· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
Hosts With LDAP

ÀÏÁ¾ÀÇ HOWTO ¹®¼­ÀÔ´Ï´Ù.


ÀÌ ¹®¼­´Â ¿©·¯ ´ëÀÇ ¼­¹ö¿¡¼­ LDAP¸¦ ÅëÇØ hosts Á¤º¸¸¦ Çϳª·Î °ü¸®ÇÏ´Â ¹æ¹ýÀÌ´Ù. LDAP´Â ¹ü¿ëÀûÀÎ µð·ºÅ丮 ¼­ºñ½º·Î »ç¿ëÀÚ ÀÎÁõ »Ó ¾Æ´Ï¶ó hosts µî NIS·Î °øÀ¯ÇÏ´Â Á¤º¸µéÀ» ´ëºÎºÐÀÇ Á¤º¸µéÀ» °øÀ¯ÇÒ ¼ö ÀÖ´Â ±¸ÇöµéÀÌ ÀÖ´Ù. ÀÌ ¹®¼­¿¡¼­´Â ƯÈ÷ hosts Á¤º¸¸¦ LDAP¿¡¼­ ¾ò¾î¿Àµµ·Ï ¼³Á¤ÇÏ´Â ¹æ¹ý¿¡ ´ëÇØ ´Ù·ç°Ú´Ù.


Âü¿©ÇÑ ºÐ(µé): kyagrd

Âü¿©ÇÑ ºÐµéÀº ÀÛ¾÷ÀÏÁö¸¦ ÀÛ¼ºÇØ ÁÖ¼¼¿ä


1. ¼Ò°³

LDAPÀ» ÀÌ¿ëÇÑ »ç¿ëÀÚ ¹× ±×·ì ÀÎÁõ¿¡ ´ëÇÑ ¹®¼­´Â ¸¹Àº ¹Ý¸é hosts Á¤º¸¸¦ LDAP À» ÀÌ¿ëÇÑ °ü¸®¿¡ ´ëÇÑ ¹®¼­°¡ ¾ÆÁ÷ ¸¹Áö ¾Ê¾Æ ÀÌ ¹®¼­¸¦ ÀÛ¼ºÇÏ°Ô µÇ¾ú´Ù. LDAP¸¦ ÀÌ¿ëÇØ hosts ¸¦ °øÀ¯ÇØ¾ß ÇÒ Çʿ伺¿¡ ´ëÇØ ¸ÕÀú ¾Ë¾Æº¸ÀÚ.

ÇöÀç ÀÎÅͳݿ¡¼­ À̸§¿¡ ÇØ´çÇÏ´Â ÀåºñÀÇ IPÁÖ¼Ò¸¦ ¾Ë°íÀÚ ÇÒ ¶§´Â DNS ¸¦ ¾²´Â °ÍÀÌ ÀϹÝÀûÀ̳ª, ¾ÆÁ÷µµ ³»ºÎÀûÀ¸·Î¸¸ ¾²ÀÌ´Â À̸§µé(À̸¦Å×¸é »ç¼³¸Á Àåºñ À̸§)Àº DNS ¿¡ µî·ÏÇÏÁö ¾Ê°í hosts ÆÄÀÏ¿¡¸¸ ¼³Á¤ÇÏ¿© ¾²´Â °æ¿ì°¡ ¸¹´Ù. ÀüÅëÀûÀ¸·Î hosts ¸¦ ºñ·ÔÇÑ ³×Æ®¿÷ ¼³Á¤ ±×¸®°í ½Ã½ºÅÛÀÇ »ç¿ëÀÚ ¹× ±×·ì Á¤º¸¸¦ °øÀ¯Çϱâ À§ÇÑ µð·ºÅ͸® ¼­ºñ½º·Î´Â NIS¸¦ »ç¿ëÇÏ°í ÀÖ´Ù. ¾ÆÁ÷µµ º¸´Ù ½Ã½ºÅÛÀûÀÎ °Í¿¡¸¸ Ä¡ÁßÇÏ´Â °æ¿ì¿¡´Â (À̸¦Å׸é ÁÖ¿ä ¼­¹öÀÇ ÆÄÀϽýºÅÛÀ» NFS·Î ¿«±â) NIS¸¦ »ç¿ëÇÏ´Â °ÍÀÌ ´õ È¿°úÀûÀÏ ¼öµµ ÀÖ´Ù.

±×·¯³ª ½Ã½ºÅÛ »ç¿ëÀÚÀÇ ¼º°Ý°ú´Â °Å¸®°¡ ¸Õ ´ÜÁö ƯÁ¤ ¼­ºñ½º¸¦ ÀÌ¿ëÇÏ´Â »ç¿ëÀÚ¿Í ±×·ìµéÀÇ Á¤º¸¸¦ (À̸¦Å×¸é ±â¾÷ ¸ÞÀÏ ¼­ºñ½º, SAMBA ³×Æ®¿÷ °øÀ¯Æú´õ µîÀÇ »ç¿ëÀÚ ¹× ±×·ì Á¤º¸) °ü¸®ÇÏ´Â µ¥´Â º¸´Ù ¹ü¿ëÀûÀÎ µð·ºÅ丮 ¼­ºñ½ºÀÎ LDAPÀ» ÁÖ·Î »ç¿ëÇÏ´Â Ãß¼¼ÀÌ´Ù. LDAPÀº ¹ü¿ëÀûÀÎ µð·ºÅ͸® ¼­ºñ½ºÀ̱⠶§¹®¿¡ Ãß°¡ÀûÀÎ Á¤º¸¸¦ ¾Æ¿ï·¯ °ü¸®ÇÒ ¼ö ÀÖ´Â ÀåÁ¡ÀÌ ÀÖ´Ù. ¶ÇÇÑ NIS°¡ ½Ã½ºÅÛ ÆÄÀϵéÀ» ±â¹ÝÀ¸·Î ½Ã½ºÅÛ ÆÄÀÏ ÀÚü¸¦ ÀϺΠ¼öÁ¤ÇØ °¡¸é¼­ »ç¿ëÇØ¾ß ÇÏ´Â °Í°ú´Â ´Þ¸® LDAPÀ» »ç¿ëÇϸé Á¤º¸ÀÇ °ü¸®¸¦ º¸´Ù µ¶¸³ÀûÀ¸·Î °ü¸®ÇÒ ¼ö ÀÖµµ·Ï ±¸¼ºÀÌ ±ú²ýÇÑ ÀåÁ¡µµ ÀÖ´Ù. ƯÈ÷ »ç¿ëÀÚ Á¤º¸¸¦ ÀÌ¹Ì LDAPÀ¸·Î °ü¸®ÇÏ°í ÀÖ´Â °æ¿ì¶ó¸é hosts Á¤º¸µµ LDAPÀ¸·Î °ü¸®ÇÏ´Â °ÍÀÌ ´ç¿¬ÇÏ´Ù. ±×¸®°í Á¤¸»·Î ÇÊ¿äÇÏ´Ù¸é LDAP°ú NIS¸¦ µ¿½Ã¿¡ »ç¿ëÇÒ ¼öµµ ÀÖ´Ù.

2. µ¿ÀÛ ¿ø¸®

LDAP Àº ´ÜÁö µð·ºÅ͸® ¼­ºñ½ºÀÏ »ÓÀÌ´Ù. ÀÌ°ÍÀÌ hosts ÆÄÀÏ µî°ú ¿¬µ¿Çϱâ À§Çؼ­´Â º°µµÀÇ À̸§À» ¾îµð¼­ ã¾Æ¿ÃÁö ¼³Á¤ÇÏ´Â °ÍÀÌ ÇÊ¿äÇѵ¥ ÀÌ°ÍÀ» NSS ¶ó°í ºÎ¸¥´Ù. NIS °æ¿ìµµ ¸¶Âù°¡Áö´Ù.

À̸§À¸·Î IPÁÖ¼Ò¸¦ ãÀ» ¶§ ±âº»ÀûÀÌ ½Ã½ºÅÛ¿¡¼­´Â hosts ¿¡¼­ ã¾Æº¸°í ¾øÀ¸¸é DNS ¿¡¼­ ã´Â´Ù. NSS ¸¦ ¼³Á¤ÀÌ ÀÖÀ¸¸é hosts ¿Í DNS ÀÌ¿ÜÀÇ NIS, LDAP µî ´Ù¸¥ À̸§À» ¾ò¾î¿À´Â ¹æ¹ýµéÀ» Ãß°¡ÇÒ ¼ö ÀÖ°í ±× ¼ø¼­µµ ÀÓÀÇ·Î Á¶Á¤ÇÒ ¼ö ÀÖ´Ù. NSS ¼³Á¤°ú ±× µ¿ÀÛ¿¡ µû¸¥ ¿¹´Â ´ÙÀ½°ú °°´Ù.

:
<NSS °¡ ¾øÀ» ¶§ ±âº»¼³Á¤>
À̸§ ã±â °ü·Ã API °¡ ã´Â ¼ø¼­: 1./etc/hosts, 2.DNS

<NSS ¼³Á¤ °æ¿ì 1>
   # /etc/nsswitch.conf ÀÇ ÀϺÎ
   hosts:          files dns ldap

À̸§ ã±â °ü·Ã API °¡ ã´Â ¼ø¼­: 1./etc/hosts, 2.DNS, 3.LDAP

<NSS ¼³Á¤ °æ¿ì 2>
   # /etc/nsswitch.conf ÀÇ ÀϺÎ
   hosts:          files ldap dns

À̸§ ã±â °ü·Ã API °¡ ã´Â ¼ø¼­: 1./etc/hosts, 2.LDAP, 3.DNS
µµ½Ä¿¡ »ç¿ëµÈ ¾à¾î
  • NSS - Name Service Switch
  • DNS - Domain Name Service
  • LDAP - Lightweited Directory Access Protocol
±âŸ µµ½Ä¿¡ »ç¿ëµÈ ¿ë¾î
  • À̸§ ã±â °ü·Ã API: gethostbyname ¿Í °°Àº ÇÔ¼öµé

3. ÆÐÅ°Áö ¼³Ä¡ ¹× ¼³Á¤

Debian Sarge ¿¡¼­ ¼³Ä¡ÇÏ°í Å×½ºÆ®ÇØ º¸¾ÒÀ¸¹Ç·Î ÆíÀÇ»ó µ¥ºñ¾È ÆÐÅ°Áö À̸§À¸·Î Àû¾ú´Ù. ´ÙÀ½ ³× °¡Áö ÆÐÅ°Áö¸¦ ¼³Ä¡ÇØ¾ß ÇÑ´Ù. ¹°·Ð ÀÇÁ¸ ÆÐÅ°Áöµéµµ ¼³Ä¡ÇØ¾ß ÇÔÀº ´ç¿¬ÇÏ´Ù.

3.1. slapd

OpenLDAP ¼­¹ö·Î ¼³Á¤ÀÌ Á» ÇÊ¿äÇÏ´Ù. ±âº»ÀûÀÎ ¼³Á¤¿¡ ´ëÇؼ­´Â KLDPWiki ¿¡µµ ÃæºÐÇÑ Á¤º¸°¡ ÀÖ´Ù. 'LDAP System Admistraion', O'rellly Ã¥ÀÌ Âü°í¼­ÀûÀ¸·Î ÁÁ´Ù. ´ë°³ ou=hosts,dc=example,dc=com ¾Æ·¡¿¡´Ù hosts Á¤º¸¸¦ ±¸¼ºÇÑ´Ù. ´õ ÀÚ¼¼ÇÑ ³»¿ëÀº ÀÌÈÄ¿¡ ³ª¿Ã »ç¿ë ¿¹¿¡¼­ º¸ÀÏ °ÍÀÌ´Ï °Å±â¼­ È®ÀÎÇ϶ó.

3.2. libpam_ldap

libpam_ldap °¡ hosts ¼³Á¤¸¸À» À§ÇØ ÇÊ¿äÇÑÁö ¾Æ´ÑÁö´Â Àß ¸ð¸£°ÚÀ¸³ª, ¼³Á¤ÆÄÀÏ(/etc/pam_ldap.conf)À» °°ÀÌ ¾²´Â ºÎºÐÀÌ ÀÖ´Â µí ÇÏ°í °èÁ¤°ú Æнº¿öµå µîÀÇ Á¤º¸¸¦ ldap ¸¦ ÀÌ¿ëÇÏ¿© °ü¸®Çϱâ À§Çؼ­´Â ÇÊ¿äÇÑ ¸ðµâÀ̹ǷΠ±ò¾Æ µÎ´Â °ÍÀÌ ÁÁ°Ú´Ù. ÀÎÅÍ³Ý °Ë»ö °á°ú¸¦ º¸¾Æ¼­´Â ¾î¶² Ç÷§Æû¿¡¼­´Â nss_ldap ÀÇ °æ¿ì /etc/nss_ldap.conf °ú °°Àº ¼³Á¤ÆÄÀÏÀÌ ÀÖ´Â °æ¿ìµµ ÀÖ´Â °Í °°±âµµ ÇÏ´Ù. ÇÏÁö¸¸ µ¥ºñ¾È sarge ÀÇ °æ¿ì´Â °°ÀÌ /etc/pam_ldap.conf ¸¦ »ç¿ëÇÏ´Â µí ÇÏ´Ù.

hosts ÇÏ°í´Â ÀüÇô »ó°ü¾øÁö¸¸ libpam_cracklib µµ º¸Åë ÀÌ°Í°ú ¿¬µ¿µÇ´Â ÆÐÅ°ÁöÀ̹ǷΠ±ñ´Ù. µ¥ºñ¾È¿¡¼­ ÆÐÅ°Áö·Î ±×³É ±ò¸é µÈ´Ù.

3.3. libnss_ldap

±ò°í ³ª¼­ /etc/pam_ldap.conf ¼³Á¤ÆÄÀÏÀ» ¼³Á¤ÇÑ´Ù. µ¥ºñ¾ÈÀÇ °æ¿ì´Â libpam_ldap ÆÐÅ°Áö¸¦ ¼³Ä¡ÇÒ ¶§ debconf ·Î ¼³Á¤ÀÌ ±âº»ÀûÀ¸·Î µÈ´Ù. È¿À² Çâ»óÀ» À§ÇØ Ãß°¡·Î·Î nss °ü·Ã ¿É¼ÇµéÀº ¼öµ¿À¸·Î ¼³Á¤ÇÒ ¼ö ÀÖ´Ù. ¿É¼Ç ¼³Á¤Àº ±âº» ¼³Ä¡ ÆÄÀÏ¿¡ ¿¹Á¦°¡ ÁÖ¼®Ã³¸®µÇ¾î ÀÖ´Ù.

Âü°í·Î ÀÎÅÍ³Ý °Ë»ö °á°ú·Î ºÁ¼­´Â ¾î¶² Ç÷§Æû¿¡¼­´Â nss_ldap ÀÇ °æ¿ì /etc/nss_ldap.conf °ú °°Àº ¼³Á¤ÆÄÀÏÀÌ ÀÖ´Â °æ¿ìµµ ÀÖ´Â °Í °°±âµµ ÇÏ´Ù. ÇÏÁö¸¸ µ¥ºñ¾È sarge ÀÇ °æ¿ì´Â °°ÀÌ /etc/pam_ldap.conf ¸¦ °°ÀÌ »ç¿ëÇÏ´Â °ÍÀ¸·Î º¸ÀδÙ.

3.4. nscd

ÀÌ°Ô name service caching daemon À̶ó À̸§ ±×´ë·Î ¾ø¾îµµ ¿øÄ¢ÀûÀ¸·Î´Â µÇ´Â °Í °°´Ù. ÇÏÁö¸¸ ÀÌ°Ô ¾øÀ¸¸é ¼³Á¤ÀÌ ¾î·Æ´Ù. ¼ÖÁ÷È÷ ÀÌ°Å ¾øÀÌ´Â Á¦´ë·Î ÀÛµ¿ÇÏ°Ô ÇÏ´Â ¹æ¹ýÀ» ¾ÆÁ÷ ¸ð¸£°Ú°í ±»ÀÌ ¾Ë ÇÊ¿äµµ ¾øÀ» °Í °°´Ù. È¿À² ¸é¿¡ À־³ª ¼³Á¤ÀÌ º¹ÀâÇØÁø´Ù´Â Á¡¿¡ À־³ª ÀÌ°Ç ÇʼöÀûÀ¸·Î ±ò¾Æ¾ß ÇÑ´Ù°í »ý°¢ÇÏ¸é µÇ°Ú´Ù.

µ¥ºñ¾È¿¡¼­ ¼³Á¤ÀÌ ÇÊ¿ä¾ø´Ù. ±×³É ÆÐÅ°Áö·Î ±ò°í ¶ç¿ì±â¸¸ ÇÏ¸é µÈ´Ù. ¼³Á¤ÆÄÀÏ¿¡ ij½Ã ½Ã°£ µîÀÇ ¼³Á¤ÀÌ ÀÖÀ» »ÓÀÌ´Ù. ¿øÇÏ´Â ´ë·Î º¯°æÇÏ¸é µÈ´Ù.

4. »ç¿ë ¿¹

kyagrd@kyagrd:kyagrd$ ###################### LDAP ¿¡´Â µé¾îÀÖ´Ù. ####
kyagrd@kyagrd:kyagrd$ ldapsearch -x -LLL -b 'ou=hosts,dc=kyagrd,dc=dyndns,dc=org' "(cn=myhost.yyy.net)"
dn: cn=myhost.yyy.net,ou=hosts,dc=kyagrd,dc=dyndns,dc=org
objectClass: device
objectClass: ipHost
objectClass: top
ipHostNumber: 143.248.1.177
cn: myhost.yyy.net

kyagrd@kyagrd:kyagrd$ ###################### hosts ÆÄÀÏ¿¡µµ ¾ø´Ù. ####
kyagrd@kyagrd:kyagrd$ grep 'myhost.yyy.net' /etc/hosts 
kyagrd@kyagrd:kyagrd$ ###################### DNS ¿¡¼­µµ ¸øã´Â´Ù ####
kyagrd@kyagrd:kyagrd$ nslookup myhost.yyy.net
Server:         168.126.63.1
Address:        168.126.63.1#53

** server can't find myhost.yyy.net: NXDOMAIN

kyagrd@kyagrd:kyagrd$ ################# ÇÏÁö¸¸ ÇÁ·Î±×·¥µéÀº ã´Â´Ù!! ####
kyagrd@kyagrd:kyagrd$ ping myhost.yyy.net
PING myhost.yyy.net (143.248.1.177) 56(84) bytes of data.

--- myhost.yyy.net ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms

kyagrd@kyagrd:kyagrd$ cat modify.ldif
dn: cn=myhost.yyy.net,ou=hosts,dc=kyagrd,dc=dyndns,dc=org
changetype: modify
replace: ipHostNumber
ipHostNumber: 127.0.0.1
kyagrd@kyagrd:kyagrd$ #################### IPÁÖ¼Ò¸¦ °íÄ£´Ù. ####
kyagrd@kyagrd:kyagrd$ ldapmodify -x -D 'cn=admin,dc=kyagrd,dc=dyndns,dc=org' -f modify.ldif -W
Enter LDAP Password:
modifying entry "cn=myhost.yyy.net,ou=hosts,dc=kyagrd,dc=dyndns,dc=org"

kyagrd@kyagrd:kyagrd$ # nscd ij½Ã°¡ ¾ÆÁ÷ »ì¾ÆÀÖ¾î Àû¿ëÀÌ ¾ÈµÆ´Ù.
kyagrd@kyagrd:kyagrd$ ping myhost.yyy.net
PING myhost.yyy.net (143.248.1.177) 56(84) bytes of data.

--- myhost.yyy.net ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms
kyagrd@kyagrd:kyagrd$ ###################### nscd ¸¦ ´Ù½Ã ¶ç¿î´Ù ####
kyagrd@kyagrd:kyagrd$ su
Password:
kyagrd:/home/kyagrd# /etc/init.d/nscd restart
Stopping Name Service Cache Daemon: nscd.
Starting Name Service Cache Daemon: nscd.
kyagrd:/home/kyagrd# exit
kyagrd@kyagrd:kyagrd$ ################## º¯°æ»çÇ×ÀÌ Àß Àû¿ëµÇ¾ú´Ù ####
kyagrd@kyagrd:kyagrd$ ping myhost.yyy.net
PING myhost.yyy.net (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=64 time=0.026 ms
64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=2 ttl=64 time=0.025 ms

--- myhost.yyy.net ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.025/0.025/0.026/0.005 ms
kyagrd@kyagrd:kyagrd$

== ÀÛ¾÷ÀÏÁö ===

¹®¼­¸¦ ¸¸µé´Ù -- kyagrd 2004-12-29

ÀϺΠ¿ÀÅ»ÀÚ ¼öÁ¤ -- drssay 2005-04-09

captcha
Username:


ID
Password
Join
One man tells a falsehood, a hundred repeat it as true.


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2006-05-26 17:41:21
Processing time 0.0067 sec