Ubuntu Server Guide Changes, errors and bugs
Modifying/Populating your Database
Download 1.27 Mb. Pdf ko'rish
|
ubuntu-server-guide
|
Modifying/Populating your Database
Let’s introduce some content to our database. We will add the following: • a node called People (to store users) • a node called Groups (to store groups) • a group called miners • a user called john Create the following LDIF file and call it add_content.ldif: dn : ou=People , dc=example , dc=com o b j e c t C l a s s : o r g a n i z a t i o n a l U n i t ou : Peo ple dn : ou=Groups , dc=example , dc=com o b j e c t C l a s s : o r g a n i z a t i o n a l U n i t ou : Groups dn : cn=miners , ou=Groups , dc=example , dc=com o b j e c t C l a s s : posixGroup cn : m i ne r s gidNumber : 5000 dn : u i d=john , ou=People , dc=example , dc=com o b j e c t C l a s s : i n e t O r g P e r s o n o b j e c t C l a s s : p o s i xA c c o un t o b j e c t C l a s s : shadowAccount u i d : john sn : Doe givenName : John cn : John Doe displayName : John Doe uidNumber : 10000 gidNumber : 5000 userPassword : {CRYPT}x g e c o s : John Doe l o g i n S h e l l : / b i n / bash 190 homeDirectory : /home/ john Note It’s important that uid and gid values in your directory do not collide with local values. You can use high number ranges, such as starting at 5000 or even higher. Add the content: $ ldapadd −x −D cn=admin , dc=example , dc=com −W −f add_content . l d i f Enter LDAP Password : ******** adding new e n t r y ” ou=People , dc=example , dc=com” adding new e n t r y ” ou=Groups , dc=example , dc=com” adding new e n t r y ” cn=miners , ou=Groups , dc=example , dc=com” adding new e n t r y ” u i d=john , ou=People , dc=example , dc=com” We can check that the information has been correctly added with the ldapsearch utility. For example, let’s search for the john entry, and request the cn and gidnumber attributes: $ l d a p s e a r c h −x −LLL −b dc=example , dc=com ’ ( u i d=john ) ’ cn gidNumber dn : u i d=john , ou=People , dc=example , dc=com cn : John Doe gidNumber : 5000 Here we used an LDAP “filter”: (uid=john). LDAP filters are very flexible and can become complex. For example, to list the group names of which john is a member, we could use the filter: (&( o b j e c t C l a s s=posixGroup ) ( memberUid=john ) ) That is a logical AND between two attributes. Filters are very important in LDAP and mastering their syntax will help a long way. They are used for simple queries like this, but can also select what content is to be replicated to a secondary server, or even in complex ACLs. The full specification is defined in RFC 4515. Notice we set the userPassword field for the john entry to the cryptic value {CRYPT}x. This essentially is an invalid password, because no hashing will produce just x. It’s a common pattern when adding a user entry without a default password. To change the password to something valid, you can now use ldappasswd: $ ldappasswd −x −D cn=admin , dc=example , dc=com −W −S u i d=john , ou=p e o p l e , dc= example , dc=com New password : Re−e n t e r new password : Enter LDAP Password : Note Remember that simple binds are insecure and you should add TLS support to your server! Modifying the slapd Configuration Database The slapd-config DIT can also be queried and modified. Here are some common operations. Download 1.27 Mb. Do'stlaringiz bilan baham: 
|