· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
Hosts With LDAP

ÀÏÁ¾ÀÇ HOWTO ¹®¼­ÀÔ´Ï´Ù.


ÀÌ ¹®¼­´Â ¿©·¯ ´ëÀÇ ¼­¹ö¿¡¼­ LDAP¸¦ ÅëÇØ hosts Á¤º¸¸¦ Çϳª·Î °ü¸®ÇÏ´Â ¹æ¹ýÀÌ´Ù. LDAP´Â ¹ü¿ëÀûÀÎ µð·ºÅ丮 ¼­ºñ½º·Î »ç¿ëÀÚ ÀÎÁõ »Ó ¾Æ´Ï¶ó hosts µî NIS·Î °øÀ¯ÇÏ´Â Á¤º¸µéÀ» ´ëºÎºÐÀÇ Á¤º¸µéÀ» °øÀ¯ÇÒ ¼ö ÀÖ´Â ±¸ÇöµéÀÌ ÀÖ´Ù. ÀÌ ¹®¼­¿¡¼­´Â ƯÈ÷ hosts Á¤º¸¸¦ LDAP¿¡¼­ ¾ò¾î¿Àµµ·Ï ¼³Á¤ÇÏ´Â ¹æ¹ý¿¡ ´ëÇØ ´Ù·ç°Ú´Ù.


Âü¿©ÇÑ ºÐ(µé): kyagrd

Âü¿©ÇÑ ºÐµéÀº ÀÛ¾÷ÀÏÁö¸¦ ÀÛ¼ºÇØ ÁÖ¼¼¿ä


1. ¼Ò°³

LDAPÀ» ÀÌ¿ëÇÑ »ç¿ëÀÚ ¹× ±×·ì ÀÎÁõ¿¡ ´ëÇÑ ¹®¼­´Â ¸¹Àº ¹Ý¸é hosts Á¤º¸¸¦ LDAP À» ÀÌ¿ëÇÑ °ü¸®¿¡ ´ëÇÑ ¹®¼­°¡ ¾ÆÁ÷ ¸¹Áö ¾Ê¾Æ ÀÌ ¹®¼­¸¦ ÀÛ¼ºÇÏ°Ô µÇ¾ú´Ù. LDAP¸¦ ÀÌ¿ëÇØ hosts ¸¦ °øÀ¯ÇØ¾ß ÇÒ Çʿ伺¿¡ ´ëÇØ ¸ÕÀú ¾Ë¾Æº¸ÀÚ.

ÇöÀç ÀÎÅͳݿ¡¼­ À̸§¿¡ ÇØ´çÇÏ´Â ÀåºñÀÇ IPÁÖ¼Ò¸¦ ¾Ë°íÀÚ ÇÒ ¶§´Â DNS ¸¦ ¾²´Â °ÍÀÌ ÀϹÝÀûÀ̳ª, ¾ÆÁ÷µµ ³»ºÎÀûÀ¸·Î¸¸ ¾²ÀÌ´Â À̸§µé(À̸¦Å×¸é »ç¼³¸Á Àåºñ À̸§)Àº DNS ¿¡ µî·ÏÇÏÁö ¾Ê°í hosts ÆÄÀÏ¿¡¸¸ ¼³Á¤ÇÏ¿© ¾²´Â °æ¿ì°¡ ¸¹´Ù. ÀüÅëÀûÀ¸·Î hosts ¸¦ ºñ·ÔÇÑ ³×Æ®¿÷ ¼³Á¤ ±×¸®°í ½Ã½ºÅÛÀÇ »ç¿ëÀÚ ¹× ±×·ì Á¤º¸¸¦ °øÀ¯Çϱâ À§ÇÑ µð·ºÅ͸® ¼­ºñ½º·Î´Â NIS¸¦ »ç¿ëÇÏ°í ÀÖ´Ù. ¾ÆÁ÷µµ º¸´Ù ½Ã½ºÅÛÀûÀÎ °Í¿¡¸¸ Ä¡ÁßÇÏ´Â °æ¿ì¿¡´Â (À̸¦Å׸é ÁÖ¿ä ¼­¹öÀÇ ÆÄÀϽýºÅÛÀ» NFS·Î ¿«±â) NIS¸¦ »ç¿ëÇÏ´Â °ÍÀÌ ´õ È¿°úÀûÀÏ ¼öµµ ÀÖ´Ù.

±×·¯³ª ½Ã½ºÅÛ »ç¿ëÀÚÀÇ ¼º°Ý°ú´Â °Å¸®°¡ ¸Õ ´ÜÁö ƯÁ¤ ¼­ºñ½º¸¦ ÀÌ¿ëÇÏ´Â »ç¿ëÀÚ¿Í ±×·ìµéÀÇ Á¤º¸¸¦ (À̸¦Å×¸é ±â¾÷ ¸ÞÀÏ ¼­ºñ½º, SAMBA ³×Æ®¿÷ °øÀ¯Æú´õ µîÀÇ »ç¿ëÀÚ ¹× ±×·ì Á¤º¸) °ü¸®ÇÏ´Â µ¥´Â º¸´Ù ¹ü¿ëÀûÀÎ µð·ºÅ丮 ¼­ºñ½ºÀÎ LDAPÀ» ÁÖ·Î »ç¿ëÇÏ´Â Ãß¼¼ÀÌ´Ù. LDAPÀº ¹ü¿ëÀûÀÎ µð·ºÅ͸® ¼­ºñ½ºÀ̱⠶§¹®¿¡ Ãß°¡ÀûÀÎ Á¤º¸¸¦ ¾Æ¿ï·¯ °ü¸®ÇÒ ¼ö ÀÖ´Â ÀåÁ¡ÀÌ ÀÖ´Ù. ¶ÇÇÑ NIS°¡ ½Ã½ºÅÛ ÆÄÀϵéÀ» ±â¹ÝÀ¸·Î ½Ã½ºÅÛ ÆÄÀÏ ÀÚü¸¦ ÀϺΠ¼öÁ¤ÇØ °¡¸é¼­ »ç¿ëÇØ¾ß ÇÏ´Â °Í°ú´Â ´Þ¸® LDAPÀ» »ç¿ëÇϸé Á¤º¸ÀÇ °ü¸®¸¦ º¸´Ù µ¶¸³ÀûÀ¸·Î °ü¸®ÇÒ ¼ö ÀÖµµ·Ï ±¸¼ºÀÌ ±ú²ýÇÑ ÀåÁ¡µµ ÀÖ´Ù. ƯÈ÷ »ç¿ëÀÚ Á¤º¸¸¦ ÀÌ¹Ì LDAPÀ¸·Î °ü¸®ÇÏ°í ÀÖ´Â °æ¿ì¶ó¸é hosts Á¤º¸µµ LDAPÀ¸·Î °ü¸®ÇÏ´Â °ÍÀÌ ´ç¿¬ÇÏ´Ù. ±×¸®°í Á¤¸»·Î ÇÊ¿äÇÏ´Ù¸é LDAP°ú NIS¸¦ µ¿½Ã¿¡ »ç¿ëÇÒ ¼öµµ ÀÖ´Ù.

2. µ¿ÀÛ ¿ø¸®

LDAP Àº ´ÜÁö µð·ºÅ͸® ¼­ºñ½ºÀÏ »ÓÀÌ´Ù. ÀÌ°ÍÀÌ hosts ÆÄÀÏ µî°ú ¿¬µ¿Çϱâ À§Çؼ­´Â º°µµÀÇ À̸§À» ¾îµð¼­ ã¾Æ¿ÃÁö ¼³Á¤ÇÏ´Â °ÍÀÌ ÇÊ¿äÇѵ¥ ÀÌ°ÍÀ» NSS ¶ó°í ºÎ¸¥´Ù. NIS °æ¿ìµµ ¸¶Âù°¡Áö´Ù.

À̸§À¸·Î IPÁÖ¼Ò¸¦ ãÀ» ¶§ ±âº»ÀûÀÌ ½Ã½ºÅÛ¿¡¼­´Â hosts ¿¡¼­ ã¾Æº¸°í ¾øÀ¸¸é DNS ¿¡¼­ ã´Â´Ù. NSS ¸¦ ¼³Á¤ÀÌ ÀÖÀ¸¸é hosts ¿Í DNS ÀÌ¿ÜÀÇ NIS, LDAP µî ´Ù¸¥ À̸§À» ¾ò¾î¿À´Â ¹æ¹ýµéÀ» Ãß°¡ÇÒ ¼ö ÀÖ°í ±× ¼ø¼­µµ ÀÓÀÇ·Î Á¶Á¤ÇÒ ¼ö ÀÖ´Ù. NSS ¼³Á¤°ú ±× µ¿ÀÛ¿¡ µû¸¥ ¿¹´Â ´ÙÀ½°ú °°´Ù.

:
<NSS °¡ ¾øÀ» ¶§ ±âº»¼³Á¤>
À̸§ ã±â °ü·Ã API °¡ ã´Â ¼ø¼­: 1./etc/hosts, 2.DNS

<NSS ¼³Á¤ °æ¿ì 1>
   # /etc/nsswitch.conf ÀÇ ÀϺÎ
   hosts:          files dns ldap

À̸§ ã±â °ü·Ã API °¡ ã´Â ¼ø¼­: 1./etc/hosts, 2.DNS, 3.LDAP

<NSS ¼³Á¤ °æ¿ì 2>
   # /etc/nsswitch.conf ÀÇ ÀϺÎ
   hosts:          files ldap dns

À̸§ ã±â °ü·Ã API °¡ ã´Â ¼ø¼­: 1./etc/hosts, 2.LDAP, 3.DNS
µµ½Ä¿¡ »ç¿ëµÈ ¾à¾î
  • NSS - Name Service Switch
  • DNS - Domain Name Service
  • LDAP - Lightweited Directory Access Protocol
±âŸ µµ½Ä¿¡ »ç¿ëµÈ ¿ë¾î
  • À̸§ ã±â °ü·Ã API: gethostbyname ¿Í °°Àº ÇÔ¼öµé

3. ÆÐÅ°Áö ¼³Ä¡ ¹× ¼³Á¤

Debian Sarge ¿¡¼­ ¼³Ä¡ÇÏ°í Å×½ºÆ®ÇØ º¸¾ÒÀ¸¹Ç·Î ÆíÀÇ»ó µ¥ºñ¾È ÆÐÅ°Áö À̸§À¸·Î Àû¾ú´Ù. ´ÙÀ½ ³× °¡Áö ÆÐÅ°Áö¸¦ ¼³Ä¡ÇØ¾ß ÇÑ´Ù. ¹°·Ð ÀÇÁ¸ ÆÐÅ°Áöµéµµ ¼³Ä¡ÇØ¾ß ÇÔÀº ´ç¿¬ÇÏ´Ù.

3.1. slapd

OpenLDAP ¼­¹ö·Î ¼³Á¤ÀÌ Á» ÇÊ¿äÇÏ´Ù. ±âº»ÀûÀÎ ¼³Á¤¿¡ ´ëÇؼ­´Â KLDPWiki ¿¡µµ ÃæºÐÇÑ Á¤º¸°¡ ÀÖ´Ù. 'LDAP System Admistraion', O'rellly Ã¥ÀÌ Âü°í¼­ÀûÀ¸·Î ÁÁ´Ù. ´ë°³ ou=hosts,dc=example,dc=com ¾Æ·¡¿¡´Ù hosts Á¤º¸¸¦ ±¸¼ºÇÑ´Ù. ´õ ÀÚ¼¼ÇÑ ³»¿ëÀº ÀÌÈÄ¿¡ ³ª¿Ã »ç¿ë ¿¹¿¡¼­ º¸ÀÏ °ÍÀÌ´Ï °Å±â¼­ È®ÀÎÇ϶ó.

3.2. libpam_ldap

libpam_ldap °¡ hosts ¼³Á¤¸¸À» À§ÇØ ÇÊ¿äÇÑÁö ¾Æ´ÑÁö´Â Àß ¸ð¸£°ÚÀ¸³ª, ¼³Á¤ÆÄÀÏ(/etc/pam_ldap.conf)À» °°ÀÌ ¾²´Â ºÎºÐÀÌ ÀÖ´Â µí ÇÏ°í °èÁ¤°ú Æнº¿öµå µîÀÇ Á¤º¸¸¦ ldap ¸¦ ÀÌ¿ëÇÏ¿© °ü¸®Çϱâ À§Çؼ­´Â ÇÊ¿äÇÑ ¸ðµâÀ̹ǷΠ±ò¾Æ µÎ´Â °ÍÀÌ ÁÁ°Ú´Ù. ÀÎÅÍ³Ý °Ë»ö °á°ú¸¦ º¸¾Æ¼­´Â ¾î¶² Ç÷§Æû¿¡¼­´Â nss_ldap ÀÇ °æ¿ì /etc/nss_ldap.conf °ú °°Àº ¼³Á¤ÆÄÀÏÀÌ ÀÖ´Â °æ¿ìµµ ÀÖ´Â °Í °°±âµµ ÇÏ´Ù. ÇÏÁö¸¸ µ¥ºñ¾È sarge ÀÇ °æ¿ì´Â °°ÀÌ /etc/pam_ldap.conf ¸¦ »ç¿ëÇÏ´Â µí ÇÏ´Ù.

hosts ÇÏ°í´Â ÀüÇô »ó°ü¾øÁö¸¸ libpam_cracklib µµ º¸Åë ÀÌ°Í°ú ¿¬µ¿µÇ´Â ÆÐÅ°ÁöÀ̹ǷΠ±ñ´Ù. µ¥ºñ¾È¿¡¼­ ÆÐÅ°Áö·Î ±×³É ±ò¸é µÈ´Ù.

3.3. libnss_ldap

±ò°í ³ª¼­ /etc/pam_ldap.conf ¼³Á¤ÆÄÀÏÀ» ¼³Á¤ÇÑ´Ù. µ¥ºñ¾ÈÀÇ °æ¿ì´Â libpam_ldap ÆÐÅ°Áö¸¦ ¼³Ä¡ÇÒ ¶§ debconf ·Î ¼³Á¤ÀÌ ±âº»ÀûÀ¸·Î µÈ´Ù. È¿À² Çâ»óÀ» À§ÇØ Ãß°¡·Î·Î nss °ü·Ã ¿É¼ÇµéÀº ¼öµ¿À¸·Î ¼³Á¤ÇÒ ¼ö ÀÖ´Ù. ¿É¼Ç ¼³Á¤Àº ±âº» ¼³Ä¡ ÆÄÀÏ¿¡ ¿¹Á¦°¡ ÁÖ¼®Ã³¸®µÇ¾î ÀÖ´Ù.

Âü°í·Î ÀÎÅÍ³Ý °Ë»ö °á°ú·Î ºÁ¼­´Â ¾î¶² Ç÷§Æû¿¡¼­´Â nss_ldap ÀÇ °æ¿ì /etc/nss_ldap.conf °ú °°Àº ¼³Á¤ÆÄÀÏÀÌ ÀÖ´Â °æ¿ìµµ ÀÖ´Â °Í °°±âµµ ÇÏ´Ù. ÇÏÁö¸¸ µ¥ºñ¾È sarge ÀÇ °æ¿ì´Â °°ÀÌ /etc/pam_ldap.conf ¸¦ °°ÀÌ »ç¿ëÇÏ´Â °ÍÀ¸·Î º¸ÀδÙ.

3.4. nscd

ÀÌ°Ô name service caching daemon À̶ó À̸§ ±×´ë·Î ¾ø¾îµµ ¿øÄ¢ÀûÀ¸·Î´Â µÇ´Â °Í °°´Ù. ÇÏÁö¸¸ ÀÌ°Ô ¾øÀ¸¸é ¼³Á¤ÀÌ ¾î·Æ´Ù. ¼ÖÁ÷È÷ ÀÌ°Å ¾øÀÌ´Â Á¦´ë·Î ÀÛµ¿ÇÏ°Ô ÇÏ´Â ¹æ¹ýÀ» ¾ÆÁ÷ ¸ð¸£°Ú°í ±»ÀÌ ¾Ë ÇÊ¿äµµ ¾øÀ» °Í °°´Ù. È¿À² ¸é¿¡ À־³ª ¼³Á¤ÀÌ º¹ÀâÇØÁø´Ù´Â Á¡¿¡ À־³ª ÀÌ°Ç ÇʼöÀûÀ¸·Î ±ò¾Æ¾ß ÇÑ´Ù°í »ý°¢ÇÏ¸é µÇ°Ú´Ù.

µ¥ºñ¾È¿¡¼­ ¼³Á¤ÀÌ ÇÊ¿ä¾ø´Ù. ±×³É ÆÐÅ°Áö·Î ±ò°í ¶ç¿ì±â¸¸ ÇÏ¸é µÈ´Ù. ¼³Á¤ÆÄÀÏ¿¡ ij½Ã ½Ã°£ µîÀÇ ¼³Á¤ÀÌ ÀÖÀ» »ÓÀÌ´Ù. ¿øÇÏ´Â ´ë·Î º¯°æÇÏ¸é µÈ´Ù.

4. »ç¿ë ¿¹

kyagrd@kyagrd:kyagrd$ ###################### LDAP ¿¡´Â µé¾îÀÖ´Ù. ####
kyagrd@kyagrd:kyagrd$ ldapsearch -x -LLL -b 'ou=hosts,dc=kyagrd,dc=dyndns,dc=org' "(cn=myhost.yyy.net)"
dn: cn=myhost.yyy.net,ou=hosts,dc=kyagrd,dc=dyndns,dc=org
objectClass: device
objectClass: ipHost
objectClass: top
ipHostNumber: 143.248.1.177
cn: myhost.yyy.net

kyagrd@kyagrd:kyagrd$ ###################### hosts ÆÄÀÏ¿¡µµ ¾ø´Ù. ####
kyagrd@kyagrd:kyagrd$ grep 'myhost.yyy.net' /etc/hosts 
kyagrd@kyagrd:kyagrd$ ###################### DNS ¿¡¼­µµ ¸øã´Â´Ù ####
kyagrd@kyagrd:kyagrd$ nslookup myhost.yyy.net
Server:         168.126.63.1
Address:        168.126.63.1#53

** server can't find myhost.yyy.net: NXDOMAIN

kyagrd@kyagrd:kyagrd$ ################# ÇÏÁö¸¸ ÇÁ·Î±×·¥µéÀº ã´Â´Ù!! ####
kyagrd@kyagrd:kyagrd$ ping myhost.yyy.net
PING myhost.yyy.net (143.248.1.177) 56(84) bytes of data.

--- myhost.yyy.net ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms

kyagrd@kyagrd:kyagrd$ cat modify.ldif
dn: cn=myhost.yyy.net,ou=hosts,dc=kyagrd,dc=dyndns,dc=org
changetype: modify
replace: ipHostNumber
ipHostNumber: 127.0.0.1
kyagrd@kyagrd:kyagrd$ #################### IPÁÖ¼Ò¸¦ °íÄ£´Ù. ####
kyagrd@kyagrd:kyagrd$ ldapmodify -x -D 'cn=admin,dc=kyagrd,dc=dyndns,dc=org' -f modify.ldif -W
Enter LDAP Password:
modifying entry "cn=myhost.yyy.net,ou=hosts,dc=kyagrd,dc=dyndns,dc=org"

kyagrd@kyagrd:kyagrd$ # nscd ij½Ã°¡ ¾ÆÁ÷ »ì¾ÆÀÖ¾î Àû¿ëÀÌ ¾ÈµÆ´Ù.
kyagrd@kyagrd:kyagrd$ ping myhost.yyy.net
PING myhost.yyy.net (143.248.1.177) 56(84) bytes of data.

--- myhost.yyy.net ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms
kyagrd@kyagrd:kyagrd$ ###################### nscd ¸¦ ´Ù½Ã ¶ç¿î´Ù ####
kyagrd@kyagrd:kyagrd$ su
Password:
kyagrd:/home/kyagrd# /etc/init.d/nscd restart
Stopping Name Service Cache Daemon: nscd.
Starting Name Service Cache Daemon: nscd.
kyagrd:/home/kyagrd# exit
kyagrd@kyagrd:kyagrd$ ################## º¯°æ»çÇ×ÀÌ Àß Àû¿ëµÇ¾ú´Ù ####
kyagrd@kyagrd:kyagrd$ ping myhost.yyy.net
PING myhost.yyy.net (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=1 ttl=64 time=0.026 ms
64 bytes from localhost.localdomain (127.0.0.1): icmp_seq=2 ttl=64 time=0.025 ms

--- myhost.yyy.net ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.025/0.025/0.026/0.005 ms
kyagrd@kyagrd:kyagrd$

== ÀÛ¾÷ÀÏÁö ===

¹®¼­¸¦ ¸¸µé´Ù -- kyagrd 2004-12-29

ÀϺΠ¿ÀÅ»ÀÚ ¼öÁ¤ -- drssay 2005-04-09

captcha
Username:


ID
Password
Join
Your mode of life will be changed for the better because of new developments.


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2006-05-26 17:41:21
Processing time 0.0023 sec