driesverachtert/RpmRepoLdapSetup

Feel free to add/edit/move/expand/correct/.. this page.

ldapns.schema

One schema file is added to the slapd.conf file. We got it from http://linux.derkeiler.com/Mailing-Lists/Ubuntu/2007-08/msg00711.html. The schema is saved in /etc/openldap/schema/ldapns.schema:

attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
        DESC 'IANA GSS-API authorized service name'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
        DESC 'Auxiliary object class for adding authorizedService attribute'
        SUP top
        AUXILIARY
        MAY authorizedService )

objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject'
        DESC 'Auxiliary object class for adding host attribute'
        SUP top
        AUXILIARY
        MAY host )

host and authorizedService values

'host' is used to indicate if a person is allowed to login on a certain machine. For example:

host: devel.rpmrepo.org

'authorizedService' is used to indicate if a person is allowed to login on a certain service. For example:

authorizedService: wiki

This means a user will have the following in an ldiff if that user is able to login on the development server and is also able to login on the wiki.

host: devel.rpmrepo.org
authorizedService: wiki
objectClass: authorizedServiceObject
objectClass: hostObject

example entry of a complete user

Hint for the l33t haxxor: this does not contain my real password.

dn: uid=dverachtert,ou=People,dc=rpmrepo,dc=org
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
objectClass: hostObject
objectClass: authorizedServiceObject
objectClass: mailUser
cn: Dries Verachtert
sn: Verachtert
givenName: Dries
displayName: Dries Verachtert
uid: dverachtert
uidNumber: <some unique number>
gidNumber: 512
homeDirectory: /home/dverachtert
loginShell: /sbin/nologin
gecos: Dries Verachtert
userPassword:{CRYPT}$1$sDXHxwEF$JTPEWA7beg17OPXUDSP5P1
mailForwardingAddress: dries@ulyssis.org
authorizedService: wiki

Misc

Get the current used uidNumbers:

getent passwd | awk -F":"  '{print $3}'|sort -nr

driesverachtert/RpmRepoLdapSetup (last edited 2008-03-26 22:21:46 by dverachtert)