Wednesday, August 12, 2009

OpenLDAP on Solaris 10 - Persons and Roles

Yesterday, I posted a how-to article on OpenLDAP on Solaris 10. After installation completed, we created a simple company organizational structure as follows:



Suffix is dc=sg,dc=com. There is a People sub-suffix and a Roles sub-suffix. 

We created the Persons object under the People sub-suffix first. Then assign the Persons to each Role.

A LDIF file was created and ldapadd command was executed:
bash-3.00# /opt/openldap/bin/ldapadd -x -D "cn=Manager,dc=sg,dc=com" -w XXXXXX -f all.ldif
Sample LDIF file:

    all.ldif
    
    dn: dc=sg,dc=com
    dc: sg
    o: sg.com
    description: azlabs openldap
    objectClass: top
    objectClass: dcObject
    objectClass: organization
    
    dn: cn=Manager,dc=sg,dc=com
    objectclass: organizationalRole
    cn: Manager
    description: LDAP Directory Administrator
    
    dn: ou=people, dc=sg,dc=com
    ou: people
    description: All people in organisation
    objectclass: top
    objectclass: organizationalunit
    
    dn: uid=user1,ou=people,dc=sg,dc=com
    objectclass: top
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    cn: user1
    sn: user1
    uid: user1
    userpassword: sSmitH
    mail: user1@sg.com
    ou: IT
    
    dn: uid=user2,ou=people,dc=sg,dc=com
    objectclass: top
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    cn: user2
    sn: user2
    uid: user2
    userpassword: sSmitH
    mail: user2@sg.com
    ou: IT
    
    dn: uid=user3,ou=people,dc=sg,dc=com
    objectclass: top
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    cn: user3
    sn: user3
    uid: user3
    userpassword: sSmitH
    mail: user3@sg.com
    ou: IT
    
    dn: uid=user4,ou=people,dc=sg,dc=com
    objectclass: top
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    cn: user4
    sn: user4
    uid: user4
    userpassword: sSmitH
    mail: user4@sg.com
    ou: IT
    
    dn: uid=user5,ou=people,dc=sg,dc=com
    objectclass: top
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    cn: user5
    sn: user5
    uid: user5
    userpassword: sSmitH
    mail: user5@sg.com
    ou: IT
    
    dn: ou=Roles,dc=sg,dc=com
    objectclass: top
    objectclass: organizationalUnit
    ou: Roles
    
    # Define an Admin role.
    dn: cn=Admin,ou=Roles,dc=sg,dc=com
    objectClass: top
    objectClass: groupOfNames
    cn: Admin
    description: Admin role
    member: uid=user1,ou=People,dc=sg,dc=com
    
    # Define an Group1 role.
    dn: cn=Group1,ou=Roles,dc=sg,dc=com
    objectClass: top
    objectClass: groupOfNames
    cn: Group1
    description: Group1 role
    member: uid=user1,ou=People,dc=sg,dc=com
    member: uid=user2,ou=People,dc=sg,dc=com
    
    # Define an Group2 role.
    dn: cn=Group2,ou=Roles,dc=sg,dc=com
    objectClass: top
    objectClass: groupOfNames
    cn: Group2
    description: Group2 role
    member: uid=user1,ou=People,dc=sg,dc=com
    member: uid=user3,ou=People,dc=sg,dc=com
    member: uid=user4,ou=People,dc=sg,dc=com
    
    # Define an Group3 role.
    dn: cn=Group3,ou=Roles,dc=sg,dc=com
    objectClass: top
    objectClass: groupOfNames
    cn: Group3
    description: Group3 role
    member: uid=user1,ou=People,dc=sg,dc=com
    member: uid=user5,ou=People,dc=sg,dc=com
    

No comments:

Post a Comment