john pfeiffer

Ldap apacheds create dc ou structure

apacheds-create-dc-ou-structure

A partition (or context) defines separate pieces of the directory database

The Directory Information Base can be separated into parts called naming contexts

If a DSA cannot respond to a query using information in the naming contexts it hosts, it sends the client a referral to a DSA hosting the next higher or lower naming context in the tree (depending on the distinguished name of the object in the search).

sudo /etc/init.d/apacheds-1.5.7-default stop

[apacheds_home]/conf

sudo vi /var/lib/apacheds-1.5.7/default/conf/server.xml

add a jdbmPartition

<partitions>
  <jdbmPartition id="addomaincom" suffix="dc=domain,dc=com" >
  </jdbmPartition>

sudo /etc/init.d/apacheds-1.5.7-default start

Start Apache Directory Studio and connect to your LDAP server (10389, uid=admin,ou=system, secret)

Browse and Right click on Root DSE(3) -> New Context Entry -> Create entry from scratch Available object classes = domain -> ADD = domain and top -> NEXT Distinguished Name dropdown: dc=domain,dc=com ... FINISH

Now in LDAP Browser -> Root DSE (4) -> (world icon) dc=domain,dc=com

Right click on your new dc=domain,dc=com -> New Entry -> Create Entry from scratch Available object classes = organizationalUnit (double click) = organizationalUnit and top -> NEXT RDN: ou = Users

This will emulate the AD version of distinguishedName: CN=Users,DC=domain,dc=com

Now you can right click on a user (i.e. ou=system,uid=admin) and Copy Entry/DN Then you can right click on your new ou=Users and Paste Entry (Object only)

Double click on your new User and you can double click on the cn "Value" column -> change the CN Similarly modify the displayName and uid (Right click and Move -> Browse is also effective for moving objects around)

UNFORTUNATELY THERE'S A SLIGHT DIFFERENCES:

AD BindDN: cn=Administrator,cn=Users,DC=domain,DC=com LDAP BindDN: uid=Administrator,ou=Users,DC=domain,DC=com

In AD there are "containers" Users and System, they are not OU's. A workaround is creating OU=Service in both systems to contain your BindDN User.

AD BindDN: cn=Administrator,ou=Service,DC=domain,DC=com LDAP BindDN: uid=Administrator,ou=Service,DC=domain,DC=com

BUT there will be problems with your schema attributes (i.e. no display name...) Hmmm... wrong objectclass too...

INSTEAD you can also create a New Entry -> OrganizationalPerson (auto creates person + top) RDN: cn = Admin (sn = Administrator)

Published

Category

linux

~328 words

Tags