In slap.conf add:
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
access to attr=userPassword
by self =xw
by anonymous auth
by * none
access to *
by self write
by users read
by * none
suffix "dc=us,dc=ldap,dc=com"
rootdn "cn=Manager,dc=us,dc=ldap,dc=com"
rootpw {SSHA}Bh/flrQNsDkzFV9c1C6uKkY7UuoPvuKU
(root password created using slappasswd)
create an initial structure in initial.ldif -
dn: dc=us,dc=ldap,dc=com
objectClass: dcObject
objectClass: organization
o: us.ldap.com
dc: us
dn: ou=People,dc=us,dc=ldap,dc=com
objectClass: organizationalUnit
objectClass: top
ou: People
dn: ou=Groups,dc=us,dc=ldap,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Groups
run
ldapadd -x -D cn=Manager,dc=us,dc=ldap,dc=com -W -f initial.ldif
(Use password from slapd.conf)
Create a user in adduser.ldif
dn: uid=user5,ou=People,dc=us,dc=ldap,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
cn: user5
uid: user5
uidNumber: 3000
gidNumber: 3000
homeDirectory: /home/user1
#userPassword: {SSHA}4t7lrhU5hIbMyqQMMYoRK35+hhC6FZtB
userPassword: welcome1
ldapadd -x -D "cn=Manager,dc=us,dc=ldap,dc=com" -W -f adduser.ldif
Create a group in addgroup.ldif
dn: cn=admingroup,ou=Groups,dc=us,dc=ldap,dc=com
objectClass: top
objectClass: posixGroup
cn: admingroup
userPassword: <password>
gidNumber: 3000
ldapadd -x -D "cn=Manager,dc=us,dc=ldap,dc=com" -W -f addgroup.ldif
add the user to the group in adusertogroup.ldif
dn: cn=admingroup,ou=Groups,dc=us,dc=ldap,dc=com
changetype: modify
add: memberuid
memberuid: uid=user5,ou=People,dc=us,dc=ldap,dc=com
# this must be the dn of the user to work with WebLogic query for
# Static Group DNs from Member DN filter - (&(memberUid=%M)(objectClass=posixGroup))
ldapadd -x -D "cn=Manager,dc=us,dc=ldap,dc=com" -W -f addusertogroup.ldif
Now search using
ldapsearch -x -w secret1 -D "cn=Manager,dc=us,dc=ldap,dc=com" -b
"dc=us,dc=ldap,dc=com" '(objectclass=*)'
#search using user5 pwd welcome1
ldapsearch -x -w welcome1 -D "uid=user5,ou=People,dc=us,dc=ldap,dc=com" -b
"dc=us,dc=ldap,dc=com" '(objectclass=*)'
# returns directory entries
No comments:
Post a Comment