1 / 9

Creating LDAP User Containers and Manager Accounts in OpenLDAP

This guide covers the creation of containers for users, printers, computers, and more in OpenLDAP, using organizational units (OU) and domain components (DC). You'll learn how to set up a Manager account for authentication and create user entries relevant for authentication and information lookup. The process involves defining user roles, creating necessary LDAP entries with LDIF format, and using the `slappasswd` utility to generate secure passwords. Detailed examples are provided for user objects, roles, and attributes.

coty
Télécharger la présentation

Creating LDAP User Containers and Manager Accounts in OpenLDAP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OpenLDAP: Administration CNS 4650 Fall 2004 Rev. 2

  2. Creating Containers and Manager Account • Create containers for users, printers, computers, etc. • Usually use “o” and “ou”, you can create more “dc” objects if needed • Create an actual user entry in the directory for the Manager • Authenticate with the Manager account defined in slapd.conf • Created with an LDIF

  3. Sample LDIF dn: dc=uvsc,dc=edu objectclass: dcObject objectclass: organization o: uvsc dc: uvsc dn: cn=Manager,dc=uvsc,dc=edu objectclass: organizationalRole cn: Manager

  4. Create Users Entries • Determine role of user objects in directory • Used for authentication • Used for information lookup • Combination of both

  5. Users Entries for Authentication • Allows for workstations to authenticate users from LDAP • Users will need to be of object class types • person/inetOrgPerson • posixAccount/shadowAccount • posixAccount requires • uid - example: dsinema • uidNumber - example: 10001 • gidNumber - example: 20 • homeDirectory - example: /home/dsinema • The userPassword should also be set

  6. User Authentication LDIF dn: uid=bullwinkle,ou=cns4650,dc=uvsc,dc=edu objectClass: top objectClass: person objectClass: inetorgperson objectClass: posixAccount objectClass: shadowAccount uidNumber: 1028 loginShell: /bin/bash homeDirectory: /dev/null gidNumber: 20 uid: bullwinkle cn: Bullwinkle sn: Moose mail: bullwinkle@uvsc.edu userPassword: {SSHA}2KsnBb5hjm/hJK04I6oIk7bVVN8gNeKu

  7. userPassword • Use slappasswd to create hash • slappasswd -s <password string> • Can use scripting language to automate automatic password generation

  8. Users Entries for Information Lookup • Used for email address books • Web based white/yellow pages • Users will need to be of object class types • person/inetOrgPerson • person requires • sn - example: Sinema • cn - example: Dan

  9. User Information LDIF dn: uid=bullwinkle,ou=cns4650,dc=uvsc,dc=edu objectClass: top objectClass: person objectClass: inetorgperson cn: Bullwinkle sn: Moose mail: bullwinkle@uvsc.edu

More Related