Adding User Accounts to OpenLDAP

To add user accounts to an LDAP repository determine what account objects are provided by the LDAP software and ensure the correct schema are enabled. In openLDAP, as an example, I've used the posix account object to create a user with a defined dn and added that user with a password to a posixGroup using the users dn as memberuid.


In slap.conf add:

include     /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema

access to attr=userPassword
by self =xw
by anonymous auth
by * none

access to *
by self write
by users read
by * none


suffix "dc=us,dc=ldap,dc=com"
rootdn "cn=Manager,dc=us,dc=ldap,dc=com"

rootpw {SSHA}Bh/flrQNsDkzFV9c1C6uKkY7UuoPvuKU

(root password created using slappasswd)

create an initial structure in initial.ldif -

dn: dc=us,dc=ldap,dc=com
objectClass: dcObject
objectClass: organization
o: us.ldap.com
dc: us

dn: ou=People,dc=us,dc=ldap,dc=com
objectClass: organizationalUnit
objectClass: top
ou: People

dn: ou=Groups,dc=us,dc=ldap,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Groups

run

ldapadd -x -D cn=Manager,dc=us,dc=ldap,dc=com -W -f initial.ldif
(Use password from slapd.conf)

Create a user in adduser.ldif

dn: uid=user5,ou=People,dc=us,dc=ldap,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
cn: user5
uid: user5
uidNumber: 3000
gidNumber: 3000
homeDirectory: /home/user1
#userPassword: {SSHA}4t7lrhU5hIbMyqQMMYoRK35+hhC6FZtB
userPassword: welcome1



ldapadd -x -D "cn=Manager,dc=us,dc=ldap,dc=com" -W -f adduser.ldif

Create a group in addgroup.ldif

dn: cn=admingroup,ou=Groups,dc=us,dc=ldap,dc=com
objectClass: top
objectClass: posixGroup
cn: admingroup
userPassword: <password>
gidNumber: 3000

ldapadd -x -D "cn=Manager,dc=us,dc=ldap,dc=com" -W -f addgroup.ldif

add the user to the group in adusertogroup.ldif

dn: cn=admingroup,ou=Groups,dc=us,dc=ldap,dc=com
changetype: modify
add: memberuid
memberuid: uid=user5,ou=People,dc=us,dc=ldap,dc=com
# this must be the dn of the user to work with WebLogic query for
# Static Group DNs from Member DN filter - (&(memberUid=%M)(objectClass=posixGroup))

ldapadd -x -D "cn=Manager,dc=us,dc=ldap,dc=com" -W -f addusertogroup.ldif

Now search using

ldapsearch -x -w secret1  -D "cn=Manager,dc=us,dc=ldap,dc=com"  -b
"dc=us,dc=ldap,dc=com" '(objectclass=*)'

#search using user5 pwd welcome1
ldapsearch -x -w welcome1  -D "uid=user5,ou=People,dc=us,dc=ldap,dc=com"  -b
"dc=us,dc=ldap,dc=com" '(objectclass=*)'
# returns directory entries

Recovering Oracle Enterprise Manager with Audit Vault Console after disk full.

On RHEL5 with Oracle 11gR2 Audit Vault Server if hard disk fills up then the Oracle Enterprise Manager (OEM) server.xml file has all its contents removed and the dbconsole won't start.

To fix do -

Disable Database Vault
(From Oracle Database Vault Admin Guide 11gR2)

stop the dbconsole if it is up.

sqlplus sys as sysoper

SHUTDOWN NORMAL;
EXIT


cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk dv_off ioracle

sqlplus sys as sysoper

STARTUP

Recreate the EM
export $ORACLE_HOSTNAME=[host]
make sure SYS, SYSMAN, DBSNMP users have CREATE SESSION grant

emca -deconfig dbcontrol db -repos drop
emca -config dbcontrol db -repos create

Then log in to Enterprise Manager to verify it is recreated correctly.

Recreate the Audit Vault app.
avca deploy_av
This updates OC4J config files and then errors
avca redeploy

## Had to deploy_av again, using
avca deploy_av -sid <sid> -dbalias <sid>

eg
avca deploy_av -sid av.host.com -dbalias av -avconsoleport 5500

Otherwise avca start_av and other avca commands returned "Internal Error".
Also avorcldb add_source -help returned an error saying add_source command is invalid.

Then log in to av console at [emhost]:[em_port]/av

Now go and find all server.xml files and create a backup of them.