Manualshelf

HP OSMS Blueprint: Directory Services on HP ProLiant Servers with SLES10

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU
21222324252627282930
following the steps in “Mapping SASL Users to Distinguish Names” (page 23). The only
difference is that the directive in slapd.conf is sasl-regexp instead of authz-regexp.
Directory Security
Access to the slapd entries and attributes stored in the CDS server is controlled by the Access
Control Lists (ACLs) which are configured by access directives in the file slapd.conf. The
structure of the access control directives is as follows:
access to <what> [ by <who> <access> [ <control> ] ]
The <what> field specifies the entries or attributes the access directive applies to. It can have the
following forms:
dn.<dnstyle>=<DN>
filter=<ldapfilter>
attrs=<attrlist>
The <who> field means what types of users the access directive applies to. There may be multiple
<who> fields in an access directive, indicating different users are granted different privileges on
the same resource. It can have the following forms:
*
anonymous
users
self
dn.<dnstyle>=<DN>
dnattr=<attrname>
group=<group>
peername=<peername>
sockname=<sockname>
domain=<domain>
sockurl=<sockurl>
The <access> field indicates the specific privileges <who> is granted. It can have one of the
following values:
none
auth
compare
search
read
write
The <control>field is optional. It controls the flow of the access rule application. It can have
one of the following values:
stop
continue
break
For more information on access directives, visit the Web site located at:
http://www.openldap.org/doc/admin23/slapdconf2.html#Access%20Control
In the following example, five DNs are created as the users. They are granted different privileges
on the ou attribute and the userPassword attribute of dc=osm,dc=example,dc=com.
1. Verify that the CDS test data has been added to the CDS server by entering the following
command on the CDS server:
# /opt/symas/bin/ldapsearch -b 'dc=osm,dc=example,dc=com' -s base
2. Add the following DNs as the test users using the ldapadd command as follows:
# /opt/symas/bin/ldapadd -x -D rootdn -w rootpw -h CDS_SERVER
dn: dc=dn1,dc=example,dc=com
objectClass: dcObject
28