LDAP Directories Setup directories Index Descriptions of the dialogs used for directory operation. 11.. DDiirreeccttoorryy sseelleecctt ddiiaalloogg Here you must select a database to work on. You may also create a new one. 22.. DDiirreeccttoorryy ccoonnffiigg ddiiaalloogg Here you must set the prefered configuration for the database. Some options must always be set, but many are not needed. Example on a minimal setup: · Type: ldbm · Base: dc=your,dc=domain · Root: cn=manager,dc=your,dc=domain · Pass: your secret · Directory: /var/ldap/your.domain More to come, for refererence for now you have to read the LDAP server/directory guide, which is located here: SLAPD and SLURPD Administrator's Guide - Configuration file 33.. DDiirreeccttoorryy iimmppoorrtt LLDDIIFF ddiiaalloogg This will import a LDIF formatted file to a new database. It will work from the Communicator addressbook export function. Usage: · First, select a name for your directory, like "contacts" · Open the addressbook you will export in Communicator. · From the filemenu, select Export, and select "ldif" format as filetype (in linux there is no choice). · Name it contacts.db.conf.ldif and export it. · Move it to the /tmp directory. · Now start ldapconf, and goto the directory select menu. · Select the Add button. · In the input box, call it "contacts". · Configure it: · Type: ldbm · Name: contacts. · Base: dc=contacts. · Root: cn=manager,dc=contacts. · Pass: some secret. · Directory: /var/ldap/contacts (This must be created manually!) · Remember to enable the database! (with checkbox) · Exit the dialog with the OK button. · Select Import · All filenames should be correct. The check buttons ON. · Import. · Restart the ldap server (from the controlpanel). · To test it, set a client to use "dc=contacts" as base. · Hopefully you may search on names, emails or *. 44.. DDiirreeccttoorryy eexxppoorrtt LLDDIIFF ddiiaalloogg This is for backup, or export to other systems, or for regenerating (export and import for cleanup and new indexes). When selected the ldbmcat command will be run and produce a ldif formated file. Use numbers if the file will be imported into openldap again. Read more in "man ldbmcat". 55.. DDiirreeccttoorryy mmiiggrraattee ddiiaalloogg This does not work now. Do not use. 66.. UUsseerriinnffoo ((uusseerrccoonnff ccoo--mmaannaaggeerr)) It is now possible to save extra userinformation in LDAP from the normal linuxconf userconf dialog. It is enabled by default, but you have to set up a directory and configure it first. The userconf directory is currently hardcoded to use the "userinfo" directory, form and bind profile. To configure it: · Add the userinfo directory from the directory select dialog. · Configure it as default. Remember to enable it! · Init the directory with the "Create" command from the directory menu. · Restart server. · Now setup the "userinfo" form in the directory form config dialog. · And set up the correct binding from the bind profile confiurator. · Now it works like this: · When managing a local user in the usercong dialog, you have a extra tab called "LDAP". · In this tab all the fields defined in the form editor will show up. · Enter the information you want. · When you accept the user settings, the extra information will be saved in the ldap directory. · To test it, config a client for use agaist this directory, and search for a name (or *). · Current limitations: · No support for userpassword, users may not update their own info (yet). · No support for existing users. LDAP will only be used for new users. This will be fixed. · No access control. All info in this directory is available to read for anyone. 77.. AACCLL sseettttiinnggss Some examples on common ACL (access control settings) for directories. Currently ACL settings must be entered manually into the directory config files. · Protecting user passwords.Should always be used if password is stored in LDAP (the default is read access to all!). access to attr="userpassword" by self write by * compare · Give the user access to update own data. access to * by self write ·