Tuesday, 18 December 2012

Adding User Accounts to OpenLDAP

To add user accounts to an LDAP repository determine what account objects are provided by the LDAP software and ensure the correct schema are enabled. In openLDAP, as an example, I've used the posix account object to create a user with a defined dn and added that user with a password to a posixGroup using the users dn as memberuid.


In slap.conf add:

include     /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema

access to attr=userPassword
by self =xw
by anonymous auth
by * none

access to *
by self write
by users read
by * none


suffix "dc=us,dc=ldap,dc=com"
rootdn "cn=Manager,dc=us,dc=ldap,dc=com"


rootpw {SSHA}Bh/flrQNsDkzFV9c1C6uKkY7UuoPvuKU

(root password created using slappasswd)

create an initial structure in initial.ldif -

dn: dc=us,dc=ldap,dc=com
objectClass: dcObject
objectClass: organization
o: us.ldap.com
dc: us

dn: ou=People,dc=us,dc=ldap,dc=com
objectClass: organizationalUnit
objectClass: top
ou: People

dn: ou=Groups,dc=us,dc=ldap,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Groups

run

ldapadd -x -D cn=Manager,dc=us,dc=ldap,dc=com -W -f initial.ldif
(Use password from slapd.conf)

Create a user in adduser.ldif

dn: uid=user5,ou=People,dc=us,dc=ldap,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
cn: user5
uid: user5
uidNumber: 3000
gidNumber: 3000
homeDirectory: /home/user1
#userPassword: {SSHA}4t7lrhU5hIbMyqQMMYoRK35+hhC6FZtB
userPassword: welcome1



ldapadd -x -D "cn=Manager,dc=us,dc=ldap,dc=com" -W -f adduser.ldif


Create a group in addgroup.ldif

dn: cn=admingroup,ou=Groups,dc=us,dc=ldap,dc=com
objectClass: top
objectClass: posixGroup
cn: admingroup
userPassword: <password>
gidNumber: 3000

ldapadd -x -D "cn=Manager,dc=us,dc=ldap,dc=com" -W -f addgroup.ldif

add the user to the group in adusertogroup.ldif

dn: cn=admingroup,ou=Groups,dc=us,dc=ldap,dc=com
changetype: modify
add: memberuid
memberuid: uid=user5,ou=People,dc=us,dc=ldap,dc=com
# this must be the dn of the user to work with WebLogic query for
# Static Group DNs from Member DN filter - (&(memberUid=%M)(objectClass=posixGroup))

ldapadd -x -D "cn=Manager,dc=us,dc=ldap,dc=com" -W -f addusertogroup.ldif



Now search using

ldapsearch -x -w secret1  -D "cn=Manager,dc=us,dc=ldap,dc=com"  -b
"dc=us,dc=ldap,dc=com" '(objectclass=*)'

#search using user5 pwd welcome1
ldapsearch -x -w welcome1  -D "uid=user5,ou=People,dc=us,dc=ldap,dc=com"  -b
"dc=us,dc=ldap,dc=com" '(objectclass=*)'
# returns directory entries







No comments:

Post a Comment