏ´Â
»ç¿ëÀÚ¿Í ±×·ìµéÀÇ Á¤º¸¸¦ (À̸¦Å×¸é ±â¾÷ ¸ÞÀÏ ¼ºñ½º, SAMBA ³×Æ®¿÷ °øÀ¯Æú´õ
µîÀÇ »ç¿ëÀÚ ¹× ±×·ì Á¤º¸) °ü¸®ÇÏ´Â µ¥´Â º¸´Ù ¹ü¿ëÀûÀÎ µð·ºÅ丮 ¼ºñ½ºÀÎ
LDAPÀ» ÁÖ·Î »ç¿ëÇÏ´Â Ãß¼¼ÀÌ´Ù. LDAPÀº ¹ü¿ëÀûÀÎ µð·ºÅ͸® ¼ºñ½ºÀ̱⠶§¹®¿¡
Ãß°¡ÀûÀÎ Á¤º¸¸¦ ¾Æ¿ï·¯ °ü¸®ÇÒ ¼ö ÀÖ´Â ÀåÁ¡ÀÌ ÀÖ´Ù. ¶ÇÇÑ NIS°¡ ½Ã½ºÅÛ ÆÄÀϵéÀ»
±â¹ÝÀ¸·Î ½Ã½ºÅÛ ÆÄÀÏ ÀÚü¸¦ ÀϺΠ¼öÁ¤ÇØ °¡¸é¼ »ç¿ëÇØ¾ß ÇÏ´Â °Í°ú´Â ´Þ¸®
LDAPÀ» »ç¿ëÇϸé Á¤º¸ÀÇ °ü¸®¸¦ º¸´Ù µ¶¸³ÀûÀ¸·Î °ü¸®ÇÒ ¼ö ÀÖµµ·Ï ±¸¼ºÀÌ ±ú²ýÇÑ
ÀåÁ¡µµ ÀÖ´Ù. ƯÈ÷ »ç¿ëÀÚ Á¤º¸¸¦ ÀÌ¹Ì LDAPÀ¸·Î °ü¸®ÇÏ°í ÀÖ´Â °æ¿ì¶ó¸é hosts
Á¤º¸µµ LDAPÀ¸·Î °ü¸®ÇÏ´Â °ÍÀÌ ´ç¿¬ÇÏ´Ù. ±×¸®°í Á¤¸»·Î ÇÊ¿äÇÏ´Ù¸é LDAP°ú NIS¸¦
µ¿½Ã¿¡ »ç¿ëÇÒ ¼öµµ ÀÖ´Ù.
2. µ¿ÀÛ ¿ø¸® ¶LDAP Àº ´ÜÁö µð·ºÅ͸® ¼ºñ½ºÀÏ »ÓÀÌ´Ù. ÀÌ°ÍÀÌ hosts ÆÄÀÏ µî°ú ¿¬µ¿Çϱâ À§Çؼ´Â º°µµÀÇ
À̸§À» ¾îµð¼ ã¾Æ¿ÃÁö ¼³Á¤ÇÏ´Â °ÍÀÌ ÇÊ¿äÇѵ¥ ÀÌ°ÍÀ» NSS ¶ó°í ºÎ¸¥´Ù. NIS °æ¿ìµµ ¸¶Âù°¡Áö´Ù.
À̸§À¸·Î IPÁÖ¼Ò¸¦ ãÀ» ¶§ ±âº»ÀûÀÌ ½Ã½ºÅÛ¿¡¼´Â hosts ¿¡¼ ã¾Æº¸°í ¾øÀ¸¸é DNS ¿¡¼ ã´Â´Ù.
NSS ¸¦ ¼³Á¤ÀÌ ÀÖÀ¸¸é hosts ¿Í DNS ÀÌ¿ÜÀÇ NIS, LDAP µî ´Ù¸¥ À̸§À» ¾ò¾î¿À´Â ¹æ¹ýµéÀ» Ãß°¡ÇÒ
¼ö ÀÖ°í ±× ¼ø¼µµ ÀÓÀÇ·Î Á¶Á¤ÇÒ ¼ö ÀÖ´Ù. NSS ¼³Á¤°ú ±× µ¿ÀÛ¿¡ µû¸¥ ¿¹´Â ´ÙÀ½°ú °°´Ù.
: <NSS °¡ ¾øÀ» ¶§ ±âº»¼³Á¤> À̸§ ã±â °ü·Ã API °¡ ã´Â ¼ø¼: 1./etc/hosts, 2.DNS <NSS ¼³Á¤ °æ¿ì 1> # /etc/nsswitch.conf ÀÇ ÀϺΠhosts: files dns ldap À̸§ ã±â °ü·Ã API °¡ ã´Â ¼ø¼: 1./etc/hosts, 2.DNS, 3.LDAP <NSS ¼³Á¤ °æ¿ì 2> # /etc/nsswitch.conf ÀÇ ÀϺΠhosts: files ldap dns À̸§ ã±â °ü·Ã API °¡ ã´Â ¼ø¼: 1./etc/hosts, 2.LDAP, 3.DNS µµ½Ä¿¡ »ç¿ëµÈ ¾à¾î
3. ÆÐÅ°Áö ¼³Ä¡ ¹× ¼³Á¤ ¶Debian Sarge ¿¡¼ ¼³Ä¡ÇÏ°í Å×½ºÆ®ÇØ º¸¾ÒÀ¸¹Ç·Î ÆíÀÇ»ó µ¥ºñ¾È ÆÐÅ°Áö À̸§À¸·Î Àû¾ú´Ù.
´ÙÀ½ ³× °¡Áö ÆÐÅ°Áö¸¦ ¼³Ä¡ÇØ¾ß ÇÑ´Ù. ¹°·Ð ÀÇÁ¸ ÆÐÅ°Áöµéµµ ¼³Ä¡ÇØ¾ß ÇÔÀº ´ç¿¬ÇÏ´Ù.
3.2. libpam_ldap ¶libpam_ldap °¡ hosts ¼³Á¤¸¸À» À§ÇØ ÇÊ¿äÇÑÁö ¾Æ´ÑÁö´Â Àß ¸ð¸£°ÚÀ¸³ª,
¼³Á¤ÆÄÀÏ(
/etc/pam_ldap.conf )À» °°ÀÌ ¾²´Â ºÎºÐÀÌ ÀÖ´Â µí ÇÏ°í
°èÁ¤°ú Æнº¿öµå µîÀÇ Á¤º¸¸¦ ldap ¸¦ ÀÌ¿ëÇÏ¿© °ü¸®Çϱâ À§Çؼ´Â
ÇÊ¿äÇÑ ¸ðµâÀ̹ǷΠ±ò¾Æ µÎ´Â °ÍÀÌ ÁÁ°Ú´Ù. ÀÎÅÍ³Ý °Ë»ö °á°ú¸¦ º¸¾Æ¼´Â
¾î¶² Ç÷§Æû¿¡¼´Â nss_ldap ÀÇ °æ¿ì /etc/nss_ldap.conf °ú °°Àº ¼³Á¤ÆÄÀÏÀÌ
ÀÖ´Â °æ¿ìµµ ÀÖ´Â °Í °°±âµµ ÇÏ´Ù. ÇÏÁö¸¸ µ¥ºñ¾È sarge ÀÇ °æ¿ì´Â °°ÀÌ
/etc/pam_ldap.conf ¸¦ »ç¿ëÇÏ´Â µí ÇÏ´Ù.
hosts ÇÏ°í´Â ÀüÇô »ó°ü¾øÁö¸¸ libpam_cracklib µµ º¸Åë ÀÌ°Í°ú ¿¬µ¿µÇ´Â ÆÐÅ°ÁöÀ̹ǷΠ±ñ´Ù.
µ¥ºñ¾È¿¡¼ ÆÐÅ°Áö·Î ±×³É ±ò¸é µÈ´Ù.
3.3. libnss_ldap ¶±ò°í ³ª¼
/etc/pam_ldap.conf ¼³Á¤ÆÄÀÏÀ» ¼³Á¤ÇÑ´Ù. µ¥ºñ¾ÈÀÇ °æ¿ì´Â libpam_ldap ÆÐÅ°Áö¸¦
¼³Ä¡ÇÒ ¶§ debconf ·Î ¼³Á¤ÀÌ ±âº»ÀûÀ¸·Î µÈ´Ù. È¿À² Çâ»óÀ» À§ÇØ Ãß°¡·Î·Î nss °ü·Ã
¿É¼ÇµéÀº ¼öµ¿À¸·Î ¼³Á¤ÇÒ ¼ö ÀÖ´Ù. ¿É¼Ç ¼³Á¤Àº ±âº» ¼³Ä¡ ÆÄÀÏ¿¡ ¿¹Á¦°¡ ÁÖ¼®Ã³¸®µÇ¾î ÀÖ´Ù.
Âü°í·Î ÀÎÅÍ³Ý °Ë»ö °á°ú·Î ºÁ¼´Â
¾î¶² Ç÷§Æû¿¡¼´Â nss_ldap ÀÇ °æ¿ì
/etc/nss_ldap.conf °ú °°Àº ¼³Á¤ÆÄÀÏÀÌ
ÀÖ´Â °æ¿ìµµ ÀÖ´Â °Í °°±âµµ ÇÏ´Ù. ÇÏÁö¸¸ µ¥ºñ¾È sarge ÀÇ °æ¿ì´Â °°ÀÌ
/etc/pam_ldap.conf ¸¦ °°ÀÌ »ç¿ëÇÏ´Â °ÍÀ¸·Î º¸ÀδÙ.
3.4. nscd ¶ÀÌ°Ô name service caching daemon À̶ó À̸§ ±×´ë·Î ¾ø¾îµµ ¿øÄ¢ÀûÀ¸·Î´Â µÇ´Â °Í °°´Ù.
ÇÏÁö¸¸ ÀÌ°Ô ¾øÀ¸¸é ¼³Á¤ÀÌ ¾î·Æ´Ù. ¼ÖÁ÷È÷ ÀÌ°Å ¾øÀÌ´Â Á¦´ë·Î ÀÛµ¿ÇÏ°Ô ÇÏ´Â ¹æ¹ýÀ»
¾ÆÁ÷ ¸ð¸£°Ú°í ±»ÀÌ ¾Ë ÇÊ¿äµµ ¾øÀ» °Í °°´Ù. È¿À² ¸é¿¡ À־ª ¼³Á¤ÀÌ º¹ÀâÇØÁø´Ù´Â
Á¡¿¡ À־ª ÀÌ°Ç ÇʼöÀûÀ¸·Î ±ò¾Æ¾ß ÇÑ´Ù°í »ý°¢ÇÏ¸é µÇ°Ú´Ù.
µ¥ºñ¾È¿¡¼ ¼³Á¤ÀÌ ÇÊ¿ä¾ø´Ù. ±×³É ÆÐÅ°Áö·Î ±ò°í ¶ç¿ì±â¸¸ ÇÏ¸é µÈ´Ù.
¼³Á¤ÆÄÀÏ¿¡ ij½Ã ½Ã°£ µîÀÇ ¼³Á¤ÀÌ ÀÖÀ» »ÓÀÌ´Ù. ¿øÇÏ´Â ´ë·Î º¯°æÇÏ¸é µÈ´Ù.
4. »ç¿ë ¿¹ ¶kyagrd@kyagrd:kyagrd$ ###################### LDAP ¿¡´Â µé¾îÀÖ´Ù. #### kyagrd@kyagrd:kyagrd$ ldapsearch -x -LLL -b 'ou=hosts,dc=kyagrd,dc=dyndns,dc=org' "(cn=myhost.yyy.net)" dn: cn=myhost.yyy.net,ou=hosts,dc=kyagrd,dc=dyndns,dc=org objectClass: device objectClass: ipHost objectClass: top ipHostNumber: 143.248.1.177 cn: myhost.yyy.net kyagrd@kyagrd:kyagrd$ ###################### hosts ÆÄÀÏ¿¡µµ ¾ø´Ù. #### kyagrd@kyagrd:kyagrd$ grep 'myhost.yyy.net' /etc/hosts kyagrd@kyagrd:kyagrd$ ###################### DNS ¿¡¼µµ ¸øã´Â´Ù #### kyagrd@kyagrd:kyagrd$ nslookup myhost.yyy.net Server: 168.126.63.1 Address: 168.126.63.1#53 ** server can't find myhost.yyy.net: NXDOMAIN kyagrd@kyagrd:kyagrd$ ################# ÇÏÁö¸¸ ÇÁ·Î±×·¥µéÀº ã´Â´Ù!! #### kyagrd@kyagrd:kyagrd$ ping myhost.yyy.net PING myhost.yyy.net (143.248.1.177) 56(84) bytes of data. --- myhost.yyy.net ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms kyagrd@kyagrd:kyagrd$ cat modify.ldif dn: cn=myhost.yyy.net,ou=hosts,dc=kyagrd,dc=dyndns,dc=org changetype: modify replace: ipHostNumber ipHostNumber: 127.0.0.1 kyagrd@kyagrd:kyagrd$ #################### IPÁÖ¼Ò¸¦ °íÄ£´Ù. #### kyagrd@kyagrd:kyagrd$ ldapmodify -x -D 'cn=admin,dc=kyagrd,dc=dyndns,dc=org' -f modify.ldif -W Enter LDAP Password: modifying entry "cn=myhost.yyy.net,ou=hosts,dc=kyagrd,dc=dyndns,dc=org" kyagrd@kyagrd:kyagrd$ # nscd ij½Ã°¡ ¾ÆÁ÷ »ì¾ÆÀÖ¾î Àû¿ëÀÌ ¾ÈµÆ´Ù. kyagrd@kyagrd:kyagrd$ ping myhost.yyy.net PING myhost.yyy.net (143.248.1.177) 56(84) bytes of data. --- myhost.yyy.net ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 999ms kyagrd@kyagrd:kyagrd$ ###################### nscd ¸¦ ´Ù½Ã ¶ç¿î´Ù #### kyagrd@kyagrd:kyagrd$ su Password: kyagrd:/home/kyagrd# /etc/init.d/nscd restart Stopping Name Service Cache Daemon: nscd. Starting Name Service Cache Daemon: nscd. kyagrd:/home/kyagrd# exit kyagrd@kyagrd:kyagrd$ ################## º¯°æ»çÇ×ÀÌ Àß Àû¿ëµÇ¾ú´Ù #### kyagrd@kyagrd:kyagrd$ ping myhost.yyy.net PING myhost.yyy.net (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=64 time=0.026 ms 64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=2 ttl=64 time=0.025 ms --- myhost.yyy.net ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.025/0.025/0.026/0.005 ms kyagrd@kyagrd:kyagrd$ == ÀÛ¾÷ÀÏÁö ===
¹®¼¸¦ ¸¸µé´Ù -- kyagrd 2004-12-29
ÀϺΠ¿ÀÅ»ÀÚ ¼öÁ¤ -- drssay 2005-04-09
|
You are farsighted, a good planner, an ardent lover, and a faithful friend. |