Apache Basic認証 via OpenLDAP

Apache Basic 認証 via OpenLDAP

LDAP ( 192.168.200 Fedora12 alpha ) --- Apache ( 192.168.1.150 Fedora11 )

- hostname

LDAP: alaska

[root@alaska ~]# uname -r
2.6.31-0.204.rc9.fc12.i686.PAE

Apache : arizona

[root@arizona ~]# uname -r
2.6.30.5-43.fc11.i686.PAE

[ Apache ]

[root@arizona ~]# httpd -v
Server version: Apache/2.2.13 (Unix)
Server built: Aug 18 2009 06:16:17

httpd.conf に 下記2つのモジュールが必要

[root@arizona conf]# egrep ldap httpd.conf
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

- httpd.conf

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

ServerName www.example.com:80


Options Indexes FollowSymLinks

AllowOverride None
Order allow,deny
Allow from all

# add for LDAP
AuthName "LDAP user authentication"
AuthType basic
AuthBasicProvider ldap
AuthLDAPBindDN cn=manager,dc=example,dc=com
AuthLDAPBindPassword secret
AuthLDAPURL ldap://192.168.1.150/dc=example,dc=com?uid
require ldap-attribute host=www.example.com



dc=example,dc=com の uid でユーザ名を検索する。

[ LDAP ]

[root@alaska ~]# yum install -y openldap-servers.i686

設定ファイル

/etc/openldap/slapd.conf

スキーマファイル

/etc/openldap/schema/　下にいろいろ。

- slapd.conf

最後のDNが http の認証用。

[root@alaska openldap_works]# cat ldap.ldif
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: example

dn: cn=manager,dc=example,dc=com
objectClass: organizationalRole
cn: manager

dn: uid=testuser,dc=example,dc=com
objectClass: account
objectClass: simpleSecurityObject
uid: testuser
userPassword: testuser
host: www.example.com
[root@alaska openldap_works]#
user: ldap , group: ldap で起動するので、/var/lib/ldap/* の所有者を ldap.ldap にする。

[root@alaska openldap_works]# egrep ldap /etc/passwd
ldap:x:55:55:LDAP User:/var/lib/ldap:/sbin/nologin

[root@alaska openldap_works]# chown ldap.ldap /var/lib/ldap/*
[root@alaska openldap_works]# /etc/init.d/ldap start
slapd を起動中: [ OK ]
[root@alaska openldap_works]#

今はデータは空。

[root@alaska openldap_works]# ldapsearch -x -D 'cn=manager,dc=example,dc=com' -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1
[root@alaska openldap_works]#

データを追加。

[root@alaska openldap_works]# ldapadd -x -D 'cn=manager,dc=example,dc=com' -W -f ldap.ldif
Enter LDAP Password:
adding new entry "dc=example,dc=com"

adding new entry "cn=manager,dc=example,dc=com"

adding new entry "uid=testuser,dc=example,dc=com"

[root@alaska openldap_works]#

チェック。うん、OK 。

[root@alaska openldap_works]# ldapsearch -x -D 'cn=manager,dc=example,dc=com' -W -b 'dc=example,dc=com' -LLL
Enter LDAP Password:
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: example

dn: cn=manager,dc=example,dc=com
objectClass: organizationalRole
cn: manager

dn: uid=testuser,dc=example,dc=com
objectClass: account
objectClass: simpleSecurityObject
uid: testuser
userPassword:: dGVzdHVzZXI=
host: www.example.com

[root@alaska openldap_works]#

uid=test* で検索してもOK。

[root@alaska ~]# ldapsearch -x -D 'cn=manager,dc=example,dc=com' -W -b 'dc=example,dc=com' '(uid=test*)' -LLL
Enter LDAP Password:
dn: uid=testuser,dc=example,dc=com
objectClass: account
objectClass: simpleSecurityObject
uid: testuser
userPassword:: dGVzdHVzZXI=
host: www.example.com



[ では確認 ]

[root@arizona ~]# apachectl start

http:127.1/auth にアクセス。ポップアップがでる。 user: testuser , pass: testuser と入力。

あら、インターナルエラーが。。

apache log をみると。auth failed

[root@arizona httpd]# tail /var/www/html/ error_log

[warn] [client 127.0.0.1] [11851] auth_ldap authenticate: user testuser authentication failed; URI /auth [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

ldap のログは、、何もない。apache上でキャプチャしても、ldapへのパケットが出てないなー。

おっ、イージーミス。。。httpd.conf で指定しているIPが間違ってた。

誤

AuthLDAPURL ldap://192.168.1.150/dc=example,dc=com?uid

正

AuthLDAPURL ldap://192.168.1.200/dc=example,dc=com?uid

[root@arizona conf]# apachectl restart

try again !

ん、、httpd が ldap にアクセスしてるけど、ldap が httpd の syn に対して,syn ack をかえしとらん。
httpd上でのキャプチャデータ。

[root@arizona ~]# tshark -i eth0 port 389
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
0.000000 192.168.1.150 -> 192.168.1.200 TCP 32908 > ldap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=11700888 TSER=0 WS=6
0.000964 192.168.1.150 -> 192.168.1.200 TCP 32911 > ldap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=11700888 TSER=0 WS=6


[root@arizona conf]# tail /var/log/httpd/error_log

[warn] [client 127.0.0.1] [12439] auth_ldap authenticate: user testuser authentication failed; URI /auth [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

この場合も internal error になるんだー。timed out じゃないんだ。。

ldapの調査開始。。。

0 0.0.0.0:389 よりOKそうだな。。。

[root@alaska ~]# lsof -i:389
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
slapd 9250 ldap 7u IPv4 22200 0t0 TCP *:ldap (LISTEN)
slapd 9250 ldap 8u IPv6 22201 0t0 TCP *:ldap (LISTEN)

[root@alaska ~]# netstat -an | grep 389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
tcp 0 0 :::389 :::* LISTEN
[root@alaska ~]#

iptables が原因かなー。

[root@alaska ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-is-bridged
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@alaska ~]#

フラッシュしちゃえ。
[root@alaska ~]# iptables -F
[root@alaska ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

保存。

[root@alaska ~]# iptables-save
# Generated by iptables-save v1.4.4 on Wed Sep 9 21:19:27 2009
*nat
:PREROUTING ACCEPT [533:34172]
:POSTROUTING ACCEPT [19:1214]
:OUTPUT ACCEPT [19:1214]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Wed Sep 9 21:19:27 2009
# Generated by iptables-save v1.4.4 on Wed Sep 9 21:19:27 2009
*filter
:INPUT ACCEPT [35:2492]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [12382:11627051]
COMMIT
# Completed on Wed Sep 9 21:19:27 2009
[root@alaska ~]#

再度 try !

認証のポップアップでた。

ログインできたー。

ログ。ldap のログがない。。ldap はデフォルトで　ファシリティ local4 で起動するみたい。

Fedora12 の syslogd は rsyslog なんだー。

[root@alaska etc]# egrep local4 /etc/rsyslog.conf
local4.* /var/log/slapd.log

[root@alaska etc]# /etc/init.d/rsyslog reload

もう一回チャレンジ。お、ログがでた。

Sep 9 21:40:08 alaska slapd[9459]: conn=4 fd=13 ACCEPT from IP=192.168.1.150:49908 (IP=0.0.0.0:389)
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=0 BIND dn="cn=manager,dc=example,dc=com" method=128
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=0 BIND dn="cn=manager,dc=example,dc=com" mech=SIMPLE ssf=0
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=0 RESULT tag=97 err=0 text=
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=1 SRCH base="dc=example,dc=com" scope=2 deref=3 filter="(&(objectClass=*)(uid=testuser))"
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=1 SRCH attr=uid
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=2 BIND anonymous mech=implicit ssf=0
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=2 BIND dn="uid=testuser,dc=example,dc=com" method=128
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=2 BIND dn="uid=testuser,dc=example,dc=com" mech=SIMPLE ssf=0
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=2 RESULT tag=97 err=0 text=
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=3 BIND anonymous mech=implicit ssf=0
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=3 BIND dn="cn=manager,dc=example,dc=com" method=128
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=3 BIND dn="cn=manager,dc=example,dc=com" mech=SIMPLE ssf=0
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=3 RESULT tag=97 err=0 text=
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=4 CMP dn="uid=testuser,dc=example,dc=com" attr="host"
Sep 9 21:40:08 alaska slapd[9459]: conn=4 op=4 RESULT tag=111 err=6 text=



キャプチャログ。あれ、コネクション切断しないんだー。

[root@alaska etc]# netstat -an | grep 389
tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.200:389 192.168.1.150:55282 ESTABLISHED
tcp 0 0 :::389 :::* LISTEN

[root@arizona conf]# tshark -i eth0 port 389
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
0.000000 192.168.1.150 -> 192.168.1.200 TCP 55282 > ldap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=13017999 TSER=0 WS=6
0.000480 192.168.1.200 -> 192.168.1.150 TCP ldap > 55282 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=8595721 TSER=13017999 WS=6
0.000542 192.168.1.150 -> 192.168.1.200 TCP 55282 > ldap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=13017999 TSER=8595721
0.006765 192.168.1.150 -> 192.168.1.200 LDAP bindRequest(1) "cn=manager,dc=example,dc=com" simple
0.007156 192.168.1.200 -> 192.168.1.150 TCP ldap > 55282 [ACK] Seq=1 Ack=49 Win=5824 Len=0 TSV=8595728 TSER=13018005
0.008325 192.168.1.200 -> 192.168.1.150 LDAP bindResponse(1) success
0.008377 192.168.1.150 -> 192.168.1.200 TCP 55282 > ldap [ACK] Seq=49 Ack=15 Win=5888 Len=0 TSV=13018007 TSER=8595729
0.010570 192.168.1.150 -> 192.168.1.200 LDAP searchRequest(2) "dc=example,dc=com" wholeSubtree
0.012828 192.168.1.200 -> 192.168.1.150 LDAP searchResEntry(2) "uid=testuser,dc=example,dc=com"
0.012991 192.168.1.200 -> 192.168.1.150 LDAP searchResDone(2) success
0.027041 192.168.1.150 -> 192.168.1.200 TCP 55282 > ldap [ACK] Seq=129 Ack=89 Win=5888 Len=0 TSV=13018026 TSER=8595733
0.027158 192.168.1.150 -> 192.168.1.200 LDAP bindRequest(3) "uid=testuser,dc=example,dc=com" simple
0.028890 192.168.1.200 -> 192.168.1.150 LDAP bindResponse(3) success
0.029426 192.168.1.150 -> 192.168.1.200 LDAP bindRequest(4) "cn=manager,dc=example,dc=com" simple
0.030524 192.168.1.200 -> 192.168.1.150 LDAP bindResponse(4) success
0.030632 192.168.1.150 -> 192.168.1.200 LDAP compareRequest(5) "uid=testuser,dc=example,dc=com"
0.031894 192.168.1.200 -> 192.168.1.150 LDAP compareResponse(5) compareTrue
0.071830 192.168.1.150 -> 192.168.1.200 TCP 55282 > ldap [ACK] Seq=293 Ack=131 Win=5888 Len=0 TSV=13018071 TSER=8595753

stop すると、fin だすなー。

[root@arizona ~]# apachectl stop

161.298675 192.168.1.150 -> 192.168.1.200 TCP 55282 > ldap [FIN, ACK] Seq=293 Ack=131 Win=5888 Len=0 TSV=13179297 TSER=8595753
161.299475 192.168.1.200 -> 192.168.1.150 TCP ldap > 55282 [FIN, ACK] Seq=131 Ack=294 Win=5824 Len=0 TSV=8757020 TSER=13179297
161.299551 192.168.1.150 -> 192.168.1.200 TCP 55282 > ldap [ACK] Seq=294 Ack=132 Win=5888 Len=0 TSV=13179298 TSER=8757020

ldapのログにも closed がでた。。

Sep 9 21:40:36 alaska slapd[9459]: conn=4 fd=13 closed (connection lost)

デフォルトのタイムアウトは何秒だろう。。しばらくほったらかしにしてみよう。。
コネクションはったままで、無通信状態が長いと、FWやLBなどフローを意識する機器が存在する場合、
フローテーブルのタイムアウトでコネクション切断する可能性があるので。。。

10分以上経過してもクローズしないなー。

slapd.log

Sep 9 21:45:51 alaska slapd[9526]: conn=0 op=4 RESULT tag=111 err=6 text=

[root@arizona ~]# LANG=C date;netstat -an | grep 389 | grep "192.168.1.200"
Wed Sep 9 22:00:00 JST 2009
tcp 0 0 192.168.1.150:38731 192.168.1.200:389 ESTABLISHED

ldap にユーザ追加して、別ユーザでログインしてみると、同じコネクション使うのかな。。

[root@alaska openldap_works]# ldapadd -x -D 'cn=manager,dc=example,dc=com' -W -f ldap2.ldif
Enter LDAP Password:
adding new entry "uid=testuser2,dc=example,dc=com"

adding new entry "uid=testuser3,dc=example,dc=com"

別ユーザ名入力すると別コネクションではりにいくんだ。。
しかし、httpd - apache 間のコネクション切れないなー。

3ユーザ分認証したら、3つコネクションはったままだ。。

[root@arizona ~]# LANG=C date;netstat -an | grep 389 | grep "192.168.1.200"
Wed Sep 9 22:17:39 JST 2009
tcp 0 0 192.168.1.150:46042 192.168.1.200:389 ESTABLISHED
tcp 0 0 192.168.1.150:38731 192.168.1.200:389 ESTABLISHED
tcp 0 0 192.168.1.150:46036 192.168.1.200:389 ESTABLISHED
[root@arizona ~]#

いつコネクション切るんだ。。。。??
あとで調べよう。。

コンフィグ

- httpd.conf

[root@arizona ~]# egrep -v "#" /etc/httpd/conf/httpd.conf | egrep -v "^$" | egrep -vi lang | grep -vi icon
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15

StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000


StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0

Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule cgi_module modules/mod_cgi.so
Include conf.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
ServerName www.example.com:80
UseCanonicalName Off
DocumentRoot "/var/www/html"

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all


UserDir disabled

DirectoryIndex index.html index.html.var
AccessFileName .htaccess

Order allow,deny
Deny from all

TypesConfig /etc/mime.types
DefaultType text/plain

MIMEMagicFile conf/magic

HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature On
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all


DAVLockDB /var/lib/dav/lockdb

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

AllowOverride None
Options None
Order allow,deny
Allow from all

IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
ReadmeName README.html
HeaderName HEADER.html
AddDefaultCharset UTF-8
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
AddHandler cgi-script .cgi
AddHandler type-map var
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/error/"



AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all



BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthName "LDAP user authentication"
AuthType basic
AuthBasicProvider ldap
AuthLDAPBindDN cn=manager,dc=example,dc=com
AuthLDAPBindPassword secret
AuthLDAPURL ldap://192.168.1.200/dc=example,dc=com?uid
require ldap-attribute host=www.example.com

[root@arizona ~]#


- slapd.conf

[root@alaska ~]# egrep -v "#" /etc/openldap/slapd.conf | egrep -v "^$"
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
logfile /var/log/slapd.conf
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database bdb
suffix "dc=example,dc=com"
checkpoint 1024 15
rootdn "cn=manager,dc=example,dc=com"
rootpw secret
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
database monitor
[root@alaska ~]#

プレステ3...誘惑に負けて、amazon で注文しちゃった。。
こういうの、行動経済学でなんて言うんだっけ??
今注文しないと、売りきれちゃうかもーと思って、
特にやりたいゲームが今のところないのに、注文。。。。
損失回避性??
恐るべし! 物欲。。