HP OSMS Blueprint: Directory Services on HP ProLiant Servers with SLES10
objectClass: organizationalUnit
dc: dn1
ou: dn1
dn: dc=dn2,dc=example,dc=com
objectClass: dcObject
objectClass: organizationalUnit
dc: dn2
ou: dn2
dn: dc=dn3,dc=example,dc=com
objectClass: dcObject
objectClass: organizationalUnit
dc: dn3
ou: dn3
dn: dc=dn4,dc=example,dc=com
objectClass: dcObject
objectClass: organizationalUnit
dc: dn4
ou: dn4
dn: dc=dn5,dc=example,dc=com
objectClass: dcObject
objectClass: organizationalUnit
dc: dn5
ou: dn5
3. For each DN created in step 2, set the test password to abc123 using the ldappasswd
command. For example, enter the following command to set a password for
dc=dn1,dc=example,dc=com:
# /opt/symas/bin/ldappasswd -x -D rootdn -w rootpw \
-h cds_server -s abc123 dc=dn1,dc=example,dc=com
4. Add the following access directives to the slapd.conf file:
access to dn="dc=osm,dc=example,dc=com" attrs=ou,userPassword
by dn="dc=dn1,dc=example,dc=com" none
by anonymous auth
by dn="dc=dn2,dc=example,dc=com" compare
by dn="dc=dn3,dc=example,dc=com" search
by dn="dc=dn4,dc=example,dc=com" read
by dn="dc=dn5,dc=example,dc=com" write
NOTE: You must input a tab before the line " by dn=" otherwise the ACL will not work.
These directives should be placed before the default access directives:
access to *
by self write
by users read
by anonymous auth
5. Restart the CDS server and verify that no errors occurred by entering the following command:
# /etc/init.d/cdsserver restart
6. Use the ldapcompare command with 'dc=dn1,dc=example,dc=com' as the user to verify
that the user has no privileges to perform compare operations on the DN:
# /opt/symas/bin/ldapcompare -x -D 'dc=dn1,dc=example,dc=com' \
-w abc123 -h cds_server dc=osm,dc=example,dc=com ou:osm
Because the user 'dc=dn1,dc=example,dc=com' is assigned a privilege value of none, it
cannot perform any operations on the specified resource.
Setting up Security for the CDS Server 29