What?

Notes on setting up eDirectory.

eDirectory installation

tar xzf eDirectory_88SP6_Linux_x86_64.tar.gz
cd eDirectory/setup
./nds-install

echo '. /opt/novell/eDirectory/bin/ndspath' >>~/.bashrc

# setup instance
ndsconfig new

# we got also ldap* tools deployed under /opt/novell/eDirectory/bin/ 
# This will now output some objects:
ldapsearch cn

ldapsearch -b o=org dn

# now we should extend the schema, as currently i.e. posixGroup is unknown.
cd /opt/novell/eDirectory/lib64/nds-schema
# ndssch -h localhost -t YOUR_TREE ADMIN.FDN rfc2307-usergroup.sch
ndssch -h localhost -t root-rhel5u8a-NDStree admin.org rfc2307-usergroup.sch

# add objects:
ldapadd -a -D cn=admin,o=org -Z -W

# now lets transfer the certs to a client, so the client can use ldaps:
# This command brings up the paths of the 2 certs that can be transferred to the client:
find /var/ -name '*.pem'
scp /var/......pem rhel6u2c:/etc/openldap/cacerts

# careful, the client has now to fullfill some requirements to really access users/groups completely:
# - he has to use ldaps
# - he has to use a binduser, i.e. for testing cn=admin,o=org

ldap usersets

objectclass: organizationalUnit
ou: fluxcoilnet

dn: ou=groups,ou=fluxcoilnet,o=org
objectclass: organizationalUnit
ou: groups

dn: cn=group0,ou=groups,ou=fluxcoilnet,o=org
objectClass: posixGroup
objectClass: groupOfNames
cn: group0
gidNumber: 1000
fullName: group0
description: testing 

dn: cn=group1,ou=groups,ou=fluxcoilnet,o=org
objectClass: posixGroup
objectClass: groupOfNames
cn: group1
gidNumber: 1001
fullName: group1
description: testing 

dn: ou=users,ou=fluxcoilnet,o=org
objectclass: organizationalUnit
ou: users

dn: cn=user0,ou=users,ou=fluxcoilnet,o=org
objectClass: person
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
cn: user0
givenName: Christian
sn: Horn
mail: chorm@domain.net
preferredLanguage: en
telephoneNumber: +123 345
l: muc
departmentNumber: X labs
uid: user0
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/user0
loginShell: /bin/bash

dn: cn=user1,ou=users,ou=fluxcoilnet,o=org
objectClass: person
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
cn: user1
givenName: Christian
sn: Horn
mail: chorm@domain.net
preferredLanguage: en
telephoneNumber: +123 345
l: muc
departmentNumber: X labs
uid: user1
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/user1
loginShell: /bin/bash

setting a user password

# ldapmodify -D cn=admin,o=org -w password -Z 
dn: cn=user1300,ou=users,ou=fluxcoilnet,o=org
changetype: modify
userpassword: newpassword

debugging

* To access iManager install it and access https://<server ip address>:8443/nps/iManager.html
* By default operations with binds require passwords. If this should be disabled for debugging purposes:

    ldapconfig set "Require TLS for Simple Binds with Password=no"

* Get options:

    ldapconfig get

fluxcoil wiki

Sidebar

Table of Contents

What?

eDirectory installation

ldap usersets

setting a user password

debugging

fluxcoil wiki

User Tools

Site Tools

Sidebar

Table of Contents

What?

eDirectory installation

ldap usersets

setting a user password

debugging

Page Tools