populating the directory
We can put many objects in a LDAP directory. And we are free how to structure the data. We could put all at the same place or we can create subbranches where we want to lay the data. To create subbranches one usually uses "organisational units" (ou). So we first want to create a ou that shall hold all our users data.
# users ou dn: ou=users,dc=redflo,dc=de ou: users objectClass: organizationalUnit
and we add it with ldapadd:
ldapadd -x -D "cn=Manager,dc=redflo,dc=de" -W -f ou_users.ldif
Enter LDAP Password:
adding new entry "ou=users,dc=redflo,dc=de"
You could also be very lazy and use a graphical interface to add it. The advantage of a graphical interface is, that you don't have to care about ldif format and schema settings. But you can also learn: We use a graphical interface that can extract the object in a ldif file.
We use luma. Go and install it. See Suse 10.0 Tips if you use Suse 10.0. In luma you first have to setup a connection to your ldap server:
- Klick Settings->Manage Server List
- Klick Add...
- choose a name for the connection
- fill the hostname and press "apply". You should see a Base DN.
- On the security tab, uncheck "Anonymous bind"
- On the field "Bind as:" enter your rootdn: cn=Manager,dc=redflo,dc=de
Now we use the Plugin "Usermanagement" to modify the directory:
- At "server" choose your connection
- klick "Add..."
- expand your connection, your base dn and highlight the ou users and klick "next".
- in The field User ID you insert the unix username
- In Common name we insert it again
- Click on "Manage group memberships" and set the unix group (we'll use ldap groups later)
- Set a password. Even if we don't want to use it, it is more secure to choose a good password here so that your ldap directory is safe.
You can now use the browser to watch the entry. With the browser you can also check what attributes you can set else: Highlight the object and use the contect menu to add a attribute. And you can export the object in ldif format. My ldif file looks like this:
dn: uid=joe,ou=users,dc=redflo,dc=de cn: joe gecos: Joe Cool gidNumber: 500 homeDirectory: /home/joe loginShell: /bin/bash objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person sn: joe uid: joe uidNumber: 1024 userPassword:: e01ENX1DVVg4bGhIMVg5RGhnL3VMQkU4YS9nPT0K
You could use this as template for inserting new users.
A more powerful but also more complex alternative to luma is Apaches http://directory.apache.org/studio/.