OpenLDAP on Solaris 10 - Persons and Roles

Yesterday, I posted a how-to article on OpenLDAP on Solaris 10. After installation completed, we created a simple company organizational structure as follows:

Suffix is dc=sg,dc=com. There is a People sub-suffix and a Roles sub-suffix. 

We created the Persons object under the People sub-suffix first. Then assign the Persons to each Role.

A LDIF file was created and ldapadd command was executed:

bash-3.00# /opt/openldap/bin/ldapadd -x -D "cn=Manager,dc=sg,dc=com" -w XXXXXX -f all.ldif

Sample LDIF file:

    all.ldif

    

    dn: dc=sg,dc=com

    dc: sg

    o: sg.com

    description: azlabs openldap

    objectClass: top

    objectClass: dcObject

    objectClass: organization

    

    dn: cn=Manager,dc=sg,dc=com

    objectclass: organizationalRole

    cn: Manager

    description: LDAP Directory Administrator

    

    dn: ou=people, dc=sg,dc=com

    ou: people

    description: All people in organisation

    objectclass: top

    objectclass: organizationalunit

    

    dn: uid=user1,ou=people,dc=sg,dc=com

    objectclass: top

    objectclass: organizationalPerson

    objectclass: inetOrgPerson

    cn: user1

    sn: user1

    uid: user1

    userpassword: sSmitH

    mail: user1@sg.com

    ou: IT

    

    dn: uid=user2,ou=people,dc=sg,dc=com

    objectclass: top

    objectclass: organizationalPerson

    objectclass: inetOrgPerson

    cn: user2

    sn: user2

    uid: user2

    userpassword: sSmitH

    mail: user2@sg.com

    ou: IT

    

    dn: uid=user3,ou=people,dc=sg,dc=com

    objectclass: top

    objectclass: organizationalPerson

    objectclass: inetOrgPerson

    cn: user3

    sn: user3

    uid: user3

    userpassword: sSmitH

    mail: user3@sg.com

    ou: IT

    

    dn: uid=user4,ou=people,dc=sg,dc=com

    objectclass: top

    objectclass: organizationalPerson

    objectclass: inetOrgPerson

    cn: user4

    sn: user4

    uid: user4

    userpassword: sSmitH

    mail: user4@sg.com

    ou: IT

    

    dn: uid=user5,ou=people,dc=sg,dc=com

    objectclass: top

    objectclass: organizationalPerson

    objectclass: inetOrgPerson

    cn: user5

    sn: user5

    uid: user5

    userpassword: sSmitH

    mail: user5@sg.com

    ou: IT

    

    dn: ou=Roles,dc=sg,dc=com

    objectclass: top

    objectclass: organizationalUnit

    ou: Roles

    

    # Define an Admin role.

    dn: cn=Admin,ou=Roles,dc=sg,dc=com

    objectClass: top

    objectClass: groupOfNames

    cn: Admin

    description: Admin role

    member: uid=user1,ou=People,dc=sg,dc=com

    

    # Define an Group1 role.

    dn: cn=Group1,ou=Roles,dc=sg,dc=com

    objectClass: top

    objectClass: groupOfNames

    cn: Group1

    description: Group1 role

    member: uid=user1,ou=People,dc=sg,dc=com

    member: uid=user2,ou=People,dc=sg,dc=com

    

    # Define an Group2 role.

    dn: cn=Group2,ou=Roles,dc=sg,dc=com

    objectClass: top

    objectClass: groupOfNames

    cn: Group2

    description: Group2 role

    member: uid=user1,ou=People,dc=sg,dc=com

    member: uid=user3,ou=People,dc=sg,dc=com

    member: uid=user4,ou=People,dc=sg,dc=com

    

    # Define an Group3 role.

    dn: cn=Group3,ou=Roles,dc=sg,dc=com

    objectClass: top

    objectClass: groupOfNames

    cn: Group3

    description: Group3 role

    member: uid=user1,ou=People,dc=sg,dc=com

    member: uid=user5,ou=People,dc=sg,dc=com