NAME

LDAP_ADMIN.sh - perform a variety of functions on an LDAP database.

SYNOPSIS

LDAP_ADMIN.sh --help | --man | ADDTOP | ADDO | ADDOU | ADDOROLE | ADDUSER | RMUSER | MODUSER

DESCRIPTION

This script envokes various ldap utilities to perform a variety of functions on an ldap database:

OPTIONS AND ARGUMENTS

--help
Produce a help message for LDAP_ADMIN.sh

--man
Produce a Unix manual page for LDAP_ADMIN.sh

ADDTOP
Add a top level Distinguished Name (DN). This should be the first operation performed on an newly initalized ldap database.

ADDO
Add and organization (e.g., Bearfoot Computer Consulting Inc). In general this would be a company in the .com world or a University in the .edu world.

ADDOU
Add an organizational Unit (e.g., Engineering). Users are normally added after the Distinguished Name (DN) for the organizational Unit is created. (e.g., ou=Engineering,o=Bearfoot Computer Consulting Inc,dc=bearfootcomputing,dc=com)

ADDOROLE
Add an organizational Role (e.g., Manager, Worker bee, etc.) These are the next level positions in an organization. They are normally added after the organizational Unix. (e.g., cn=Manager,o=Bearfoot Computer Consulting Inc,dc=bearfootcomputing,dc=com)

ADDUSER
Add a (Linux/Solaris) Unix user

RMUSER
Remove a (Linux/Solaris) Unix user from the ldap database

MODUSER
Modify an existing (Linux/Solaris) Unix user's passwd data base information

LDAP NOTES for Linux

A number of configuration steps are necessarey to get the ldap database up and running.

ldif templates

        # Top of the LDAP Tree
        dn: dc=localhost,dc=localdomain
        objectClass: dcObject
        dc: localhost
        dn: o=Bearfoot Computer Consulting Inc,dc=localhost,dc=localdomain
        objectClass: organization
        o: Bearfoot Computer Consulting Inc
        description: The computing business at the Bearfoot R Ranch
        dn: ou=Engineering,o=Bearfoot Computer Consulting Inc,dc=localhost,dc=localdomain
        objectClass: organizationalUnit
        ou: Engineering
        description: The Engineering Devision of BCCI

Example: /usr/local/etc/openldap/slapd.conf

        # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
        #
        # See slapd.conf(5) for details on configuration options.
        # This file should NOT be world readable.
        #
        include         /usr/local/etc/openldap/schema/core.schema
        include         /usr/local/etc/openldap/schema/cosine.schema
        include         /usr/local/etc/openldap/schema/inetorgperson.schema
        include         /usr/local/etc/openldap/schema/nis.schema
        # Define global ACLs to disable default read access.
        # Do not enable referrals until AFTER you have a working directory
        # service AND an understanding of referrals.
        #referral       ldap://root.openldap.org
        pidfile         /usr/local/var/slapd.pid
        argsfile        /usr/local/var/slapd.args
        # Load dynamic backend modules:
        # modulepath    /usr/local/libexec/openldap
        # moduleload    back_ldap.la
        # moduleload    back_ldbm.la
        # moduleload    back_passwd.la
        # moduleload    back_shell.la
        #
        # Sample Access Control
        #       Allow read access of root DSE
        #       Allow self write access
        #       Allow authenticated users read access
        #       Allow anonymous users to authenticate
        #
        #access to dn="" by * read
        #access to *
        #       by self write
        #       by users read
        #       by anonymous auth
        #
        # if no access controls are present, the default is:
        #       Allow read by all
        #
        # rootdn can always write!
        #######################################################################
        # ldbm database definitions
        #######################################################################
        database        ldbm
        suffix          "dc=localhost,dc=localdomain"
        #suffix         "o=My Organization Name,c=US"
        rootdn          "cn=Manager,dc=localhost,dc=localdomain"
        #rootdn         "cn=Manager,o=My Organization Name,c=US"
        # Cleartext passwords, especially for the rootdn, should
        # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
        # Use of strong authentication encouraged.
        rootpw          bearfoot
        # The database directory MUST exist prior to running slapd AND 
        # should only be accessible by the slapd/tools. Mode 700 recommended.
        #directory      /usr/local/var/openldap-ldbm
        directory /var/lib/ldap
        # Indices to maintain
        index   objectClass     eq

Example: /usr/local/etc/openldap/ldap.conf

        # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.4.8.6 2000/09/05 17:54:38 kurt Exp $
        #
        # LDAP Defaults
        #
        # See ldap.conf(5) for details
        # This file should be world readable but not world writable.
        BASE    dc=localhost,dc=localdomain
        URI     ldap://localhost
        SIZELIMIT       0
        TIMELIMIT       35
        DEREF           never

Example: LDAP startup script for Linux/Solaris

        # Place in /etc/rc2.d/S99ldap
        if [ -f /usr/local/etc/openldap/slapd.conf -a -x /usr/local/libexec/slapd ]; then
                /usr/local/libexec/slapd
        else
                echo $0: "Error Starting Standalone LDAP Server"
        fi

SEE ALSO

ldapadd(1),ldapdelete(1),ldapmodify(1),ldapmodrdn(1),ldappasswd(1),ldapsearch(1),ud(1)

AUTHOR

Patrick V. Rafferty Bearfoot Computer Consulting, Inc. <pvr@if.uidaho.edu>

TERMS

Released under GNU General Public License