Page tree
Skip to end of metadata
Go to start of metadata

Work in progress

Installation - Ubuntu

apt-get install 389-ds
setup-ds

Use "dc=example,dc=com" as suffix. The setup will create a basic directory structure.

Admin User

Creating admin user:

dn: cn=idm,ou=Special Users,dc=example,dc=com
objectClass: person
cn: idm
sn: IDM
userPassword: secret123

ACIs

dn: dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "IDM
  read access"; allow (read,search,compare) 
  userdn="ldap:///cn=idm,ou=Special Users,dc=example,dc=com";)

dn: ou=People,dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "IDM
  write access"; allow (all) 
  userdn="ldap:///cn=idm,ou=Special Users,dc=example,dc=com";)

dn: ou=Groups,dc=example,dc=com
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "IDM
  write access"; allow (all) 
  userdn="ldap:///cn=idm,ou=Special Users,dc=example,dc=com";)

dn: cn=changelog
changetype: modify
add: aci
aci: (target="ldap:///cn=changelog")(targetattr="*")(version 3.0; acl "IDM
  Access to ChangeLog"; allow (read,search,compare) 
  userdn="ldap:///cn=idm,ou=Special Users,dc=example,dc=com";)

 

Plugins

Configuring the memberOf plugin:

ldapmodify -D "cn=directory manager" -w secret123 -p 2389 -h localhost
dn: cn=MemberOf Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled memberofgroupattr
nsslapd-pluginEnabled: on
memberofgroupattr: uniqueMember

Enable retro changelog:

ldapmodify -D "cn=directory manager" -w secret123 -p 2389 -h localhost
dn: cn=Retro Changelog Plugin,cn=plugins,cn=config
changetype: modify
replace: nsslapd-pluginEnabled
nsslapd-pluginEnabled: on

Server restart required.

The accounts must have objectclass that allows memberOf attribute. The most suitable is inetUser object class.

See Also

  • No labels