Manualshelf

HP OSMS Blueprint: Directory Services on HP ProLiant Servers with SLES10

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU
21222324252627282930
uid=<username>, cn=<mechanism>, cn=auth
The ldapwhoami command can be used to check the identity for a user.
The following steps describe how to map the SASL user, osmsusr@master, to a DN in the
LDAP namespace that is in the form:
uid=osmsusr,ou=people,dc=osm,dc=example,dc=com
1. Use the ldapadd command to add the following entry to the CDS server based on the test
data:
# /opt/symas/bin/ldapadd -x -D rootdn -w rootpw -h cds_server
dn: uid=osmsusr,ou=people,dc=osm,dc=example,dc=com
objectClass: inetOrgPerson
uid: osmsusr
sn: osms user
cn: osms user
mail: osmsusr@example.com
2. Use the ldapwhoami command to check the current identity of osmsusr@master by
entering the following:
# /opt/symas/bin/ldapwhoami -Y digest-md5 -U osmsusr@master -h master
3. At the prompt, enter the password. The following is displayed:
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: osmsusr@master
SASL SSF: 128
SASL installing layers
dn:uid=osmsusr@master,cn=digest-md5,cn=auth
Result: Success (0)
Currently the requested DN associated with osmsusr@master is
uid=osmsusr@master,cn=digest-md5,cn=auth because the user is not mapped to
any DN in the LDAP namespace.
4. Edit the slapd.conf in the CDS server by adding the following content:
authz-regexp uid="([^,]*)@master",cn=digest-md5,cn=auth
uid=$1,ou=people,dc=osm,dc=example,dc=com
This regular expression maps all users with the domain of master to the DNs of
uid=$1,ou=people,dc=osm,dc=example,dc=com.
5. Restart the CDS service and verify that no errors occurred by entering the following
command:
# /etc/init.d/cdsserver restart
6. Use the ldapwhoami command to determine the identity of osmsusr@master by entering
the following command:
# /opt/symas/bin/ldapwhoami -Y digest-md5 -U osmsusr@master -h master
The following is displayed:
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: osmsusr@master
SASL SSF: 128
SASL installing layers
dn:uid=osmsusr,ou=people,dc=osm,dc=example,dc=com
Result: Success (0)
Now the requested DN of osmsusr@master is
uid=osmsusr,ou=people,dc=osm,dc=example,dc=com. Any privileges and restrictions
on this DN cause the same effect on osmsusr@master.
24