QTSのLDAPユーザー
QTSはそれ自身がLDAPサーバとしての機能を持つ 初期状態ではLDAPもドメインコントローラもオフになっている。
https://gyazo.com/4c0b91e570ad955168d3863d65a6f649https://gyazo.com/e24cca7c226d6e9f7b25ba1808b69b92https://gyazo.com/d315d6eb146b61ac6e1fe2f4fc0fc799
初期状態で作られるDN
LDAPサーバを有効にしたばかりのNAS本体でslapcatしてみる。 table:初期状態で作られるDN
dn objectClass
dc=moukaeritai,dc=work domain
ou=people,dc=moukaeritai,dc=work organizationalUnit
ou=group,dc=moukaeritai,dc=work organizationalUnit
ou=idpoolconf,dc=moukaeritai,dc=work organizationalUnit
cn=minid,ou=idpoolconf,dc=moukaeritai,dc=work organizationalRole, sambaUnixIdPool
cn=maxid,ou=idpoolconf,dc=moukaeritai,dc=work organizationalRole, sambaUnixIdPool
cn=curid,ou=idpoolconf,dc=moukaeritai,dc=work organizationalRole, sambaUnixIdPool
cn=maxnum,ou=idpoolconf,dc=moukaeritai,dc=work domain
sambaDomainName=moukaeritai,dc=moukaeritai,dc=work sambaDomain
cn=Domain Users,ou=group,dc=moukaeritai,dc=work top, posixGroup, sambaGroupMapping, sambaIdmapEntry, apple-group
uid=ldaptestuser,ou=people,dc=moukaeritai,dc=work top, posixAccount, shadowAccount, person, organizationalPerson, inetOrgPerson, sambaSamAccount, sambaIdmapEntry, apple-user
どちらも1000000から割り当てられる。
cn=curidには次に割り当てられるべき番号が入っている。
table:uidNumberとgidNumber
dn uidNumber gidNumber
cn=minid,ou=idpoolconf,dc=moukaeritai,dc=work 1000000 1000000
cn=maxid,ou=idpoolconf,dc=moukaeritai,dc=work 2000000 2000000
cn=curid,ou=idpoolconf,dc=moukaeritai,dc=work 1000002 1000001
cn=maxnum,ou=idpoolconf,dc=moukaeritai,dc=work 100000 100000
cn=Domain Users,ou=group,dc=moukaeritai,dc=work なし 1000000
uid=ldaptestuser,ou=people,dc=moukaeritai,dc=work 1000000 1000000
uid=ldaptestuser2,ou=people,dc=moukaeritai,dc=work 1000001 1000000
table:SID
dn sambaSID Samba objectClass
sambaDomainName=moukaeritai,dc=moukaeritai,dc=work S-1-5-21-4226765376-3808371103-950582991 sambaDomain
cn=Domain Users,ou=group,dc=moukaeritai,dc=work S-1-5-21-4226765376-3808371103-950582991-1000 sambaGroupMapping, sambaIdmapEntry
uid=ldaptestuser,ou=people,dc=moukaeritai,dc=work S-1-5-21-4226765376-3808371103-950582991-1001 sambaSamAccount, sambaIdmapEntry
uid=ldaptestuser2,ou=people,dc=moukaeritai,dc=work S-1-5-21-4226765376-3808371103-950582991-1002 sambaSamAccount, sambaIdmapEntry
sambaIdmapEntry object storing a mapping between a SID and a UNIX UID/GID. These objects are created by the idmap_ldap module as needed. Theidmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory service. homeDirectory
homeDirectoryは/home/ldaptestuserのように/home以下を指している。
NAS上では/home以下にはユーザー用のデータは何もない。
code:ls /home
httpd/ Qhttpd/
/share/homes以下にldaptestuserのためのディレクトリが作られているわけでもない。
code:ls /share/homes/
admin/ admin-sasaki/ @Recently-Snapshot/ @Recycle/ takashi/
関連項目
関連ページ
Appendix
slapcatの結果をすべて記録しておく。
dc=moukaeritai,dc=work
ルートドメインを表すのでobjectClassはdomain。
code:dc=moukaeritai,dc=work
dn: dc=moukaeritai,dc=work
dc: moukaeritai
objectClass: domain
structuralObjectClass: domain
entryUUID: b03374ab-e56b-4aa1-bf18-ac7f13173de7
creatorsName: cn=admin,dc=moukaeritai,dc=work
createTimestamp: 20220309073732Z
entryCSN: 20220309073732.652004Z#000000#000#000000
modifiersName: cn=admin,dc=moukaeritai,dc=work
modifyTimestamp: 20220309073732Z
contextCSN: 20220309073733.862295Z#000000#000#000000
ou=people,dc=moukaeritai,dc=work
code:ou=people,dc=moukaeritai,dc=work
dn: ou=people,dc=moukaeritai,dc=work
ou: people
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 27ea08f5-7a31-4f27-b3a8-c86646184c00
creatorsName: cn=admin,dc=moukaeritai,dc=work
createTimestamp: 20220309073733Z
entryCSN: 20220309073733.096742Z#000000#000#000000
modifiersName: cn=admin,dc=moukaeritai,dc=work
modifyTimestamp: 20220309073733Z
ou=group,dc=moukaeritai,dc=work
code:ou=group,dc=moukaeritai,dc=work
dn: ou=group,dc=moukaeritai,dc=work
ou: group
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 19b46cb0-ea58-4774-817f-5d8aca063db2
creatorsName: cn=admin,dc=moukaeritai,dc=work
createTimestamp: 20220309073733Z
entryCSN: 20220309073733.102174Z#000000#000#000000
modifiersName: cn=admin,dc=moukaeritai,dc=work
modifyTimestamp: 20220309073733Z
ou=idpoolconf,dc=moukaeritai,dc=work
code:ou=idpoolconf,dc=moukaeritai,dc=work
ou: idpoolconf
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: eb9e502a-a900-455e-b62b-d2e6c50ef115
creatorsName: cn=admin,dc=moukaeritai,dc=work
createTimestamp: 20220309073733Z
entryCSN: 20220309073733.117245Z#000000#000#000000
modifiersName: cn=admin,dc=moukaeritai,dc=work
modifyTimestamp: 20220309073733Z
cn=minid,ou=idpoolconf,dc=moukaeritai,dc=work
code:cn=minid,ou=idpoolconf,dc=moukaeritai,dc=work
dn: cn=minid,ou=idpoolconf,dc=moukaeritai,dc=work
cn: minid
uidNumber: 1000000
gidNumber: 1000000
objectClass: organizationalRole
objectClass: sambaUnixIdPool
structuralObjectClass: organizationalRole
entryUUID: fed3c5d7-aecd-4718-a4f4-728688817281
creatorsName: cn=admin,dc=moukaeritai,dc=work
createTimestamp: 20220309073733Z
entryCSN: 20220309073733.132600Z#000000#000#000000
modifiersName: cn=admin,dc=moukaeritai,dc=work
modifyTimestamp: 20220309073733Z
cn=maxid,ou=idpoolconf,dc=moukaeritai,dc=work
code:cn=maxid,ou=idpoolconf,dc=moukaeritai,dc=work
dn: cn=maxid,ou=idpoolconf,dc=moukaeritai,dc=work
cn: maxid
uidNumber: 2000000
gidNumber: 2000000
objectClass: organizationalRole
objectClass: sambaUnixIdPool
structuralObjectClass: organizationalRole
entryUUID: 50cf0a6f-3fce-4a1c-b1ea-427929a764b7
creatorsName: cn=admin,dc=moukaeritai,dc=work
createTimestamp: 20220309073733Z
entryCSN: 20220309073733.669885Z#000000#000#000000
modifiersName: cn=admin,dc=moukaeritai,dc=work
modifyTimestamp: 20220309073733Z
cn=curid,ou=idpoolconf,dc=moukaeritai,dc=work
code:cn=curid,ou=idpoolconf,dc=moukaeritai,dc=work
dn: cn=curid,ou=idpoolconf,dc=moukaeritai,dc=work
cn: curid
uidNumber: 1000000
objectClass: organizationalRole
objectClass: sambaUnixIdPool
structuralObjectClass: organizationalRole
entryUUID: fd492619-44b7-4069-b3ea-54d13fa6f743
creatorsName: cn=admin,dc=moukaeritai,dc=work
createTimestamp: 20220309073733Z
gidNumber: 1000001
entryCSN: 20220309073733.857067Z#000000#000#000000
modifiersName: cn=admin,dc=moukaeritai,dc=work
modifyTimestamp: 20220309073733Z
cn=maxnum,ou=idpoolconf,dc=moukaeritai,dc=work
code:cn=maxnum,ou=idpoolconf,dc=moukaeritai,dc=work
dn: cn=maxnum,ou=idpoolconf,dc=moukaeritai,dc=work
cn: maxnum
uidNumber: 100000
gidNumber: 100000
dn: dc=moukaeritai,dc=work
dc: moukaeritai
objectClass: domain
structuralObjectClass: domain
entryUUID: b03374ab-e56b-4aa1-bf18-ac7f13173de7
creatorsName: cn=admin,dc=moukaeritai,dc=work
createTimestamp: 20220309073732Z
entryCSN: 20220309073732.652004Z#000000#000#000000
modifiersName: cn=admin,dc=moukaeritai,dc=work
modifyTimestamp: 20220309073732Z
contextCSN: 20220309073733.862295Z#000000#000#000000
sambaDomainName=moukaeritai,dc=moukaeritai,dc=work
code:sambaDomainName=moukaeritai,dc=moukaeritai,dc=work
dn: sambaDomainName=moukaeritai,dc=moukaeritai,dc=work
objectClass: sambaDomain
sambaDomainName: moukaeritai
sambaSID: S-1-5-21-4226765376-3808371103-950582991
sambaAlgorithmicRidBase: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
structuralObjectClass: sambaDomain
entryUUID: ff822889-93d4-4cea-bd91-f740b745e17e
creatorsName: cn=admin,dc=moukaeritai,dc=work
createTimestamp: 20220309073733Z
sambaNextUserRid: 1001
entryCSN: 20220309073733.862295Z#000000#000#000000
modifiersName: cn=admin,dc=moukaeritai,dc=work
modifyTimestamp: 20220309073733Z
cn=Domain Users,ou=group,dc=moukaeritai,dc=work
code:cn=Domain Users,ou=group,dc=moukaeritai,dc=work
dn: cn=Domain Users,ou=group,dc=moukaeritai,dc=work
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: sambaIdmapEntry
objectClass: apple-group
cn: Domain Users
gidNumber: 1000000
sambaGroupType: 2
sambaSID: S-1-5-21-4226765376-3808371103-950582991-1000
displayName: Domain Users
description: default user group
structuralObjectClass: posixGroup
entryUUID: dea5996f-3284-4954-bce8-36b9bafd030d
creatorsName: cn=admin,dc=moukaeritai,dc=work
createTimestamp: 20220309073733Z
entryCSN: 20220309073733.851368Z#000000#000#000000
modifiersName: cn=admin,dc=moukaeritai,dc=work
modifyTimestamp: 20220309073733Z
uid=ldaptestuser,ou=people,dc=moukaeritai,dc=work
このエントリはこれまでのエントリを取得した後に作った
その影響によりこのエントリを作ったと同時にcuridも更新されている。
code:uid=ldaptestuser,ou=people,dc=moukaeritai,dc=work
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: sambaIdmapEntry
objectClass: apple-user
cn: ldaptestuser
sn: ldaptestuser
uid: ldaptestuser
uidNumber: 1000000
gidNumber: 1000000
userPassword:: e0NSWVBUfSQxJFV0c0pXN29HJHZ1Vi53RHFZdml6Z29uZ1dYaC9KWi4=
homeDirectory: /home/ldaptestuser
shadowLastChange: 19096
shadowMin: 0
shadowMax: 99999
shadowWarning: 7
shadowExpire: -1
shadowInactive: 0
shadowFlag: 0
displayName: ldaptestuser
sambaSID: S-1-5-21-4226765376-3808371103-950582991-1001
sambaLMPassword: E089FD97FC629AFB7DAE7E8163C7A0D6
sambaNTPassword: 9B5EBDE6CD5CA59935E8F38B76F6C022
sambaPasswordHistory: 000000000000000000000000000000000000000000000000000000
0000000000
sambaPwdLastSet: 1649905248
sambaKickoffTime: 0
structuralObjectClass: inetOrgPerson
entryUUID: b8daed7c-1cbb-4264-a1a1-074921e7e0c8
creatorsName: cn=admin,dc=moukaeritai,dc=work
createTimestamp: 20220414030048Z
entryCSN: 20220414030048.489916Z#000000#000#000000
modifiersName: cn=admin,dc=moukaeritai,dc=work
modifyTimestamp: 20220414030048Z