Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

171

172

173

174

175

176

177

178

179

180

Follow OpenLDAP instructions for generating and installing CA certificates on an OpenLDAP server.

2. Enable group membership through the memberOf mechanism by including the memberOf overlay in the slapd.conf file.

3. Create entries (users) in the OpenLDAP Directory.

4. Assign users to groups by using the member attribute.

5. Use the ldapCfg --maprole

ldap_role_name

switch_role

command to map an LDAP server role to one of the default roles

available on the switch.

6. Add the user’s Virtual Fabrics to the user entry.

a) Add the brcdAdVfData attribute to the existing OpenLDAP schema,

b) Add the brcdAdVfData attribute to the user entry in the LDAP directory with a value that identifies the Virtual Fabrics with

which to associate the user.

Enabling group membership

Group membership in OpenLDAP is specified by an overlay called memberOf. Overlays are helpful in customizing the back-end

behavior without requiring changes to the back-end code. The memberOf overlay updates the memberOf attribute whenever changes

occur to the membership attribute of entries of the groupOfNames objectClass. To include this overlay, add "overlay memberof" to the

slapd.conf file, as shown in the following example.

overlay memberof

Example file:

include /usr/local/etc/openldap/schema/core.schema

include /usr/local/etc/openldap/schema/cosine.schema

include /usr/local/etc/openldap/schema/local.schema

###############################################

TLSCACertificateFile /root/sachin/ldapcert/cacert.pem

TLSCertificateFile /root/sachin/ldapcert/serverCert.pem

TLSCertificateKeyFile /root/sachin/ldapcert/serverKey.pem

TLSVerifyClient never

pidfile /usr/local/var/run/slapd.pid

argsfile /usr/local/var/run/slapd.args

database bdb

suffix "dc=mybrocade,dc=com"

rootdn "cn=Manager,dc=mybrocade,dc=com"

rootpw {SSHA}HL8uT5hPaWyIdcP6yAheMT8n0GoWubr3

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory /usr/local/var/openldap-data

# Indices to maintain

index objectClass eq

overlay memberof

Adding entries to the directory

To add entries in the OpenLDAP directory, perform the following steps.

1. Using a text editor of your choice, create a .ldif file and enter the information for the entry.

The following example defines an organizational role for the Directory Manager in a .ldif file for an organization with the domain

name mybrocade.com.

# Organization for mybrocade Corporation

dn: dc=mybrocade,dc=com

objectClass: dcObject

objectClass: organization

dc: mybrocade

o: Mybrocade Corporation

description: Mybrocade Corporation

############################################################################

# Organizational Role for Directory Manager

Managing User Accounts

Brocade Fabric OS Administration Guide, 8.0.1

53-1004111-02 177