LDAP
★Controlについて
サポートするControlを確認
ldapsearch -x -H ldap://localhost:389 -b "" -s base supportedControl
利用できるControl一覧 (unboundid-ldapsdk 2.3.8)
1.2.826.0.1.3344810.2.3 MatchedValuesRequestControl
1.2.840.113556.1.4.319 SimplePagedResultsControl
1.2.840.113556.1.4.473 ServerSideSortRequestControl
1.2.840.113556.1.4.474 ServerSideSortResponseControl
1.2.840.113556.1.4.805 SubtreeDeleteRequestControl
1.2.840.113556.1.4.841 ActiveDirectoryDirSyncControl
1.2.840.113556.1.4.1413 PermissiveModifyRequestControl
1.3.6.1.1.12 AssertionRequestControl
1.3.6.1.1.13.1 PreReadRequestControl
1.3.6.1.1.13.2 PostReadRequestControl
1.3.6.1.1.21.2 TransactionSpecificationRequestControl
1.3.6.1.1.22 DontUseCopyRequestControl
1.3.6.1.4.1.42.2.27.8.5.1 DraftBeheraLDAPPasswordPolicy10RequestControl
1.3.6.1.4.1.4203.1.9.1.1 ContentSyncRequestControl
1.3.6.1.4.1.4203.1.9.1.2 ContentSyncStateControl
1.3.6.1.4.1.4203.1.9.1.3 ContentSyncDoneControl
1.3.6.1.4.1.4203.1.10.2 DraftZeilengaLDAPNoOp12RequestControl
1.3.6.1.4.1.7628.5.101.1 SubentriesRequestControl
2.16.840.1.113730.3.4.2 ManageDsaITRequestControl
2.16.840.1.113730.3.4.3 PersistentSearchRequestControl
2.16.840.1.113730.3.4.4 PasswordExpiredControl
2.16.840.1.113730.3.4.5 PasswordExpiringControl
2.16.840.1.113730.3.4.7 EntryChangeNotificationControl
2.16.840.1.113730.3.4.9 VirtualListViewRequestControl
2.16.840.1.113730.3.4.10 VirtualListViewResponseControl
2.16.840.1.113730.3.4.12 ProxiedAuthorizationV1RequestControl
2.16.840.1.113730.3.4.15 AuthorizationIdentityResponseControl
2.16.840.1.113730.3.4.16 AuthorizationIdentityRequestControl
2.16.840.1.113730.3.4.18 ProxiedAuthorizationV2RequestControl
In memory (unboundid-ldapsdk 2.3.8)
1.2.840.113556.1.4.1413
1.2.840.113556.1.4.319
1.2.840.113556.1.4.473
1.2.840.113556.1.4.805
1.3.6.1.1.12
1.3.6.1.1.13.1
1.3.6.1.1.13.2
1.3.6.1.1.21.2
1.3.6.1.1.22
1.3.6.1.4.1.7628.5.101.1
2.16.840.1.113730.3.4.12
2.16.840.1.113730.3.4.16
2.16.840.1.113730.3.4.18
2.16.840.1.113730.3.4.2
2.16.840.1.113730.3.4.9
OpenLdap (2.4.28)
2.16.840.1.113730.3.4.18
2.16.840.1.113730.3.4.2
1.3.6.1.4.1.4203.1.10.1
1.3.6.1.1.13.2
1.3.6.1.1.13.1
1.3.6.1.1.12
1.2.840.113556.1.4.319
1.2.826.0.1.3344810.2.3
Active Directory(Windows Server 2008 R2)
1.2.840.113556.1.4.319
1.2.840.113556.1.4.801
1.2.840.113556.1.4.473
1.2.840.113556.1.4.528 Persistent search
1.2.840.113556.1.4.417 Deleted object search
1.2.840.113556.1.4.619
1.2.840.113556.1.4.841
1.2.840.113556.1.4.529
1.2.840.113556.1.4.805
1.2.840.113556.1.4.521
1.2.840.113556.1.4.970
1.2.840.113556.1.4.1338
1.2.840.113556.1.4.474
1.2.840.113556.1.4.1339
1.2.840.113556.1.4.1340
1.2.840.113556.1.4.1413
1.2.840.113556.1.4.1504
1.2.840.113556.1.4.1852
1.2.840.113556.1.4.802
1.2.840.113556.1.4.1907
1.2.840.113556.1.4.1948
1.2.840.113556.1.4.1974
1.2.840.113556.1.4.1341
1.2.840.113556.1.4.2026
1.2.840.113556.1.4.2064
1.2.840.113556.1.4.2065
1.2.840.113556.1.4.2066
2.16.840.1.113730.3.4.9
2.16.840.1.113730.3.4.10
★Extensionについて
サポートするExtensionを確認
ldapsearch -x -H ldap://localhost:389 -b "" -s base supportedExtension
利用できるExtension一覧 (unboundid-ldapsdk 2.3.8)
1.3.6.1.1.8 CancelExtendedRequest
1.3.6.1.1.21.1 StartTransactionExtendedRequest
1.3.6.1.1.21.3 EndTransactionExtendedRequest
1.3.6.1.4.1.1466.20037 StartTLSExtendedRequest
1.3.6.1.4.1.4203.1.11.1 PasswordModifyExtendedRequest
1.3.6.1.4.1.4203.1.11.3 WhoAmIExtendedRequest
In memory (unboundid-ldapsdk 2.3.8)
1.3.6.1.1.21.1
1.3.6.1.1.21.3
1.3.6.1.4.1.4203.1.11.1
1.3.6.1.4.1.4203.1.11.3
OpenLdap (2.4.28)
1.3.6.1.1.8
1.3.6.1.4.1.4203.1.11.1
1.3.6.1.4.1.4203.1.11.3
★com.unboundid.ldap.sdk.ResultCode
SUCCESS 0
OPERATIONS_ERROR 1
PROTOCOL_ERROR 2
TIME_LIMIT_EXCEEDED 3
SIZE_LIMIT_EXCEEDED 4
COMPARE_FALSE 5
COMPARE_TRUE 6
AUTH_METHOD_NOT_SUPPORTED 7
STRONG_AUTH_REQUIRED 8
REFERRAL 10
ADMIN_LIMIT_EXCEEDED 11
UNAVAILABLE_CRITICAL_EXTENSION 12
CONFIDENTIALITY_REQUIRED 13
SASL_BIND_IN_PROGRESS 14
NO_SUCH_ATTRIBUTE 16
UNDEFINED_ATTRIBUTE_TYPE 17
INAPPROPRIATE_MATCHING 18
CONSTRAINT_VIOLATION 19
ATTRIBUTE_OR_VALUE_EXISTS 20
INVALID_ATTRIBUTE_SYNTAX 21
NO_SUCH_OBJECT 32
ALIAS_PROBLEM 33
INVALID_DN_SYNTAX 34
ALIAS_DEREFERENCING_PROBLEM 36
INAPPROPRIATE_AUTHENTICATION 48
INVALID_CREDENTIALS 49
INSUFFICIENT_ACCESS_RIGHTS 50
BUSY 51
UNAVAILABLE 52
UNWILLING_TO_PERFORM 53
LOOP-DETECT 54
SORT_CONTROL_MISSING 60
OFFSET_RANGE_ERROR 61
NAMING_VIOLATION 64
OBJECT_CLASS_VIOLATION 65
NOT_ALLOWED_ON_NONLEAF 66
NOT_ALLOWED_ON_RDN 67
ENTRY_ALREADY_EXISTS 68
OBJECT_CLASS_MODS_PROHIBITED 69
AFFECTS_MULTIPLE_DSAS 71
VIRTUAL_LIST_VIEW_ERROR 76
OTHER 80
SERVER_DOWN 81
LOCAL_ERROR 82
ENCODING_ERROR 83
DECODING_ERROR 84
TIMEOUT 85
AUTH_UNKNOWN 86
FILTER_ERROR 87
USER_CANCELED 88
PARAM_ERROR 89
NO_MEMORY 90
CONNECT_ERROR 91
NOT_SUPPORTED 92
CONTROL_NOT_FOUND 93
NO_RESULTS_RETURNED 94
MORE_RESULTS_TO_RETURN 95
CLIENT_LOOP 96
REFERRAL_LIMIT_EXCEEDED 97
CANCELED 118
NO_SUCH_OPERATION 119
TOO_LATE 120
CANNOT_CANCEL 121
ASSERTION_FAILED 122
AUTHORIZATION_DENIED 123
E_SYNC_REFRESH_REQUIRED 4096
NO_OPERATION 16654
INTERACTIVE_TRANSACTION_ABORTED 30221001
DATABASE_LOCK_CONFLICT 30221002
★専門用語
dc = domain component
dn = distinguished name
o = organization
ou = organization unit
c = country
cn = common name (last name)
sn = (first name)
uid= User ID
userPassword = uidに対するパスワード
★OpenLDAP (install in ubuntu)
sudo apt-get install slapd ldap-utils
sudo slapcat
ls /etc/ldap
/usr/sbin/slapd -V
★コマンド一覧
ldapadd
ldapdelete
ldapmodify
ldappasswd
ldapurl
ldapcompare
ldapexop
ldapmodrdn
ldapsearch
ldapwhoami
ldapsearch -x -b "" -s base supportedFeatures
ldapsearch -x -b "" -s base supportedControl
ldapsearch -x -b "" -s base supportedExtension
★コマンドでのデータ処理
rootdn = 'cn=admin,dc=nodomain'
rootpw = 'ldap'
データの追加
ldapadd -x -H ldap://localhost:389 -D "cn=admin,dc=nodomain" -w ldap -f add.ldif
add.ldif
#部署ツリー
dn: ou=sale,dc=nodomain
objectClass: organizationalUnit
ou: sale
#社員ツリー
dn: uid=u001,ou=sale,dc=nodomain
objectClass:inetOrgPerson
cn: jiro
sn: tokyo
uid: u001
userPassword: p-1
データの検索
ldapsearch -x -H ldap://localhost:389 -b "dc=nodomain" -s sub "(uid=*01)" dn
データの削除
ldapdelete -x -H ldap://localhost:389 -D "cn=admin,dc=nodomain" -w ldap "uid=u003,ou=develop,dc=nodomain"
データの更新
ldapmodify -x -H ldap://localhost:389 -D "cn=admin,dc=nodomain" -w ldap -f modify.ldif
modify.ldif
dn: uid=u001,ou=sale,dc=nodomain
changetype: modifty
replace: sn
sn: osaka
-
add: homeDirectory
homeDirectory: /home/osaka
-
delete: telephoneNumber
★Eclipse plugin
★LDAP Java library
・JNDI
・Apache Directory LDAP API http://directory.apache.org/api/
・UnboundID LDAP SDK for Java https://www.ldap.com/unboundid-ldap-sdk-for-java